Hello! Could somebody please suggest if it is possible to do a map search search more effectively? What I am trying to do: 1. there are events with client transactions. A huge list (thousands every second). 2. I search for transaction chains, which are suspicious by some conditions for last hour 3. If a transaction chain is suspicious, I make a longer search (last 3 weeks) because some operations do not fit into the last hour. I basically do the same calculations, but with longer time interval and with more strict conditions The following search works, but it takes several minutes and sometimes cancelled due to timeout:           <MY_SEARCH> | stats first(orgCode) AS orgCode first(accountId) AS accountId sum(amount) AS totalAmount sum(controlAmount) AS totalControlAmount by transactionChainRef | where totalControlAmount>0 and totalControlAmount<totalAmount | map search="search <MY_SEARCH> AND message=\"*transactionChainRef\\\":$transactionChainRef$*\" earliest=-3w | eval orgCode=$orgCode$ | eval accountId=$accountId$ | eval totalControlAmount=$totalControlAmount$ | stats first(orgCode) AS orgCode first(accountId) AS accountId sum(amount) AS totalAmount first(totalControlAmount) AS totalControlAmount by transactionChainRef | where totalControlAmount<totalAmount " maxsearches=9999           Unfortunately I cannot make query right away for the last 3 weeks because there will be still transaction chains, which may go outside of the 3 weeks (a chain has finished, say, 2.5 weeks ago; its start may be 5.5 weeks ago). My idea currently is to make a map search by chunks, for example, by 100 transactionChainRefs Thanks in advance! ... View more