We doing a search on index again a one field
index=cog-nativedatastore-nonprod AND source="/logs/uamdsgl/nds-app-subscription-service/splunk-integrator/splunk-application." | search tracking.system=itrac
When inspecting the job
This search has completed and has returned 4,025 results by scanning 106,856 events in 9.964 seconds.
I believe this is slow. The internal Splunk SME mentioned that the field I searched on is already indexed based on the screenshot below. Is there any other way to improve the performance on this search?
... View more