I want to run a search against a slow index, with a lot of data. I am not an admin, and can not engage acceleration. I am looking for the most efficient way of getting the panels to populate. I was thinking that would be to do a base search that included all that I was looking for, and then have the sub-searches pull what I was specifically looking for from the main search. For instance...

The main search might look like:

<dashboard>
  <label>Really Great Dashboard</label>
  <description>Woo Hoo!</description>
    <search id="base">
      <query>
        index=thatIndex  sourcetype="thatSubtype" (RandoFieldName=1 OR RandoFieldName=2 OR RandoFieldName=3)
      </query>
    </search>

I would use that as the starting point. Then the dashboards would have:

<search base="base">
  <query>
  | search RandoFieldName=1
  | stats  count by RandoFieldName=1
  | where count>10
  | stats dc(RandoFieldName=1)
  </query>
</search>

But, when I try to get that to work, I end up with the search gobbling up a large amount of disk space, or if I remove the "|search" from the query, I get either an error, or a zero.

I figure that I am close, but I don't know what I am doing wrong. I have tried to google for an answer for this, but I seem to be asking with terms that are not producing the results that I am looking for. Some are close-ish, but none are hitting the mark. If someone could point me in the right direction, it would be appreciated.