I have this query that matches two types of events, sending a request and receiving an answer. My goal is to take the time both of these happens to see how long the question/answer process takes:   index = "application" ("request sent" OR "answer received") | rex field=_raw ".*\s+:\s+(?<label>\w+).+\s+(?<guid>[a-z\d-]+)$" | eval status=if(label="answer","complete","start") | eval start_time=if(status="complete",null,_time), end_time=if(status="complete",_time,null) | stats min(start_time) as startT, min(end_time) as endT by guid | eval exportTimeInMinutes=abs(end_time-start_time)/60    This query works fine and I use it as a template for others. But the problem I am having is that I want to see a screen stats table which includes the exportTimeInMinutes column. When I first write this query I got back a table with 4 columns: guid, startT, endT and exportTimeInMinutes However, when I come back into the page in a future session I no longer see the last column. Sometimes refreshing the page allows it to show up, other times it does not. Is this a bug (or even worse... a feature)? ... View more