I'm utilizing a data set of vulnerabilities that I need to show in a table in my report, it looks like ODTS app is perfect for what I need, however I am having trouble populating the fields of a custom table using the "dump_two_tables.odt" report template.

My search string is something like:

index=vulns ip=192.168.1.1 | table ip, cve, severity | eval table="table_176" | append [search index=solutions ip=192.168.1.1 | table cve, solution | eval table="table_176solution"] | docgen -key=table -tfile=dump_two_tables.odt

I've modified the table and comments in the template with:

"do row for event in table_176" and "do row for event in table_176solution" in the comments
event['ip'] event['cve'] event['severity'] event['solution'] in the table

My results are two tables with what appear to be the correct number of rows, but filled with the "event['ip']" strings from the template rather than the field information from my search. What am I missing? It seems like I'm this close to having it exactly how I envision it