Is there a fast way to count all logging systems to a certain index?
Currently I use the "stats" command with the "distinct_count" and it is very slow on that index.
index=windows | stats distinct_count(system)
The field system is a field in log?
Narrowing your search time window will help. See if this is any faster:
index=windows | dedup system | stats count(system)