Hi,

We have a datamodel built against application data. All the tstats searches against the DM were running fine, including the ones using summariesonly=true.

I was noticing some discrepancy between data model and raw data when plotting timechart for the exact same time range. Checked on the Data Model and found _time field was not added. But after adding that and re-accelerating the data model, now i cant use summariesonly=true. No results are returned. 

I do get data back without summariesonly=true. 

What could have gone wrong here?

UPDATE

I am able to search using  summariesonly=true (Maybe DM needed more time to regenerate) but now I see massive difference in counts between  summariesonly=true. Vs false. Data with false closely matches the raw data stats. Before that _time change, even  summariesonly=true was matching the counts precisely. 

I see the _time field is set to "required" in the model but I don't think that would be preventing certain events from going into summary. All events in raw data do have default _time field. 

Am I missing some key fact here on how summary calculation might have changed with addition of this _time field?