I am trying to pull some data from splunk through its API. My config has max_count of 1, search string with index, exec_mode is oneshot (Because of the nature of the design), earliest and latest and within 2 mins, output_mode is json. Response time is at a minimum 12 seconds. Is there anything that I can do better to make it better?
I tried adding more filters to the search query and tried reducing the time to a min. I have tried other normal and blocking exec_modes.