I'm comparing in event1 from indexA is existing in indexB.
Currently I am using join in comparing this two indexes but it is slow when a lot of data exist.

Is there a more faster and efficient way in achieving this result?

index=indexA 
        | eval indexA_message_id = Message_ID
        | join type=outer Message_ID
    [ search index=indexB
    | eval indexB_message_id = Message_ID 
    | fields Message_ID mdh_message_id]
| where NOT indexA_message_id=indexB_message_id
| table Transaction_Type indexA_message_id