We had PS create a report but, I can't seem to figure out what setting he set to show a time base chart without a time-based command.   He didn't use dashboard.   The graphic only shows on the report?  I want the ability to do similar type of visualization but, I can't figure what setting cause the visual output.

<row> <panel depends="$tok_tab_1$"> <table> <title>Alerts Fired</title> <search> <query> index=_audit action=alert_fired | rename ss_name AS Alert | stats latest(_time) AS "Event_Time" sparkline AS "Alerts Per Day" count AS "Times Fired" first(sid) AS sid by Alert | eval Event_Time=strftime(Event_Time,"%m/%d/%y %I:%M:%S %P") | rename Event_Time AS "Last Fired" | sort -"Times Fired" </query> <earliest>$time.earliest$</earliest> <latest>$time.latest$</latest> </search> <fields>Alert, "Last Fired", "Times Fired", "Alerts Per Day"</fields> <option name="count">10</option> <option name="dataOverlayMode">heatmap</option> <option name="drilldown">cell</option> <option name="rowNumbers">false</option> <option name="wrap">true</option> <drilldown> <set token="sid">$row.sid$</set> <unset token="tok_tab_1"></unset> <set token="tok_tab_2">active</set> <set token="tok_display_dd"></set> <set token="Alert">$row.Alert$</set> <link target="_blank">search?sid=$row.sid$</link> </drilldown> </table> </panel> </row> <row> <panel depends="$tok_tab_2$"> <table> <title>$Alert$</title> <search> <query>| search?sid=$sid$</query> <earliest>$earliest$</earliest> <latest>$latest$</latest> </search> <option name="drilldown">none</option> <option name="refresh.display">progressbar</option> </table> </panel> </row>     In the code above the below line works correctly opening a new search tab with the Alert search query. <link target="_blank">search?sid=$row.sid$</link> I would like to know how to have this same functionality, but within a token so I can keep it on the same page within another table.