I have this search:

host=app-dev-001 rehire OR terminating OR new_hire OR "changes supervisor" | convert timeformat="%Y-%m-%d %H:%M:%S" ctime(_time) AS date | sort date | table date rehire term_user new_hire super_change

and I get results:

date    rehire  term_user   new_hire    super_change
4/9/20 17:31        okaalsnd        
4/9/20 17:31        nineanls        
4/9/20 17:31        mcahmcui        
4/9/20 17:31        ogrga       
4/9/20 17:31        arjsgasp        
4/9/20 17:31        cbldenia        
4/9/20 17:31        rekenid     
4/9/20 17:31        luchgoja        
4/9/20 17:31        uhsig       
4/9/20 17:31        huanecdc        
4/9/20 17:31    erni            
4/9/20 17:31            stlieez.    
4/9/20 17:31            tmaonlhe.   
4/9/20 17:31            joedbers.   
4/9/20 17:31            inbhdrre.   
4/9/20 17:31            grarcacm.   
4/9/20 17:31            2loj.   
4/9/20 17:31            vavmeass.   
4/9/20 17:31            wuelnjoo.   
4/9/20 17:31    mhabin          
4/9/20 17:31    cleadmra            
4/9/20 17:31    nenahna         
4/9/20 17:31    nbveteen            
4/9/20 17:31                (sonaliue) changes supervisor from enfkaoi/id=83802 to fakesuper/id=42
4/9/20 17:31                (adkcuohh) changes supervisor from mhanaesr/id=134685 to fakesuper/id=42
4/9/20 17:31                (kvganeng) changes supervisor from nbynae/id=88564 to fakesuper/id=42
4/9/20 17:31                (ccncecpo) changes supervisor from hkdywaav/id=68086 to fakesuper/id=42
4/9/20 17:31                (jefai) changes supervisor from gawzignh/id=1163 to fakesuper/id=42
4/9/20 17:31                (uralsa) changes supervisor from rjajaaay/id=527197 to fakesuper/id=42

But when I click on the visualization table I get an empty graph.