I am searching through a week worth of flow logs to check if an IP is in existents or not, however whenever there's a match, the query will still continue consuming resources and time.
How do I query and return only the latest event matching an IP address
I have set limit = 1, but the query still continues.
sample query:
filter isIpv4InSubnet(srcAddr,"127.0.0.1/32") | limit 1
