Perfect!!!!!! Works how it used to. Thanks so much. Much appreciated.

I created the old dashboard with simple xml. After the upgrade all of my charts worked except a few on one dashboard. Below is one of the broken charts.

    <chart>
      <searchTemplate>
        sourcetype="search1" host=$desktop$ | timechart avg(retrans) as "TCP Retransmissions" | eventstats first("TCP Retransmissions") AS FBS | eval "TCP Retransmissions" = 'TCP Retransmissions' - FBS | fields "TCP Retransmissions"
      </searchTemplate>
      <title>TCP Retransmissions Totals</title>
      <option name="charting.axisTitleX.text">Date</option>
       <option name="charting.axisTitleY.text">TCP Retransmissions)</option>
      <option name="charting.chart">column</option>
      <option name="charting.primaryAxisTitle.text"/>
      <option name="count"><![CDATA[addinfo | eval diff = info_max_time - _time 
        | eval bucket = case(diff <= 86400, "1 day", 86400 < diff AND
        diff <= 172800, "2 days", 172800 < diff AND
        diff <= 604800, "1 week", 604800 < diff AND
        diff <= 1209600, "2 weeks", 1209600 < diff AND
        diff <= 2628000, "1 month") | chart count by bucket]]>
      </option>
      <option name="displayRowNumbers">true</option>
    </chart>

And this is a chart that works fine, but similar.

    <chart>
      <searchTemplate>sourcetype="search1" host=$desktop$ | timechart avg(internal_time) as "Ping Time"</searchTemplate>
      <title>Internal Ping Time</title>
      <option name="charting.axisTitleX.text">Date</option>
       <option name="charting.axisTitleY.text">Ping Time (ms)</option>
      <option name="charting.chart">column</option>
      <option name="charting.primaryAxisTitle.text"/>
      <option name="count"><![CDATA[addinfo | eval diff = info_max_time - _time 
        | eval bucket = case(diff <= 86400, "1 day", 86400 < diff AND
        diff <= 172800, "2 days", 172800 < diff AND
        diff <= 604800, "1 week", 604800 < diff AND
        diff <= 1209600, "2 weeks", 1209600 < diff AND
        diff <= 2628000, "1 month") | chart count by bucket]]>
      </option>
      <option name="displayRowNumbers">true</option>
    </chart>
    <chart>

Well I might have it working, but I'm not quite sure why. I tried this:

sourcetype="search1" host=host1 |  eventstats last(retrans) AS FBS | eval "TCP Retransmissions" = 'retrans' - FBS |timechart span=1m avg("TCP Retransmissions")

This seems to display the chart correctly, but I'm not sure why I have to move the timechart to the end. Any ideas? also does this search do the same thing as my original?

No it not. The original search was using timechart's output in eventstats, this takes from raw data, so results can be different.

Just saw something weird in your original query. In the last part, you're just selecting "TCP Retransmissions" fields. How would you chart without the _time field. How about you try this query

sourcetype="search1" host=$desktop$ | timechart avg(retrans) as "TCP Retransmissions" | eventstats first("TCP Retransmissions") AS FBS | eval "TCP Retransmissions" = 'TCP Retransmissions' - FBS | table _time "TCP Retransmissions"

That seems to work, but I'm missing the dates. I see the "Date" text at the bottom, I don't see the horizontal days listed on the charts like I see on my other charts. I do see the vertical numbers on the side of the chart ok.

Also I'm not sure how the old chart worked with version 5. Maybe they were more forgiving with my poor splunk searches.

Can you try swapping the search in these two panels? Just wanted to confirm if it's due to data returned by the searches. Also check if this is a typo

 <option name="charting.axisTitleY.text">TCP Retransmissions**)**</option>