Hi Folks,

i have a requirement to create relevant query in Splunk to retrieve daily count of records from Kafka server for all topics disctintively along with total records.

Below is my Query it runs though but is very slow to process.

Can you please help me to accelerate the data in populating :

index=blc_db sourcetype=jmx EventType="messages"
| where IN(mbean_property_topic,"ciot_pdx_vision_er_gorr_modify","ciot_pdx_vision_er_gorr_subscription_account","ciot_pdx_vision_er_gorr_transaction","ciot_pdx_vf_sharepoint_group_tac_list","com_vodafone_smartlife","com_witsoftware_vodafone_smartlife","android_com_vodafone_smartlife","android_com_crvsh_vodafone_smartlife","prod_ciot_mongo","ciot_pdx_unipart_dispatches_uk","ciot_pdx_vf_italy_liveperson","ciot_pdx_mongodb_flow_orchestrator_transaction","ios_com_vodafone_smartlife","ios_com_crvsh_vodafone_smartlife","my_com_maxis_smartlife","android_my_com_maxis_smartlife","ios_my_com_maxis_smartlife","ciot_pdx_vss_events","ciot_pdx_vss_events_detailed","ciot_nginx_cg_01","ciot_pdx_chatlingual_full","ciot_pdx_vision_er_gorr_refund")
| bin _time span=1d
| stats range(Count) as countPerHost by host, _time, mbean_property_topic
| stats count(host) as hostCount, sum(countPerHost) as totalCountPerDay by _time, mbean_property_topic