Thank you for sharing the details.Your prompt response is greatly appreciated. how many events are being processed:  124,878 events i Duration: 184.767 seconds  How many indexers are searching this data: One index(asvservices) Please help me on improving the performance and duration time should be 15 to 20 seconds Query: index=asvservices authenticateByRedirectFinish (*) | join request_correlation_id [ search index= asvservices stepup_validate ("isMatchFound\\\":true") | spath "policy_metadata_policy_name" | search "policy_metadata_policy_name" = stepup_validate | fields "request_correlation_id" ] | spath "metadata_endpoint_service_name" | spath "protocol_response_detail" | search "metadata_endpoint_service_name"=authenticateByRedirectFinish | rename "protocol_response_detail" as response   ... View more

If I run the query for 20 hours time frame taking longer time and calling events are 2,72,000 .I need the search results in lesser time like 20 seconds.How to simplify the query for getting the result in 15 to 20 seconds. ... View more

By using join in the query impacting the performance.What is the alternative way with out using join in the above query ... View more

By using join in the query impacting the performance.What is the alternative way with out using join in the above query ... View more