Good afternoon everyone,

I'm a fairly new Splunk user so apologies for anything I miss while writing this up. For some reason our dashboard for the Q-Audit App, Qmulos, is no longer working. The dashboard used to while processing auditing changes for the last 7 seven days, would at least show the data that was already processed while loading the rest of the week. Now while searching it will only show 0 of however many events matched, until eventually resulting in no results found. I cannot even use the query to find the old data from weeks ago when it did work successfully. The dashboard was created by another user who no longer works here. I tried cloning the dashboard myself to see if it was possibly a permissions issue but that did not resolve it. The dashboard itself was essentially auditing users initializing applications in a graph of who initialized what application and how they did so. I cannot think of any possibly changes we made that would cause this. 

Dashboard query:

| tstats prestats=true summariesonly=false allow_old_summaries=false count as "count(Process)" FROM datamodel=Q_Application_State WHERE (nodename=Application_State.tag"=*) BY _time span=1s, host, "Application_State.process", "Application_State.src_user", "Application_State.user"
| stats dedup_splitvals=t count AS "count(Process)" by _time, host, Application_State.process, Application_State.src_user, Application_State.user