Hi mmodestino, thank you for your information.
The app, Meta woot!, doesn't work from my environment even the Splunk version is matched to the requirement. However, I captured some searches from the URL, basically, it uses "... index=&form.sourcetype=&form.host=*&form.filter=where%20recentTime>(now()-86400)&form.latency=latency> ... ", this will be very slow. And the tstats query always return 15 records from os and main indexes regardless the timerange.
| tstats count min(_time) as firstTime, max(_time) as lastTime, max(_indextime) as recentTime by host, sourcetype, index
... View more