Actually it is text kind of file and i have given custom sourcetype as java. No it dont have extractions runing. Search running in smart mode. Nothing is running on machine. Not even monitoring of file, just doing search.
Job inspector shows:
Command. Search takes more time , in that command.search.filter 285 sec
Command.search.rawdata 200 sec
Dispatch.fetch 1072 sec
Dispatch.localsearch n dispatch.stream.local also taking more time
My search query is
Sourcetype=java "w(0×40D9)" | fields + source | fields - _raw, _time
... View more