Hi,

I'm having trouble viewing results of my search query on dashboard panel.
My dashboard panel reflects the result of the value passed through dropdown, instead of showing result.

<form>
  <label>Builds Running in TeamCity and Jenkins</label>
  <description>Identify Jobs running in Team City and Jenkins that do not have authorization in MFT File</description>
  <search id="baseS">
    <query>
    <![CDATA[query]]>
  </query>
  </search>
  <fieldset submitButton="false">
    <input type="dropdown" token="tknhost" searchWhenChanged="true">
      <label>Select Host</label>
      <choice value="*">All</choice>
      <default>*</default>
      <initialValue>*</initialValue>
      <fieldForLabel>host</fieldForLabel>
      <fieldForValue>host</fieldForValue>
      <search base="baseS">
      <query> fields * | stats count by host </query>
      </search>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>Test Panel</title>
      <single>
        <search base="baseS">
          <query>| search host=$tknhost|s$ | table host, vcsRoot, ORG, suspicious </query>
        </search>
        <option name="drilldown">none</option>
      </single>
    </panel>
</row>
</form>

I expect my 'Test Panel' to show result in a table of 4 columns, however, it just shows me a single value that is passed in $tknhost$

I needed few insights as to why this could be happening?

I did some searching on web, and i included most of the suggestions in my form, such as including fields in my search so that it is picked in smart mode, which apparently is default search mode for dashboards.
Also, I can see the result not being reflected in smart search, but gets reflected in verbose mode only. However, when I inspect my panel it gives me message like:
This search has completed and has returned 445 results by scanning 778,734 events in 109.715 seconds
The following messages were returned by the search subsystem:
info : [subsearch]: Search auto-finalized after time limit (60 seconds) reached.

If it did returned results why was it not reflected on dashboard panel? I feel very confused from all the trouble-shooting and unable to reach to any conclusion. Any suggestions to achieve this objective are welcome.

PS: Or Could it be that I have a poorly written base query?

Query:

 (index=teamcity source="ORGINVENTORY") OR (index=jenkins source="ORGINVENTORY")
  | rex field=_raw "(?ms)^(?:[^;\n]*;){6}(?P<ORGANIZATIONINVENTORY >[^;]+)" offset_field=_extracted_fields_bounds
  | dedup ORGANIZATIONINVENTORY 
  | append [ search (index=* OR index=_) index=teamcity sourcetype="teamcity:vcs" jetbrains.buildServer.VCS 
  | rex field=_raw "(?ms)^(?:[^\"\\n]\"){3}(?P<vcsRoot>[^\"]+)" offset_field=_extracted_fields_bounds 
  | search vcsRoot=*git* 
  | dedup vcsRoot 
  | eval connectionType = case(like(vcsRoot, "git@%"),"ssh", like(vcsRoot, "http%"),"https") 
  | eval customSSH=case(connectionType=="ssh",'vcsRoot') ,customHTTP=case(connectionType=="https",'vcsRoot')
  | makemv delim="/" customHTTP 
  | makemv delim=":" customSSH 
  | eval customSSH=mvindex(customSSH,1) 
  | makemv delim="/" customSSH 
  | eval ORG=case(connectionType=="https",mvindex(customHTTP,2),connectionType=="ssh",mvindex(customSSH,0))
  | dedup ORG
  ] 
  | eventstats values(ORGANIZATIONINVENTORY) as ORGANIZATIONINVENTORY
  | search ORG=*
  | eval suspicious = if(ORG=ORGANIZATIONINVENTORY, "No", "Yes")
  | table ORG, ORGANIZATIONINVENTORY , suspicious