I'm creating a dashboard that lets users input a comma delimited list of CVE's to search for.  I'm trying to display a table that shows the number of times each CVE was found.  I know how to display the number if the CVE was in the data but I'm struggling to find out how to display 0 for CVE's that aren't in the data.

I have a base query that uses tstats (since it runs against a data model) and I can run any additional SPL off the base query in the table panel.   The base query looks like this

<form>
  <label>Vulnerability Distribution</label>
  <init>
    <set token="tok_query">base</set>
  </init>
  <search>
    <query>| makeresults count=1 
| eval Vulnerabilities.cve=if("$cves$"=="*",null(),split($cves|s$,","))
| format
| eval search=if(search=="NOT ()","","AND ".search)
</query>
    <done>
      <set token="tok_query">$result.search$</set>
    </done>
  </search>
  <search id="base">
    <query>
      | tstats latest(Vulnerabilities.cve) as cves latest(Vulnerabilities.Vuln_Mgmt.vulnerability_name) as vulnerability_name max(Vulnerabilities.Vuln_Mgmt.age) as age
`vm_datamodel_default_filter` $tok_query$
by Vulnerabilities.Vuln_Mgmt.dest_ip,Vulnerabilities.Vuln_Mgmt.vulnerability_id
| rename Vulnerabilities.Vuln_Mgmt.* as *
</query>

the vm_datamodel_default_filter macro just has our normal filters (i.e. WHERE severity > 3 AND status=open...)

The panel query that shows the count for CVE's it found looks like this:

<panel>
  <title>Vulnerability Distribution</title>
  <table>
    <search base="base">
      <query>| stats latest(cves) as cves dc(dest_ip) as vulnerable_assets by vulnerability_id</query>
    </search>
  </table>
</panel>

I just can't figure out how to get the table to include 0 for CVE's not found.

Any help would be greatly appreciated