I am using the following search to extract the time usage of the internet by user report:
index = "cisco_wsa" SourceType = "cisco_wsa_squid" | transaction user maxpause = 5m | stats sum (duration) the Duration by CN | sort -Duration | Lookup light_atributos_principais CN OUTPUT User, Company, CostCenter, DepartmentNumber, OR | Duration fieldformat tostring = (duration, "duration") | eval Superintendencia = substr (DepartmentNumber, 0, 2) | search DepartmentNumber = "LTO" | head 10 | sort -Duration | CN rename the Matricula, the Company Company CostCenter the "Cost Center" DepartmentNumber the Department, the OR Management | User table, Matricula, Company, Department, Management, "Cost Center" Superintendencia, Duration
The report is created without problems, but I cannot speed the same, and he acabanão generating the data altogether. what I should do to improve the performance of the report?
... View more