I'm comparing in event1 from indexA is existing in indexB.
Currently I am using join in comparing this two indexes but it is slow when a lot of data exist.
Is there a more faster and efficient way in achieving this result?
index=indexA
| eval indexA_message_id = Message_ID
| join type=outer Message_ID
[ search index=indexB
| eval indexB_message_id = Message_ID
| fields Message_ID mdh_message_id]
| where NOT indexA_message_id=indexB_message_id
| table Transaction_Type indexA_message_id
