I am using dedup in my search and my time criteria is real time. The events are coming every minute but the results are not changing at top of the minute. I have turned on defaultbackfill option to fill the result very first time with the historical data. The data is getting refreshed when the current results fall out of time window i.e. after 5 minutes. And it shows again the oldest data in the window. Because of that data refresh every minute then on as the last result falls out of window.
index="summary" source="transactionrate" | dedup site
I am seeing the latest result if I don't use the dedup command.