Below is a search I am using in a dashboard in a HiddenSearch module:
search index=techsecu_summary source="Top-Internet-connection-permitted" | top asa_srcip, asa_dstip, asa_dstport | eval Connection="(" . asa_srcip . ", " . asa_dstip . ", " . asa_dstport . ")" | fields Connection, count, percent
The dashboard shows "No results found."
When I hit "Inspect", I get a message like this:
This search has completed and found 11,549,745 matching events. However, the transforming commands in the highlighted portion of the following search:
the search string shown above with everything after the first | highlited.
over the time range:
[12/8/13 12:00:00.000 AM – 12/13/13 11:10:30.000 AM]
generated no results.
But if I copy the search string to the "search" app and run it over the same time period (Week to date), I do get results.
Looks like I am missing something really simple but I am not able to see. Your insights are much appreciated.