Moving along, in Splunk version 6.2, the simple XML <searchString>, <searchTemplate>, <searchName>, and <searchPostProcess> elements are replaced by the new <search> element.

The following is a (two panel) dashboard using the <search> tag and the stats command in version 6.2 to deal with post-processing limitations. First, the query (the search) is defined at the dashboard level (not within any panel). This is our base search (notice the search ID):

<dashboard> <label>Dashboard with post-process search</label> <!-- Base search cannot pass more than 10,000 events to post-process searches--> <!—This dashboard uses the stats transforming command --> <!-- This limits events passed to post-process search --> <search id="baseSearch"> ...