There are three levels or types of indexing: IndexNone, IndexKeys and IndexValues:

IndexNone:
This type of index is not really an index at all. Index entries with IndexNone level exist only to define and document the meta key. IndexNone entries can be used in Decoder indices to enforce a specific data type for a meta key across all the parsers on a Decoder. These meta keys do not take up space within the index database. Meta keys with this index type cannot be used in queries but the meta is still available for viewing on a session.

IndexKey:
IndexKey is an indication that the index will only keep track of sessions that contain meta items that are stored with this meta key name. However, it will not index any unique values in the meta database for the meta key. Meta keys with this index type generally can only have certain types of queries ran against them (equals, not equals, exists, not exists).

IndexValues:
IndexValue indexes each individual unique value for the meta key. Compared with IndexKey it is needed for efficient processing of where clause in query/value calls and can be queried for all the different types of clauses (equals, not equals, begins, ends, contains, exists, etc.).

In the NetWitness UI there will be significant difference between IndexKeys and IndexValues. IndexKeys will always come up in a closed state, which has positive effect when rending the first investigation page.  IndexValues comes with an expanded state. Behind the scene, meta keys with IndexValues is querying each meta key, this has negative effect when rending the first investigation page, but speed up the drills downs later. 

Therefore, depending on where we see query slowness – either on the first time opening the investigation page, or the subsequent customer drilling – we can change the index key level setting to tune the performance. If there are further questions about index types concerning performance, please open a NetWitness Support case for more assistance.