I have a search counting distinct values of a field "u" (see first screenshot below) which used to work fine, but now shows 0 distinct values of "u" for all but the most recent 2 days.
If I restrict the search to a subset of the events based on sourcetype then it works fine (in particular confirming that there should definitely have been more than 0 distinct values of u in the results above too!). The first search above also works fine if I just run it over e.g. the first two days of the last week. The volume of events has increased in the last couple of days, but we're still talking relatively small (285k events in the week that I'm searching over)
