Hardcoded Index in Dashboard Panel

[kaihangaverdener]

Thank you for creating this super interesting app.

There's a hardcoded index=windows statement in the search of the Computer Investigator dashboard Logging Data distribution panel.

| tstats count WHERE index=windows AND (host=*) by _time host sourcetype span=15m | timechart span=15m sum(count) by sourcetype

Is that intentional or should it be the windows macro instead?

[dstaulcu]

good catch! found an additional case and submitted PR #119 having proposed solution.