Hi,
Each day I receive millions of events of type "video_view". These logs are taken for hundreds of thousands of videos.
index="main" action="video" | stats count as views by video_name | sort -views | head 1000
index="main" action="video" | stats dc(user) as views by video_name | sort -views | head 1000
As you can see, we need to table both views and distinct user views with the video names. What is the best way to approach a very fast loading version of these? We have previously gone with accelerated searches, but due to the massive amount of data (logs and different names of videos), this still takes minutes to load at times.