OK, so I've been working away on this one for a little while now and can't see what I've missed. I've created a base search, but it doesn't return any results. Rather, it reads "No search query provided", please refer following code sample:
<form>
<label>AV Dashboard</label>
<fieldset submitButton="false">
<input type="time" token="time_token">
<label></label>
<default>
<earliest>-24h@h</earliest>
<latest>now</latest>
</default>
</input>
<input type="text" token="event_desc_token" searchWhenChanged="true">
<label>Event Description</label>
<default>*</default>
</input>
<input type="text" token="user_token" searchWhenChanged="true">
<label>User</label>
<default>*</default>
</input>
</fieldset>
<search id="baseSearch1">
<query>
index=sec_antivirus sourcetype="antivirus:symantec:ids" Event_Description="$event_desc_token$" user="$user_token$" | fields *
</query>
<earliest>$time_token.earliest$</earliest>
<latest>$time_token.latest$</latest>
</search>
<row>
<panel>
<title>All Events</title>
<single>
<option name="drilldown">none</option>
<option name="colorBy">value</option>
<option name="colorMode">none</option>
<option name="numberPrecision">0</option>
<option name="showSparkline">1</option>
<option name="showTrendIndicator">1</option>
<option name="trendColorInterpretation">standard</option>
<option name="trendDisplayMode">absolute</option>
<option name="useColors">0</option>
<option name="useThousandSeparators">1</option>
<option name="linkView">search</option>
<search base="baseSearch1">
<query>stats count</query>
</search>
</single>
</panel>
</row>
</form>
Please help.
many thanks,
P
