I'm running a search and I've noticed that there are a ton of additional sourcetypes (like f5_bigip:, pan:, WMI:*) being added into my search. I assume this has something to do with CIM compliance by our Splunk admins.
Is there any way that I can prevent these additional sourcetypes from being added to my search? I do not have administrative permissions, so is there something that I can add into my search query?
My search has nothing to do with those sourcetypes and my index does not contain data that's relevant to that. I am worried that it may degrade the performance of my query, which is sparse and already a bit slow.