When I search this on its own it comes up with what I need but when I put it into the Dashboard it comes up with " Awaiting Data Input"

(index=windows_* OR index=win*) (sourcetype="wineventlog:security" OR source="wineventlog:security" OR sourcetype="xmlwineventlog:security" OR source="xmlwineventlog:security" OR sourcetype="wineventlog*" OR source="wineventlog*" OR sourcetype="xmlwineventlog*" OR source="xmlwineventlog*") signature_id IN (4720 4722 4725 4726 4738) Target_Account_Name!=*$ Subject_Account_Name!=*$
| eval signature=coalesce(signature, EventCode_Description)
| eval Computer_Name=coalesce(Computer_Name,ComputerName,Computer)
| eval New_Message=coalesce(Message,message,body,EventData_Xml)
| stats count earliest(_time) as earliest latest(_time) as latest values(Computer_Name) as src values(signature) as signature values(signature_id) as signature_id values(Logon_ID) as Logon_ID values(TaskCategory) as Task_Category values(Device_Name) as device by dest, Subject_Account_Name, Target_Account_Name, host
| convert timeformat="%m/%d/%Y %H:%M:%S" ctime(earliest)
| convert timeformat="%m/%d/%Y %H:%M:%S" ctime(latest)
| fields count earliest latest Target_Account_Name Subject_Account_Name signature signature_id dest host src Logon_ID Task_Category

Any  ideas?