Leveraging SearchNow in Summary index to boost query performance

Description:
As a general practice to get the latest data from Summary index, the developer will fire a command to fetch the latest of each field (by latest command. Eg. latest(field1), latest(field2), etc.).
This a performance killer and the approach can be changed to leverage the already available field “”SearchNow”” in the query.

Speaker:
Gauri Bansode

Day and Time:

The Community of Splunk Enthusiast