I am looking to optimize my kusto query which is getting timeout in 10 mins. I have to usually run it for a week period so there is less limit on the time

AzureDiagnostics 
| where TimeGenerated between (startofday(datetime("2022-03-26")) .. endofday(datetime("2022-04-04")))
| where Category == 'kube-audit'
| where log_s hasprefix '"code":2'
| where (strlen(log_s) >= 32000
and not(log_s has "aksService") 
and not(log_s has "system:serviceaccount:crossplane-system:crossplane")
and not(log_s has "system:serviceaccount:elastic-system:elastic-operator")
and not(log_s has "system:serviceaccount:kube-system:daemon-set-controller")
and not(log_s has "system:serviceaccount:kube-system:deployment-controller")
and not(log_s has "system:serviceaccount:kube-system:endpoint-controller")
and not(log_s has "system:serviceaccount:kube-system:node-controller")
and not(log_s has "system:serviceaccount:kube-system:replicaset-controller")
and not(log_s has "system:serviceaccount:kube-system:statefulset-controller"))
or strlen(log_s) < 32000
| extend op = parse_json(log_s) 
| where not(tostring(op.verb) in ("list", "get", "watch"))
| where not(tostring(op.user.username) hasprefix "system:")
| where not(tostring(op.user.username) in ("hcpService", "aksService", "aksProblemDetector", "readinessChecker", "nodeclient", "masterclient"))
| where not(tostring(op.requestURI) in ("/apis/authorization.k8s.io/v1/selfsubjectaccessreviews"))
| extend user = op.user.username
| extend decision = tostring(parse_json(tostring(op.annotations)).["authorization.k8s.io/decision"])
| extend requestURI = tostring(op.requestURI)
| extend name = tostring(parse_json(tostring(op.objectRef)).name)
| extend namespace = tostring(parse_json(tostring(op.objectRef)).namespace)
| extend verb = tostring(op.verb)
| project TimeGenerated, SubscriptionId, ResourceId, namespace, name, requestURI, verb, decision, ['user']
| order by TimeGenerated asc