Hi:

I am testing out the new dashboard options with Dashboard Studio, and I am a bit confused as to how a feature works.  I want to use a base search 'index=nginx source="/var/log/nginx/access.log"', I have that setup in DataSource.  I then want to chain that to multiple modifiers.  For this end, I added a Chain search '| stats count by status', linked to the Parent Search above, I also created another chain search '| search splunk*' for some testing.

If I create a dashboard panel graph (pie), and link it to the stats search, it says it can't find any data 'Search ran successfully, but no results were returned'.  If I click the magnifying glass from that, it returns results.

If I have a table panel, and use the splunk search chain search, it finds results.  If I have a chained search that uses '| search site=splunk*', despite that field existing, it finds no results, but the magnifying glass does.  Can auto extracted fields not be used in this manner?

The data in the source logs are all in the format <key>="value" for easy auto extraction of the fields.

Thank you for any assistance/information you can provide.