In the end I was successful by stopping splunk, renaming the existing tsidx file, restarting splunk and then running the SA-NetworkProtection postprocess.conf Vuln TSIDX Generating Search for sa_vulns over the new large time-frame (you will need to have some ideas how post process works with saved searches). The results display nicely in the Network Vuln Dashboards.
[WARNING WARNING WARNING there are other non vmscanner events that are classified as vulnerabilities which will be GONE once you rename the existing tsidx file]
For those treading down similar roads, the SA-NetworkProtection postprocess.conf Vuln TSIDX Generating Search only runs over a 15 min interval. Since my Vuln scanner script only runs once a day, I scheduled a daily sourcetype=myvmscanner Vuln TSIDX Generating Search that runs over the past 24 hours.
... View more