Can you make a more generic search, that could handle them all at once, instead of using appends?
It would be more efficient and faster.
Or on recent spunk, if you need to append, take a look at the alternate command union.
instead of "| append" try " | union " to run sub searches in parallel instead of serialized.
search 1 | union [ search 2 ]
https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Union
... View more
There is no built-in function that does that. You'll need an external command (which come in apps). Most apps are open-source so you can see if your data is at risk.
... View more