How to extract new fields from a datamodel without deaccelearting it?

Hi All, I have a datamodel "Authentication". This datamodel is already been accelerated.I require two more fields to be extracted from this datamodel. I have used the below query for excessive logins but does not seems to give results. Please advice. | from datamodel:"Authentication"."Failed_Authentication" | rex field=_raw "Result Code:\s+(?.*)" | rex field=_raw "EventCode=(?\d+)" | search 'event_code'=4768 AND 'result_code'=0x17 | stats dc(dest) as "dest_count",dc(user) as "user_count" ,count by "app","user"