This kinda sucks. I don't think it has ever worked though. Just one more thing in splunk that doesn't work and isn't supported by them. So far splunk has been the biggest waste of money ever.
You might want to contact the developer of the app directly if you're not having any luck here in the Answers community. Their contact info is in the bottom right panel of the app's page http://apps.splunk.com/app/491/
I cant open an item directly (in the search) from the actual dashboard. no items display.
here is the code: | tstats sum(bytesreceived) AS sbr sum(bytessent) AS sbs FROM pan_traffic WHERE earliest=-60m latest=now groupby app | eval sumBytes = sbr + sbs | stats values(sumBytes) AS Bytes by app