I see the same behavior when I tried looking at one of the S.O.S dashboards after upgrading to Splunk 6. While some fields (searchid etc) are auto extracted. The total_run_time, event_count are not.

5/9/14
2:16:53.552 PM

Audit:[timestamp=05-09-2014 14:16:53.552, user=splunk, action=search, info=canceled, search_id='1399670142.1517.xyz', total_run_time=2.75, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1399670142, api_et=1397026800.000000000, api_lt=1399670142.000000000, search_et=1397026800.000000000, search_lt=1399670142.000000000, is_realtime=0, savedsearch_name=""][n/a]
5/9/14
2:15:42.334 PM

Audit:[timestamp=05-09-2014 14:15:42.334, user=splunk, action=search, info=granted , search_id='1399670142.1517.xyz', search='search index=splunk', autojoin='1', buckets=300, ttl=600, max_count=10000, maxtime=8640000, enable_lookups='1', extra_fields='*', apiStartTime='Wed Apr 9 00:00:00 2014', apiEndTime='Fri May 9 14:15:42 2014', savedsearch_name=""][n/a]