I recently upgraded a Splunk environment from 3.4.x and the previous documentation included recommendations to disable typeahead for search performance and "data leakage" reasons.
Are these still valid concerns in 4.1.x?
From what I have seen in my install performance of type-ahead is a LOT better in 4.1.x and there is no need to disable it for that.
However the data leakage issue still exists if you are using search filters to restrict access to events between roles or users. Suggestions will include data that would be blocked in search filters. If you don't use search filters per role or user I would not worry about it however.
--- RJ