The syslog table in ServiceNow can grow significantly, and querying it with conditions like "Created on a specific day AND message contains 'SLA Breached'" can be slow due to full-table scans. Here’s how you can speed up your query:

Check Indexing

• Run this query in Scripts - Background to check if indexing exists:
  javascript

  CopiarEditar

  var gr = new GlideRecord('sys_dictionary'); gr.addQuery('name', 'syslog'); gr.addQuery('column_label', 'message'); // Check if 'message' field has an index gr.query(); while (gr.next()) { gs.info(gr.getValue('indexed')); }
• If it returns false or is empty, the field is not indexed.

Add an Index (If Needed)

• If "message" is frequently searched, request your admin to add a full-text index to improve text search performance.
• Ensure created_on has an index (most date fields in ServiceNow are already indexed).

Optimize the Query

• Instead of "message contains 'SLA Breached'", use "message LIKE 'SLA Breached'" to leverage full-text search.
• Try filtering by a shorter date range or limiting fields returned to reduce processing time.

Use Performance Analytics or Logs Aggregation

• If querying logs often, consider storing frequent queries in a separate indexed table for quick access.
• Use Performance Analytics snapshots instead of querying raw logs.

Check Query Execution Time

• Use Debug SQL (add &sysparm_query_debug=true in URL) to analyze query execution and see if it’s scanning too many rows.

Final Thought

Displaying 200 out of 80k records isn’t huge, but if the query runs on non-indexed text fields, it slows down. Optimizing indexes and using LIKE instead of CONTAINS should improve performance.

Hope this helps! If you found this useful, give it a thumbs-up!