hi

I have any results with a post search 

if i execute the inline search it works perfectly

Try to add _time field in your base search fields. Like this:

<search id="test">
    <query>index=tutu sourcetype="ica" $source$ $type$ $domain$ $site$ $ezconf$ | fields _time ica_latency_last_recorded ica_latency_session_avg idle_sec site host</query>
    <earliest>-7d@h</earliest>
    <latest>now</latest>
  </search>

whether I add _time or not I have now something very strange

I i run te dashboard wwith the base search now i have a value for the field "Latence moyenne (ms)" for yesterday and today only

But if i un the search inline I have results for all the last 7 days!!

How is it possible?

It sounds like a bug no? Or data lost?

Which version of splunk are you using?

Splunk Enterprise
Version :7.3.7.1

Build :d3f7cf7c5493

I cant cause RGPD but i confirm you that I have events

Presumably you have _time as one of the fields, even after the additional search?

no

her eis the inline search which works fine

index=tutu sourcetype="toto" $source$ $type$ $domain$ $site$ $ezconf$ 
| fields ica_latency_last_recorded ica_latency_session_avg idle_sec site host
|search idle_sec < 300 
| timechart span=1d avg(ica_latency_last_recorded) as "Latence moyenne (ms)" 
| eval "Latence moyenne (ms)"=round('Latence moyenne (ms)',0) 
| eventstats avg("Latence moyenne (ms)") as Moyenne 
| eval Moyenne=round(Moyenne,0)

I can't repeat any problems with 7.3.3 in this regards. The only thing I can think of is that ica_latency_session_avg is non-numeric.