I am using the following iplocation query:-
index="filtered_uiauditlogs" | stats count(ip) as "Count" by ip | appendcols [search index="filtered_uiauditlogs" |iplocation ip | table Country,City,ip | dedup ip] |appendcols [search index="filtered_uiauditlogs" | stats avg(response_time) by ip ] | rename ip as "Client Ip" | rename avg(response_time) as "Avg Response Time(ms)"
When I execute this query for the Relative time frame (eg, last 15 min or All time), the following fields are shown as expected(Refer to image).
Client Ip, Count, Avg Response Time(ms), City, Country
But when I change the time frame to real time in time range picker, then it only shows 2 columns - Client Ip and Count only.
Please help me out with the same.
Refer to these screenshots
1 https://drive.google.com/file/d/15DGQdby-51hy1gGW-6AhcLvFbtuyuX9t/view?usp=sharing
2 https://drive.google.com/open?id=1-1RZtehBfSfBuhwmz3qwu49Zr6gDwXuj
... View more