Got it!! thanks. I just overlooked

Question:
1) In the source query, I have used JOIN which is quite expensive? are there ways in Splunk where I can use a common field to join two source without using a JOIN statement without being expensive?

Give this a try

index=bigfix sourcetype=software | eval Hashes_allow_or_deny = if((sha256_allow_or_deny=="*deny*") OR (md5_allow_or_deny=="*deny*") OR  (isnull(sha256_allow_or_deny) AND isnull(md5_allow_or_deny)),"Unauthorized","Authorized") |eval hashes = mvappend(md5,sha256)|append [|inputlookup asset_lookup] 
| stats values(computer_name) as Computer_Names,values(Hashes_allow_or_deny) as  Authorized/Unauthorized,values(fileName) as FileName,values(version) as Version, values(filePath) as FilePath values(hashes) as hashes by bigfix_computer_id search
|stats values(computer_name) as Computer_Names,values(Hashes_allow_or_deny) as  Authorized/Unauthorized,values(fileName) as FileName,values(version) as Version, values(filePath) as FilePath by hashes | chart count  over Computer_Names by Authorized/Unauthorized

I tried it and it did not pull up the results.

stats values(computer_name) as Computer_Names,values(Hashes_allow_or_deny) as  Authorized/Unauthorized,values(fileName) as FileName,values(version) as Version, values(filePath) as FilePath values(hashes) as hashes by bigfix_computer_id search

Why do you have search at end ?

The search keyword was there in your dashboard xml. If that was a type and only common field is bigfix_computer_id between your data and lookup, you can just do a simple lookup.

Try this now

index=bigfix sourcetype=software | eval Hashes_allow_or_deny = if((sha256_allow_or_deny=="*deny*") OR (md5_allow_or_deny=="*deny*") OR  (isnull(sha256_allow_or_deny) AND isnull(md5_allow_or_deny)),"Unauthorized","Authorized") |eval hashes = mvappend(md5,sha256) | lookup asset_lookup bigfix_computer_id OUTPUT ....put list of fields that you need from lookup for better performance...  
 |stats values(computer_name) as Computer_Names,values(Hashes_allow_or_deny) as  Authorized/Unauthorized,values(fileName) as FileName,values(version) as Version, values(filePath) as FilePath by hashes | chart count  over Computer_Names by Authorized/Unauthorized

Source Dashboard

List of Authorized/Unauthorized Softwares
This dashboard describes list of Authorized/Unauthorized Softwares by Computer Names

<panel>
  <table>
    <search>
      <query>index=bigfix sourcetype=software | eval Hashes_allow_or_deny = if((sha256_allow_or_deny=="*deny*") OR (md5_allow_or_deny=="*deny*") OR  (isnull(sha256_allow_or_deny) AND isnull(md5_allow_or_deny)),"Unauthorized","Authorized") |eval hashes = mvappend(md5,sha256)|join  bigfix_computer_id search [|inputlookup asset_lookup] |stats values(computer_name) as Computer_Names,values(Hashes_allow_or_deny) as  Authorized/Unauthorized,values(fileName) as FileName,values(version) as Version, values(filePath) as FilePath by hashes | chart count  over Computer_Names by Authorized/Unauthorized</query>
    </search>
    <drilldown>
      <link>list_of_filenames_by_hostname?form.computer_name=$row.Computer_Names$</link>
    </drilldown>
    <option name="wrap">true</option>
    <option name="rowNumbers">true</option>
    <option name="dataOverlayMode">none</option>
    <option name="drilldown">row</option>
    <option name="count">10</option>
  </table>
</panel>

Destination Dashboard

List of FileNames by HostName

<panel>
  <table>
    <search>
      <query>| inputlookup asset_lookup|search computer_name="$computer_name$" </query>
      <earliest>-30d@d</earliest>
      <latest>now</latest>
    </search>
  </table>
</panel>

Getting "Search is waiting for Input" not sure why?