I have a base search ("BaseSearch-SyslogsBro") that is scheduled to run daily in the morning which is utilized within a dashboard.

index=bro source=/opt/bro/logs/current/syslog.log | fields severity, asa_session, asa_code, id.orig_h, id.resp_h, msg_

Within the dashboard, I have different panels. In particular, I have one where I am hoping to show a timechart count by the severity field.

<form>
  <label>Syslogs Bro</label>
  <search id="base_search" ref="BaseSearch-SyslogsBro">
    <earliest>$field1.earliest$</earliest>
    <latest>$field1.latest$</latest>
  </search>
  <fieldset submitButton="false">
    <input type="time" token="field1">
      <label></label>
      <default>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </default>
    </input>
  </fieldset>
  <row>
    <panel>
      <chart>
        <title>Timechart</title>
        <search base="base_search">
          <query>| timechart count by severity</query>
        </search>
        <option name="charting.chart">area</option>
        <option name="refresh.display">progressbar</option>
      </chart>
    </panel>
  </row>
</form>

As mentioned before, the base search is scheduled to run daily, but also with Time Range of the last 24 hours. My problem is that currently, whenever I ran this dashboard, the timechart only displays results for the last 3-4 hours (Not the entire 24 hour frame).

Based on the code shown above and my base search, what am I doing wrong? Is there something wrong with my code/logic?

I appreciate any comments/guidance/hints.
Thanks,