The first thing to note about form dashboard optimizations is that the closer to the root search you can place tokens, the faster your searches will go, meaning that if we use our dashboard inputs to place tokens such as host source, source type, eventtype, or tag within the root search, then we will increase the performance of our searches.

For instance, let's take some dashboards from an app and break them down. I am going to choose the Citrix netscaler app because it's simplistic enough in nature. I'm going to use the Load Balancing Dashboard as the single page of focus within this app.

https://splunkbase.splunk.com/app/370/

The dashboard looks like the following screenshot: