Hi, I'm trying to email out a 24 hour report for the global protect activity page but it was greyed out, I understand that this is because of the form so I've cloned the dashboard (adding it in as a new item in the UI) and removed the form but now I just get "search is waiting for input..." in every panel on the new dashboard.

How do I specify a time period now I've removed the form if that's the issue?

My search string for the first panel is

| where
event_id="globalprotectgateway-logout-succ" OR
event_id="globalprotectgateway-regist-succ" | timechart values(count) by event_id
| eval event=event_id | rename
globalprotectgateway-regist-succ AS
"Login" | rename
globalprotectgateway-logout-succ AS
Logout

Thanks for any help, I'm still quite new to this so sorry if it's a silly question?

The end goal I'm after is the global protect activity dashboard, just for one firewall pair (we only have GP running on one and a test firewall anyway) and for last 24 hours emailed out once every 24 hours.

in the email report I just get Invalid earliest_time.

Cheers,
Steve.