Hello I have question regarding limiting the number of events on search to reduce the search time.

Currently, I'm trying to get summary of sourcetype for their eps(events per sec) and log stoppage.

Here is the query I'm using currently.

sourcetype=firewall:web1|head 10|stats sparkline count, first(_time) AS LastTime last(_time) as FirstTime values(index) AS Index values(sourcetype) AS SourceType |eval timediff=now()-LastTime|eval duration=LastTime-FirstTime|eval eps=10/duration|fields Index SourceType FirstTime sparkline LastTime duration eps timediff|convert ctime(FirstTime) ctime(LastTime)

Above query gives me the details of the logging activity and I have tried to reduce search time by applying |head 10
The problem is that I have dozens of sourcetype and would like to get the summary for all the sourcetype I have.
However, as I used sourceytpe=*, I can only get first few sourcetype because I have limited search for the first 10 events, not for 10 events per sourcetype.
Is there a way to limit number of events on search by fields such as index or sourcetype?
I've made dashboard with a table applying above query for each sourcetype (one table per sourcetype) but it's taking forever.
Any suggestion?