I have to prepare reporting dashboards in Splunk for which I used this query until now:
field1=GTIN_RECEIVED field2=NREC field3=*1234* field4=SNS
NOT
[search field1=MESSAGE_INVALID OR field1=GTIN_INVALID field2=NREC OR field2=PRODUCER field3=*1234* field4=SNS | dedup field5
| fields field5 ]
| dedup field5
| table field5
| rename field5 as gtin
The data size is huge now and the query takes too long to run which is becoming very difficult for me to generate dashboard.
Can someone pls help and simplify this query so that it takes minimal time.
... View more