Hi Team,
We could see Configuration changes Trellis populating data on Overview dashboards in Splunk App for Aws. But once we tried drilling it down to Resource Activity monitor, then there is no single panel which is populating data for the same.
We tried investigating search query for changes over time
aws-config-notification( (aws_account_id="*") , (region="*") ) configurationItem.resourceType=TERM(*) configurationItemDiff.changeType=DELETE | timechart count by configurationItemDiff.changeType

In this query all macros are working but query is failing at configurationItem.resourceType=TERM(*) configurationItemDiff.changeType=DELETE | timechart count by configurationItemDiff.changeType

Could you please help me to understand what actions do i need to take?
Also we did some trial and error basis troubleshooting like working with Field Aliases but it fails.
So we tried creating fields aliases for testing purpose which works with Search app but it is not working for aws app (we have rectified permission issue but dont think anything is wrong with it)