I need to search through all my events for a specific event where an item is being deleted. The time I am running the querey against is all of last month. So basically I am doing all esm, object = folder , all last month. But it has been running for like 3 hours and has not brought anything back. Is there a better way I should be doing these "big" searches?
Searching by object is going to be a text search which is going to take a long time as it won't be indexed.
Instead, try to find the signature ID preferably or even the normalized ID for the events you are looking for, even if you need to generate a known event on a known device to do it. Searching by signature will go a lot faster.