Hi,  My dashboard has a few text boxes and I'm trying to make the inputs as user friendly as possible. I came across multiple issues which I have solved with previous posts however, there is a conflict with the solutions that prevent me from implementing both at the same time.  #1 - If a text input is empty then that field should be ignored in the search. This can be fixed by adding a prefix and suffix  Ideally we can also input partial paths so there is also an implicit * character.  <input type="text" token="Get_Process_Path"> <label>Process Name or Path</label> <prefix>process_path="*</prefix> <suffix>*"</suffix> </input> https://community.splunk.com/t5/Dashboards-Visualizations/Evaluating-form-field-if-not-null/td-p/18164    #2 - Interpret back slash characters as text so we don't need to manually add \\ to every path. The |s filter for tokens fixed this.  process_path=$Get_Process_Path|s$ https://community.splunk.com/t5/Dashboards-Visualizations/How-do-you-escape-backslashes-in-user-input-and-then-use-that/m-p/142096    I can get both of these working on their own but not at the same time. Is there a way to do this or do I need a different approach?  Thanks. ... View more

https://docs.splunk.com/Documentation/ES/7.3.1/Admin/Listcorrelationsearches Hi, I'm using the searches mentioned in the documentation. There is a field named triggered_alert_count which gives me what I want but it returns the same number of alerts across all time ranges.    | rest splunk_server=local count=0 /services/saved/searches | rename eai:acl.app as app, title as csearch_name, action.correlationsearch.label as csearch_label, action.notable.param.security_domain as security_domain, triggered_alert_count as number_of_alerts | search app="SplunkEnterpriseSecuritySuite" | table number_of_alerts, csearch_label, app, security_domain, description   Ideally I would like to see the total number of alerts as far back as Splunk remembers. Thanks. ... View more