diff --git a/README.md b/README.md
index fdae63b1..23ff9768 100755
--- a/README.md
+++ b/README.md
@@ -10,9 +10,9 @@ Networks Firewall
 
 #### Version ####
 
-* Splunk Version: 5.x
-* App Version: 3.4
-* Last Modified: Sept 2013
+* Splunk Version: 6.x
+* App Version: 4.0
+* Last Modified: Oct 2013
 * Authors:
     * Monzy Merza - Splunk, Inc.
     * Brian Torres-Gil - Palo Alto Networks
@@ -25,33 +25,28 @@ Many Thanks to Contributors, Advisors, Testers:
 * David Hazekamp, Mike Munn, Adam Sealey
 * David Markquardt, Gerald Kannapathy
 * Will Hayes, Marc Benoit, Jeff Hillon
-* Genti Zaimi
+* Genti Zaimi, Scott Brenner, Steve Brown
 
 #### Support ####
 
-For fastest response to support, setup, help or feedback, please post to
-http://answers.splunk.com and tag your questions with `paloalto`.
+For fastest response to support, setup, help or feedback,
+please click the __Ask a Question__ button at http://apps.splunk.com/app/491
 
 For bugs or feature requests, you can also open an issue on github at 
 https://github.com/PaloAltoNetworks-BD/SplunkforPaloAltoNetworks/issues
 
 ## IMPORTANT ##
 
-This app ONLY works on Splunk 5.x
+This app ONLY works on Splunk 6.x
 
-## Dependencies ##
-
-This app depends on the following Splunk Apps available from Splunk Base http://splunk-base.splunk.com/apps/ :
+For Splunk 5.x, use version 3.x of this app.
 
-- [Splunk for use with AMMAP Flash maps] (http://splunk-base.splunk.com/apps/22372/splunk-for-use-with-ammap-flash-maps)
-- [Google Maps] (http://splunk-base.splunk.com/apps/22365/google-maps)
-- [Geo Location Lookup Script] (http://splunk-base.splunk.com/apps/22282/geo-location-lookup-script-powered-by-maxmind)
+## Dependencies ##
 
-You do not need to install these apps if you do not wish to use the mapping and geo location features. The main dashboard will not render properly without the above apps.
+No dependencies
 
 ## Installing ##
 
-- Ensure that the apps listed in the Dependencies section are installed.
 - Unpack the tar ball into `$SPLUNK_HOME/etc/apps`
 - Restart Splunk
 
@@ -109,6 +104,7 @@ Log can be further filtered by type during search by using predefined macros.  T
 - pan_traffic
 - pan_threat
 - pan_url
+- pan_file
 - pan_data
 - pan_wildfire
 - pan_wildfire_report
@@ -141,7 +137,7 @@ If you have any questions, or require any assistance with configuration please c
 
 ### High Performance Value Store (HPVS) ###
 
-The app uses the HPVS feature introduced in Splunk 5.0. This feature provides a tremendous performance improvement for dashboards and views. The views and dashboards make use of saved searches that store data on your search head. This means that disk storage on your search head will be consumed as a result of these searches. If you turn off these saved searches, your dashboards will not render. Or dashboard rendering will be really, really slow. Please post a question to answers.splunk.com if you'd like to explore alternatives. 
+The app uses the HPVS feature introduced in Splunk 5.0 and 6.0. This feature provides a tremendous performance improvement for dashboards and views. The views and dashboards make use of saved searches that store data on your search head. This means that disk storage on your search head will be consumed as a result of these searches. If you turn off these saved searches, your dashboards will not render. Or dashboard rendering will be really, really slow. Please post a question to answers.splunk.com if you'd like to explore alternatives. 
 
 ### Lookups ###
 
@@ -153,16 +149,23 @@ All the dashboards work without any filtering values for the form fields. If you
 
 Keep in mind that searches that have longer time ranges may take a little longer to return the results. 
 
-## What's new in this version ##
+### Modifying dashboards ###
 
-Version 3.4
+Dashboards are built with SimpleXML, so they can be modified using the Splunk GUI.  To do this, click the __Edit__ menu in the top right of the dashboard and select __Edit Panels__.  You can drag panels to new positions, change the visualization (pie, column, area, etc), and modify the searches.  If you modify a dashboard and want to recover the original dashboard, delete the modified dashboard file in `$SPLUNK_HOME/etc/apps/SplunkforPaloAltoNetworks/local/data/ui/views` and restart Splunk.
 
-- NetFlow support using NetFlow Integrator, a 3rd party program from NetFlow Logic
-    - New set of dashboards, charts and graphs centered around NetFlow records from Palo Alto Networks devices
-    - App-ID and User-ID information is available in NetFlow records
+## What's new in this version ##
 
-Download a 30-day free trial of NetFlow Integrator at https://www.netflowlogic.com/downloads  
-Steps to configure NetFlow are available in the **NetFlow** section above.
+Version 4.0
+
+- Splunk 6 support
+- Dashboards converted to Splunk 6 SimpleXML, meaning dashboards can now:
+    - Print
+    - Export as pdf
+    - Produce scheduled reports
+    - Use pre-populated dropdowns in filters
+    - Change using SplunkWeb by editing the panels
+- Maps converted to Splunk 6 built-in maps (removes dependencies on other apps)
+- Updated navbar including icons and colors
 
 ## Installing from Git ##
 
diff --git a/appserver/controllers/nfi_nav_handler.py b/appserver/controllers/nfi_nav_handler.py
index f6eed4ed..7b28f737 100644
--- a/appserver/controllers/nfi_nav_handler.py
+++ b/appserver/controllers/nfi_nav_handler.py
@@ -6,11 +6,14 @@
 APP = 'SplunkforPaloAltoNetworks'
 ENABLED_NAV = os.path.join(os.environ['SPLUNK_HOME'], 'etc', 'apps', APP, 'default', 'data', 'ui', 'nav', 'default.xml.nfi_enabled')
 DISABLED_NAV = os.path.join(os.environ['SPLUNK_HOME'], 'etc', 'apps', APP, 'default', 'data', 'ui', 'nav', 'default.xml.nfi_disabled')
-NAV = os.path.join(os.environ['SPLUNK_HOME'], 'etc', 'apps', APP, 'default', 'data', 'ui', 'nav', 'default.xml')
+NAV_DIR = os.path.join(os.environ['SPLUNK_HOME'], 'etc', 'apps', APP, 'local', 'data', 'ui', 'nav')
+NAV = os.path.join(os.environ['SPLUNK_HOME'], 'etc', 'apps', APP, 'local', 'data', 'ui', 'nav', 'default.xml')
 
 class NAVHANDLER(controllers.BaseController):
     @expose_page(must_login=True, methods=['GET'])
     def enable(self, **kwargs):
+        if not os.path.exists(NAV_DIR):
+            os.makedirs(NAV_DIR)
         try:
             shutil.copy(ENABLED_NAV, NAV)
         except:
@@ -18,6 +21,8 @@ def enable(self, **kwargs):
         return 'Enabled!'
     @expose_page(must_login=True, methods=['GET'])
     def disable(self, **kwargs):
+        if not os.path.exists(NAV_DIR):
+            os.makedirs(NAV_DIR)
         try:
             shutil.copy(DISABLED_NAV, NAV)
         except:
diff --git a/appserver/static/SplunkPoweredOrig.png b/appserver/static/SplunkPoweredOrig.png
deleted file mode 100755
index 5fd45ca9..00000000
Binary files a/appserver/static/SplunkPoweredOrig.png and /dev/null differ
diff --git a/appserver/static/ammap.html b/appserver/static/ammap.html
deleted file mode 100755
index e22fc6f5..00000000
--- a/appserver/static/ammap.html
+++ /dev/null
@@ -1,19 +0,0 @@
-
-  <script type="text/javascript" src="/static/app/amMap/ammap/swfobject.js"></script>
-	<div id="flashcontent">
-		<strong>If you see this message you most likley need to adjust your HTML file in this view or you are trying to view the HTML directly instead of in a Splunk view module.</strong>
-	</div>
-
-	<script type="text/javascript">
-		// <![CDATA[		
-		var so = new SWFObject("/static/app/amMap/ammap/ammap.swf", "ammap", "100%", "400", "8", "#FFFFFF");
-		so.addVariable("path", "/static/app/amMap/ammap/");
-		so.addVariable("settings_file", escape("/static/app/amMap/ammap/ammap_settings.xml"));                  // you can set two or more different settings files here (separated by commas)
-		so.addVariable("data_file", escape("/static/app/amMap/xml_out/home_threat_data.xml"));		
-		so.write("flashcontent");
-so.addParam('wmode', 'transparent');
-		// ]]>
-	</script>
-
-
-
diff --git a/appserver/static/ammap/MBCC-South_Convention_Center-Level2-v1.5.jpg b/appserver/static/ammap/MBCC-South_Convention_Center-Level2-v1.5.jpg
deleted file mode 100755
index de031f35..00000000
Binary files a/appserver/static/ammap/MBCC-South_Convention_Center-Level2-v1.5.jpg and /dev/null differ
diff --git a/appserver/static/ammap/MBCC-South_Convention_Center-Level3-v1.31.jpg b/appserver/static/ammap/MBCC-South_Convention_Center-Level3-v1.31.jpg
deleted file mode 100755
index 787ff8db..00000000
Binary files a/appserver/static/ammap/MBCC-South_Convention_Center-Level3-v1.31.jpg and /dev/null differ
diff --git a/appserver/static/ammap/ammap.swf b/appserver/static/ammap/ammap.swf
deleted file mode 100755
index cb291f89..00000000
Binary files a/appserver/static/ammap/ammap.swf and /dev/null differ
diff --git a/appserver/static/ammap/ammap_settings.xml b/appserver/static/ammap/ammap_settings.xml
deleted file mode 100755
index ca8d4430..00000000
--- a/appserver/static/ammap/ammap_settings.xml
+++ /dev/null
@@ -1,252 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Value between [] brackets, for example [#FFFFFF] shows default value which is used if this parameter is not set  -->
-<!-- This means, that if you are happy with this value, you can delete this line at all and reduce file size          -->
-<!-- value or explanation between () brackets shows the range or type of values you should use for this parameter     -->
-<!-- x, y, widths and heights can be set in pixels or in percents                                                     -->
-
-<settings>
-  <developer_mode></developer_mode>                           <!-- [false] (true / false) If set to true, developer information is displayed. You can also copy developer information to clipboard through right click menu -->
-  <projection>mercator</projection>                           <!-- [xy] (mercator, xy) Projection of your map. If you do not care about actual longitudes and latitudes I recommend to use xy projection. The default world map uses Mercator projection. -->  
-  <width></width>                                             <!-- [] (Number) if empty, will be equal to width of your flash movie -->
-  <height></height>                                           <!-- [] (Number) if empty, will be equal to height of your flash movie -->
-  <font>Tahoma</font>                                         <!-- [Tahoma] (font name) use device fonts, such as Tahoma, Times New Roman, Tahoma, Verdana... -->
-  <text_size>11</text_size>                                   <!-- [11] (Number) text size of all texts. Every text size can be set individually in the settings below -->
-  <text_color></text_color>                                   <!-- [#000000] (hex color code) main text color. Every text color can be set individually in the settings below-->
-  <decimals_separator></decimals_separator>                   <!-- [,] (string) decimal separator. Note, that this is for displaying data only. Decimals in data xml file must be separated with a dot -->
-  <thousands_separator></thousands_separator>                 <!-- [ ] (string) thousand separator -->
-  <redraw></redraw>                                           <!-- [false] (true / false) if redraw is set to true, the map will be resized then screen size changes -->
-  <precision></precision>                                     <!-- [2] (Number) shows how many numbers should be shown after comma for calculated values (percents) -->
-  <reload_data_interval>10</reload_data_interval>               <!-- [0] (Number) how often data should be reloaded (time in seconds) -->
-  <preloader_on_reload></preloader_on_reload>                 <!-- [false] (true / false) Whether to show preloaded when data or settings are reloaded -->
-  <add_time_stamp>true</add_time_stamp>                           <!-- [false] (true / false) if true, a unique number will be added every time flash loads data. This will help to avoid data cashing -->
-  <color_change_time_start>0</color_change_time_start>         <!-- [2] (Number) How fast areas should change color after map is loaded -->
-  <color_change_time_hover></color_change_time_hover>         <!-- [0.2] (Number) How fast areas and movies should change color on roll out -->
-  <fit_to_screen></fit_to_screen>                             <!-- [true] (true / false) whether to resize map or not to fit it on screen -->
-  <drag_map></drag_map>                                       <!-- [true] (true / false) whether map is dragable or not -->
-  <always_hand></always_hand>                                 <!-- [false] (true / false) if set to true, mouse cursor will always be hand but only if drag_map=true -->
-  <mask></mask>                                               <!-- [true] (true / false) this is important if you use print or printAsBitmap JavaScript function and want only visible part of a map to be printed. Also, if you load the map into another swf movie. -->
-  <js_enabled></js_enabled>                                   <!-- [true] (true / false) In case you don't use any flash - JavaScript communication, you can set this setting to false - this will save some CPU and will disable the security warning message which appears when opening the chart from hard drive. -->
-  <force_smoothing></force_smoothing>                         <!-- [false] (true / false) If you use bitmap images as your maps, then you can set this to "true" - the quality of the image will be better (might slow the zooming) -->
-  <layers></layers>																						<!-- [movies,labels,lines] Use this setting to change the sequence of layers. The left-most layer will be behind all the other layers. Please note that objects with x/y coordinates will still be placed on top of objects with long/lat coordinates. -->
-      
-  <background>                                                <!-- background -->
-    <color></color>                                           <!-- [#444444] (hex color code) -->
-    <alpha></alpha>                                           <!-- [0] (0 - 100) use 0 if you are using custom swf or jpg for background -->
-    <border_color></border_color>                             <!-- [#000000] (hex color code) -->
-    <border_alpha></border_alpha>                             <!-- [0] (0 - 100) -->
-    <file></file>                                             <!-- [] (filename) swf or jpg file of a background. This file must be located in path/ folder (set in html file) -->                                                              
-    <stretch></stretch>                                       <!-- [false] (true / false) should we stretch background over the whole width/heigh? -->
-    <overlay_file></overlay_file>                             <!-- [] (filename) swf or jpg file to use as an overlay for the map. This file must be located in path/ folder (set in html file) -->
-    <overlay_stretch></overlay_stretch>                       <!-- [false] (true / false) should we stretch overlay over the whole width/heigh? -->
-  </background>
-  
-  <zoom>                                                      <!-- zoom control -->
-    <enabled>1</enabled>                                  <!-- [true] (true / false) whether to display zoom control or not -->
-    <locked></locked>                                         <!-- [false] (true / false) whether it would be possible to drag zoom bar when dragging "home" icon -->
-    <mouse_wheel_enabled></mouse_wheel_enabled>               <!-- [true] (true / false) whether to enable zooming with mouse wheel. Mouse wheel work only after user clicks somewhere on a flash. To workaround this issue, you have to add: onLoad="ammap.focus()" to your html <body> -->    
-    <arrows_enabled>false</arrows_enabled>                    <!-- [true] (true / false) whether to display navigation arrows or not -->
-    <home_link_enabled></home_link_enabled>                   <!-- [true] (true / false) whether to display home link or not (home link is only displayed if arrows are enabled) -->    
-    <step_size></step_size>                                   <!-- [10] (Number) when moving map with navigation arrows, the map moves by step_size% of flash width or height -->
-    <color></color>                                           <!-- [#990000] (hex color code) background color of "+", "-", scroller buttons and navigation arrows -->
-    <color_hover></color_hover>                               <!-- [#CC0000] (hex color code) -->
-    <alpha></alpha>                                           <!-- [100] (0 - 100) alpha of zoom control buttons -->
-    <outline_color>#527BA9</outline_color>                           <!-- [#FFFFFF] -->
-    <outline_alpha></outline_alpha>                           <!-- [100] (0 - 100) -->
-    <x></x>                                                   <!-- [15] (Number or Number%) x position of zoom control --> 
-    <y></y>                                                   <!-- [15] (Number or Number%) y position of zoom control -->
-    <height></height>                                         <!-- [200] (Number or Number%) zoom control height -->
-    <min></min>                                               <!-- [] (Number%) minimum zoom. if left empty, the minimum value will be calculated automaticaly (to fit all the map to the stage) -->
-    <max></max>                                               <!-- [2000%] (Number%) maximum zoom -->
-    <grid_every></grid_every>                                 <!-- [100%] (Number%) zoom tool grid will will be displayed every "grid_every" value and the dragger height will be equal to the distance between two grids -->
-    <time></time>                                             <!-- [1] time of zoom in seconds -->
-    <effect></effect>                                         <!-- [easeout] (easeout / easein) zoom motion effect -->
-    <rotate></rotate>                                         <!-- [false] (true / false) whether to rotate zoom control by 90 degrees or not. If set to true, zoom control becomes horizontal -->
-    <background_zooms_to_top></background_zooms_to_top>       <!-- [false] (true / false) If this is set to true, clicking on background would be the same as clicking on "home" button -->
-    <zoom_on_click></zoom_on_click>                           <!-- [false] (true / false) If this is set to true, the map will be centered and zoomed in to the place you click. The background_zooms_to_top will be set to false automatically if you set this to true. -->
-    <grid_click_enabled></grid_click_enabled>                 <!-- [true] (true / false) by default clicking on zoom control grid will move slider to that position. Set this setting to "false" to disable this behavior. -->    
-  </zoom>
-  
-  <small_map>                                                 <!-- small map -->
-    <enabled>false</enabled>                                  <!-- [true] (true / false) whether to display small map or not -->
-    <locked></locked>                                         <!-- [false] (true / false) whether it would be possible to drag small map when dragging border of small map -->
-    <active></active>                                         <!-- [true] (true / false) whether clicking on a small map will result position change of big map -->    
-    <x></x>                                                   <!-- [] (Number or Number%) x position of small map. If not defined, will be aligned to right side --> 
-    <y></y>                                                   <!-- [] (Number or Number%) y position of small map. If not defined, will be aligned to bottom -->
-    <width></width>                                           <!-- [25%] (Number or Number%) width of small map (height is calculated automatically) -->
-    <color></color>                                           <!-- [] (hex color code) leave empty if you want to keep original map color -->    
-    <border_width></border_width>                             <!-- [5] (Number) -->
-    <border_color></border_color>                             <!-- [#FFFFFF] (hex color code) -->
-    <rectangle_color></rectangle_color>                       <!-- [#FFFFFF] (hex color code) color of rectangle, indicating active area on a small map -->
-    <collapse_button_color></collapse_button_color>           <!-- [#000000] (hex color code) colapse button arrow color (background color is the same as small map border color) -->
-    <collapse_button_position></collapse_button_position>     <!-- [BR] (BR / BL / TR / TL) BR - bottom right, BL - bottom left TR - top right TL - top left -->
-  </small_map>
-  
-  <navigation_path>                                           <!-- navigation path -->
-    <enabled>false</enabled>                                  <!-- [false] (true / false) whether to display navigation path or not -->
-    <x></x>                                                   <!-- [70] (Number or Number%) x position of path --> 
-    <y></y>                                                   <!-- [30] (Number or Number%) y position of path -->
-    <color></color>                                           <!-- [#000000] (hex color code) path background color -->
-    <alpha></alpha>                                           <!-- [0] (0 - 100) path background alpha --> 
-    <padding></padding>                                       <!-- [0] (Number) horizontal padding of path buttons -->
-    <text_color></text_color>                                 <!-- [#FFFFFF] (hex color code) -->
-    <text_color_hover></text_color_hover>                     <!-- [#CC0000] (hex color code) -->
-    <text_size></text_size>                                   <!-- [text_size] (Number) -->
-    <separator></separator>                                   <!-- [] symbol which separates path entries -->
-    <home_text></home_text>                                   <!-- [] (text) Home text -->
-  </navigation_path>
-  
-  
-  <area>                                                      <!-- areas are movie clips which are already in map swf file, usualy countries. areas should be listed in data file -->                                                              
-    <balloon_text>                                                    
-      <![CDATA[{value} people live in {title}]]>              <!-- [] ({title} {value} {percents} {description}) You can add your own HTML formated text (only some of html tags are supported) -->
-    </balloon_text>
-    <active_only_if_value_set>true</active_only_if_value_set> <!-- [false] (true / false) if set to true, areas (countries) without defined value in data file will not display balloon and will not change color on roll over -->
-    <color_solid></color_solid>                               <!-- [#990000] (hex color code) color of area with highest value-->
-    <color_light>#003333</color_light>                               <!-- [#FFCC00] (hex color code) color of areas with value = 0 or value is not set -->
-    <color_hover>#FFFFFF</color_hover>                        <!-- [] (hex color code) -->
-    <color_selected></color_selected>                         <!-- [] (hex color code) If not specified, original area color will be used -->
-    <color_unlisted>#003333</color_unlisted>                  <!-- [] (hex color code) The color of the areas which are in the map file, but not listed in the data file. If you don't set any color here, the area will keep it's original color. Setting a color allows keeping data file smaller. -->
-    <disable_when_clicked>true</disable_when_clicked>         <!-- [false] (true / false) if this area is currently selected, roll over and click events of this area will be disabled if this set to true -->    
-  </area>
-  
-  <movie>                                                     <!-- movies are swf, jpg, gif or png files which you load on top of a map or on stage. You should define your movies in data file -->
-    <balloon_text>                                            
-      <![CDATA[{title}]]>                                     <!-- [] ({title} {value} {description}) You can add your own HTML formated text (only some of html tags are supported) -->
-    </balloon_text> 
-    <active_only_if_value_set></active_only_if_value_set>     <!-- [false] (true / false) if set to true, movies without defined value in data file will not display balloon and will not change color on roll over -->
-    <disable_when_clicked>true</disable_when_clicked>         <!-- [false] (true / false) if this area is currently selected, roll over and click events of this area will be disabled if this set to true -->
-    <color></color>                                           <!-- [] (hex color code) If not specified, original area color will be used -->
-    <color_hover></color_hover>                               <!-- [] (hex color code) If not specified, original area color will be used -->
-    <color_selected></color_selected>                         <!-- [] (hex color code) If not specified, original area color will be used -->    
-  </movie>
-  
-  <label>                                                     <!-- labels are texts which you set in data file. labels can be bounded to a map or placed on stage -->
-    <balloon_text>                                            
-      <![CDATA[]]>                                            <!-- [] ({title} {value} {description}) You can add your own HTML formated text (only some of html tags are supported) -->
-    </balloon_text>
-    <bg_margins_horizontal></bg_margins_horizontal>           <!-- [10] if your labels have background, then this parameter sets horizontal margins of background box -->
-    <bg_margins_vertical></bg_margins_vertical>               <!-- [10] if your labels have background, then this parameter sets vertical margins of background box -->    
-  </label>
-
-  <line>                                                      <!-- you can bound lines to a map or draw them on the stage. LInes are defined in data file -->
-    <color></color>                                           <!-- [#990000] (hex color code) default line color -->                                                                
-    <alpha></alpha>                                           <!-- [100] (Number) default line alpha -->      
-    <width></width>                                           <!-- [0] (Number) default line width  -->
-    <dashed></dashed>                                         <!-- [false] (true / false) dashed lines are recommended only for stage lines, not for lines inside a map -->
-    <arrow></arrow>                                           <!-- [] (end / start / middle / both) arrow position --> 
-    <arrow_size></arrow_size>                                 <!-- [8] (Number) arrow size --> 
-    <arrow_color></arrow_color>                               <!-- [] (line.color) default arrow color. If empty, is the same as line color -->
-    <arrow_alpha></arrow_alpha>                               <!-- [100] (0 - 100) arrow alpha -->
-    <curved></curved>                                         <!-- [false] (true / false) If this is set to true, the lines will be "smoothed". The lines will be smoothed only if they have at least 3 points. You can set curved="true" or curved="false" for individual line in the data file -->
-  </line>
-  
-  <legend>                                                    <!-- LEGEND -->
-    <enabled></enabled>                                       <!-- [true] (true / false) -->
-    <x></x>                                                   <!-- [20] (Number / Number% / !Number)  -->
-    <y></y>                                                   <!-- [!55] (Number / Number% / !Number)  -->
-    <width></width>                                           <!-- [] (Number / Number%) -->
-    <max_columns></max_columns>                               <!-- [] (Number) the maximum number of columns in the legend -->    
-    <color></color>                                           <!-- [#FFFFFF] (hex color code) -->
-    <alpha></alpha>                                           <!-- [50] (0 - 100) background opacity -->
-    <border_color></border_color>                             <!-- [#000000] (hex color code) border color -->
-    <border_alpha></border_alpha>                             <!-- [30] (0 - 100) border alpha -->
-    <text_color></text_color>                                 <!-- [text_color] (hex color code) -->   
-    <text_size></text_size>                                   <!-- [text_size] (Number) -->
-    <spacing></spacing>                                       <!-- [10] (Number) vertical and horizontal gap between legend entries -->
-    <margins></margins>                                       <!-- [10] (Number) legend margins (space between legend border and legend entries, recommended to use only if legend border is visible or background color is different from chart area background color) -->
-    <key>                                                     <!-- KEY (the color box near every legend entry) -->
-      <size></size>                                           <!-- [16] (Number) key size-->
-      <border_color></border_color>                           <!-- [] (hex color code) leave empty if you don't want to have border -->
-    </key>    
-    <entries>                                                 <!-- legend entries go gere-->
-      <!-- <entry color="#3366CC">Some title</entry>  -->     <!-- You can have any number of legend entries, uncomment this line and copy as many times as you need -->
-    </entries>
-  </legend>
-  
-  <object_list>                                               <!-- OBJECT LIST -->
-    <enabled></enabled>                                       <!-- [false] (true / false) -->
-    <type></type>                                             <!-- [dropdown] (dropdown / listbox) -->
-    <levels></levels>                                         <!-- [3] (Number) How many levels of objects should be included in the list. You can exclude individual objects from a list by setting object_list="false" in the object's settings in data file. -->
-    <include_areas></include_areas>                           <!-- [true] (true / false) whether areas must be included in a list -->
-    <include_movies></include_movies>                         <!-- [true] (true / false) whether movies must be included in a list -->
-    <include_labels></include_labels>                         <!-- [true] (true / false) whether labels must be included in a list -->
-    <x></x>                                                   <!-- [!200] (Number / Number% / !Number) -->
-    <y></y>                                                   <!-- [0] (Number / Number% / !Number)-->
-    <width></width>                                           <!-- [200] (Number / Number%) -->
-    <height></height>                                         <!-- [100%] (Number / Number%) -->    
-    <color></color>                                           <!-- [#FFFFFF] (hex color code) Background color-->
-    <color_hover></color_hover>                               <!-- [#DADADA] (hex color code) background color of a list item when mouse is over it -->
-    <color_selected></color_selected>                         <!-- [#000000] (hex color code) background color of a selected list item -->
-    <alpha></alpha>                                           <!-- [100] (0 - 100) background opacity -->
-    <border_color></border_color>                             <!-- [#DADADA] (hex color code) -->
-    <border_alpha></border_alpha>                             <!-- [100] (0 - 100) border opacity -->
-    <text_color></text_color>                                 <!-- [text_color] (hex color code) -->
-    <text_color_hover></text_color_hover>                     <!-- [#000000] (hex color code) -->
-    <text_color_selected></text_color_selected>               <!-- [#FFFFFF] (hex color code) -->   
-    <text_size></text_size>                                   <!-- [text_size] (Number) -->
-    <scroller_color></scroller_color>                         <!-- [#990000] (hex color code) -->
-    <scroller_bg_color></scroller_bg_color>                   <!-- [#DADADA] (hex color code) -->
-    <home_text></home_text>                                   <!-- [Home] (text) Set "none" if you don't want the home text at all -->
-  </object_list>  
-
-  
-  <text_box>                                                  <!-- text box is displayed when user clicks on an object and the object contains description. You can disable text box for individual objects in data file -->
-    <enabled></enabled>                                       <!-- [true] (true / false) -->
-    <locked></locked>                                         <!-- [false] (true / false) whether it would be possible to drag text box -->
-    <selectable></selectable>                                 <!-- [true] (true / false) whether it is possible to select the text in text box or not -->
-    <show_on_hover></show_on_hover>                           <!-- [false] (true / false) text box can be showed on roll over too - set this parameter to "true" -->
-    <hide_on_roll_out></hide_on_roll_out>                     <!-- [false] (true / false) if text box is showed on roll over, it can be hidden on roll out -->    
-    <x></x>                                                   <!-- [60%] (Number or Number%) x position of text box. You can set individual x position for every object in data file -->
-    <y></y>                                                   <!-- [20%] (Number or Number%) y position of text box. You can set individual y position for every object in data file -->
-    <width></width>                                           <!-- [35%] (Number or Number%) text box width. You can set individual width for every movie or area -->
-    <height></height>                                         <!-- [40%] (Number or Number%) text box height. You can set individual height for every movie or area -->
-    <color></color>                                           <!-- [#FFFFFF] (hex color code) background color -->
-    <alpha></alpha>                                           <!-- [100] (0 - 100) background alpha -->
-    <shadow_color></shadow_color>                             <!-- [#000000] (hex color code) shadow color -->
-    <shadow_alpha></shadow_alpha>                             <!-- [50] (0 - 100) shadow alpha -->
-    <shadow_blur></shadow_blur>                               <!-- [5] (Number) shadow bluriness -->
-    <shadow_distance></shadow_distance>                       <!-- [5] (Number) shadow distance -->
-    <corner_radius>7</corner_radius>                           <!-- [0] (Number) corner radius -->
-    <border_width></border_width>                             <!-- [0] (Number) border width -->
-    <border_color></border_color>                             <!-- [#DADADA] (hec color code) border color -->
-    <border_alpha></border_alpha>                             <!-- [100] (Number) border alpha -->
-    <margin_width></margin_width>                             <!-- [10] (Number) margin width -->
-    <text_size></text_size>                                   <!-- [text_size] (Number) -->
-    <text_color></text_color>                                 <!-- [text_color] (hex color code) -->
-    <close_button_color></close_button_color>                 <!-- [#000000] (hex color code) -->
-    <close_button_color_hover></close_button_color_hover>     <!-- [#CC0000] (hex color code) -->
-    <scroller_color></scroller_color>                         <!-- [#990000] -->
-    <scroller_bg_color></scroller_bg_color>                   <!-- [#DADADA] -->
-  </text_box>
-  
-  <balloon>                                                   <!-- balloon is shown when user roll overs the objects -->
-    <enabled></enabled>                                       <!-- [true] (true / false) -->
-    <max_width></max_width>                                   <!-- [30%] (Number or Number%) -->                                  
-    <color>#FFFFFF</color>                                    <!-- [#880000] (hex color code) balloon background color -->
-    <alpha>70</alpha>                                         <!-- [100] (0 - 100) -->
-    <text_color>#000000</text_color>                          <!-- [0xFFFFFF] (hex color code) -->
-    <text_size></text_size>                                   <!-- [text_size] (Number) -->
-    <border_color>#CC0000</border_color>                      <!-- [balloon.color] (hex color code) -->
-    <border_alpha>90</border_alpha>                          <!-- [balloon.alpha] (0 - 100) -->
-    <border_width>2</border_width>                            <!-- [0] (Number) -->
-    <corner_radius>5</corner_radius>                          <!-- [0] (Number) -->
-    <arrow></arrow>                                           <!-- [vertical] (vertical / horizontal) balloon's arrow position -->
-  </balloon>
-
-  <export_as_image>                                           <!-- export_as_image feature works only on a web server -->
-    <file></file>                                             <!-- [] (filename) if you set filename here, context menu (then user right clicks on flash movie) "Export as image" will appear. This will allow user to export map as an image. Collected image data will be posted to this file name (use ammap/export.php or ammap/export.aspx) -->
-    <target></target>                                         <!-- [] (_blank, _top ...) target of a window in which export file must be called -->
-    <x></x>                                                   <!-- [0] (Number) x position of "Collecting data" text -->
-    <y></y>                                                   <!-- [] (Number) y position of "Collecting data" text. If not set, will be aligned to the bottom of flash movie -->
-    <color></color>                                           <!-- [#BBBB00] (hex color code) background color of "Collecting data" text -->
-    <alpha></alpha>                                           <!-- [0] (0 - 100) background alpha -->
-    <text_color></text_color>                                 <!-- [text_color] (hex color code) -->
-    <text_size></text_size>                                   <!-- [text_size] (Number) -->
-  </export_as_image>  
-    
-  <strings>                                                
-    <loading_map></loading_map>                               <!-- [Loading map] (text) -->
-    <export_as_image></export_as_image>                       <!-- [Export as image] (text) text for right click menu -->
-    <collecting_data></collecting_data>                       <!-- [Collecting data] (text) this text is displayed while exporting map to an image -->    
-  </strings>
-</settings>
diff --git a/appserver/static/ammap/export.aspx b/appserver/static/ammap/export.aspx
deleted file mode 100755
index b4b5f42f..00000000
--- a/appserver/static/ammap/export.aspx
+++ /dev/null
@@ -1 +0,0 @@
-<%@ Page Language="C#" AutoEventWireup="true"  CodeFile="export.aspx.cs" Inherits="_export" %>
\ No newline at end of file
diff --git a/appserver/static/ammap/export.aspx.cs b/appserver/static/ammap/export.aspx.cs
deleted file mode 100755
index d3ff1e66..00000000
--- a/appserver/static/ammap/export.aspx.cs
+++ /dev/null
@@ -1,73 +0,0 @@
-using System;
-using System.Web;
-using System.Drawing;
-using System.Drawing.Imaging;
-
-public partial class _export : System.Web.UI.Page 
-{
-    protected void Page_Load(object sender, EventArgs e)
-    {
-        if (Request.Form["width"] != null && Request.Form["width"] != String.Empty)
-        {
-            // image dimensions
-            int width = Int32.Parse((Request.Form["width"].IndexOf('.') != -1) ? Request.Form["width"].Substring(0, Request.Form["width"].IndexOf('.')) : Request.Form["width"]);
-            int height = Int32.Parse((Request.Form["height"].IndexOf('.') != -1) ? Request.Form["height"].Substring(0, Request.Form["height"].IndexOf('.')) : Request.Form["height"]);
-
-            // image
-            Bitmap result = new Bitmap(width, height);
-
-            // set pixel colors
-            for (int y = 0; y < height; y++)
-            {
-                // column counter for the row
-                int x = 0;
-                // get current row data
-                string[] row = Request.Form["r" + y].Split(new char[] { ',' });
-                // set pixels in the row
-                for (int c = 0; c < row.Length; c++)
-                {
-                    // get pixel color and repeat count
-                    string[] pixel = row[c].Split(new char[] { ':' });
-                    Color current_color = ColorTranslator.FromHtml("#" + pixel[0]);
-                    int repeat = pixel.Length > 1 ? Int32.Parse(pixel[1]) : 1;
-
-                    // set pixel(s)
-                    for (int l = 0; l < repeat; l++)
-                    {
-                        result.SetPixel(x, y, current_color);
-                        x++;
-                    }
-                }
-            }
-
-            // output image
-
-            // image type
-            Response.ContentType = "image/jpeg";
-            Response.AddHeader("Content-Disposition", "attachment; filename=\"ammap.jpg\"");
-
-            // find image encoder for selected type
-            ImageCodecInfo[] encoders;
-            ImageCodecInfo img_encoder = null;
-            encoders = ImageCodecInfo.GetImageEncoders();
-            foreach (ImageCodecInfo codec in encoders)
-                if (codec.MimeType == Response.ContentType)
-                {
-                    img_encoder = codec;
-                    break;
-                }
-
-            // image parameters
-            EncoderParameter jpeg_quality = new EncoderParameter(Encoder.Quality, 100L); // for jpeg images only
-            EncoderParameters enc_params = new EncoderParameters(1);
-            enc_params.Param[0] = jpeg_quality;
-
-            result.Save(Response.OutputStream, img_encoder, enc_params);
-        }
-        else
-        {
-            // invalid post
-            Response.Write("Invalid post");
-        }
-    }
-}
diff --git a/appserver/static/ammap/export.php b/appserver/static/ammap/export.php
deleted file mode 100755
index 11fb610f..00000000
--- a/appserver/static/ammap/export.php
+++ /dev/null
@@ -1,69 +0,0 @@
-<?php
-// ammap.com export to image utility
-// set image type (gif/png/jpeg)
-$imgtype = 'jpeg';
-
-// set image quality (from 0 to 100, not applicable to gif)
-$imgquality = 100;
-
-// get data from $_POST or $_GET ?
-$data = &$_POST;
-
-// get image dimensions
-$width  = (int) $data['width'];
-$height = (int) $data['height'];
-
-// create image object
-$img = imagecreatetruecolor($width, $height);
-
-// populate image with pixels
-for ($y = 0; $y < $height; $y++) {
-  // innitialize
-  $x = 0;
-  
-  // get row data
-  $row = explode(',', $data['r'.$y]);
-  
-  // place row pixels
-  $cnt = sizeof($row);
-  for ($r = 0; $r < $cnt; $r++) {
-    // get pixel(s) data
-    $pixel = explode(':', $row[$r]);
-    
-    // get color
-    $pixel[0] = str_pad($pixel[0], 6, '0', STR_PAD_LEFT);
-    $cr = hexdec(substr($pixel[0], 0, 2));
-    $cg = hexdec(substr($pixel[0], 2, 2));
-    $cb = hexdec(substr($pixel[0], 4, 2));
-    
-    // allocate color
-    $color = imagecolorallocate($img, $cr, $cg, $cb);
-    
-    // place repeating pixels
-    $repeat = isset($pixel[1]) ? (int) $pixel[1] : 1;
-    for ($c = 0; $c < $repeat; $c++) {
-      // place pixel
-      imagesetpixel($img, $x, $y, $color);
-      
-      // iterate column
-      $x++;
-    }
-  }
-}
-
-// set proper content type
-header('Content-type: image/'.$imgtype);
-header('Content-Disposition: attachment; filename="map.'.$imgtype.'"');
-
-// stream image
-$function = 'image'.$imgtype;
-if ($imgtype == 'gif') {
-  $function($img);
-}
-else {
-  $function($img, null, $imgquality);
-}
-
-// destroy
-imagedestroy($img);
-?>
diff --git a/appserver/static/ammap/icons/anchor.swf b/appserver/static/ammap/icons/anchor.swf
deleted file mode 100755
index 4b9ca546..00000000
Binary files a/appserver/static/ammap/icons/anchor.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/arrow.swf b/appserver/static/ammap/icons/arrow.swf
deleted file mode 100755
index 6f98295f..00000000
Binary files a/appserver/static/ammap/icons/arrow.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/bed.swf b/appserver/static/ammap/icons/bed.swf
deleted file mode 100755
index cad352dd..00000000
Binary files a/appserver/static/ammap/icons/bed.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/bike.swf b/appserver/static/ammap/icons/bike.swf
deleted file mode 100755
index 166e84a4..00000000
Binary files a/appserver/static/ammap/icons/bike.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/bubble.swf b/appserver/static/ammap/icons/bubble.swf
deleted file mode 100755
index 61d013fa..00000000
Binary files a/appserver/static/ammap/icons/bubble.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/bus.swf b/appserver/static/ammap/icons/bus.swf
deleted file mode 100755
index 96061448..00000000
Binary files a/appserver/static/ammap/icons/bus.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/camera.swf b/appserver/static/ammap/icons/camera.swf
deleted file mode 100755
index 6fd64ea8..00000000
Binary files a/appserver/static/ammap/icons/camera.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/car.swf b/appserver/static/ammap/icons/car.swf
deleted file mode 100755
index 8750fea8..00000000
Binary files a/appserver/static/ammap/icons/car.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/castle.swf b/appserver/static/ammap/icons/castle.swf
deleted file mode 100755
index 3d2fefe5..00000000
Binary files a/appserver/static/ammap/icons/castle.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/coffee.swf b/appserver/static/ammap/icons/coffee.swf
deleted file mode 100755
index 62ab8a5d..00000000
Binary files a/appserver/static/ammap/icons/coffee.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/cross.swf b/appserver/static/ammap/icons/cross.swf
deleted file mode 100755
index 1ef5cc38..00000000
Binary files a/appserver/static/ammap/icons/cross.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/dollar.swf b/appserver/static/ammap/icons/dollar.swf
deleted file mode 100755
index ffdd7114..00000000
Binary files a/appserver/static/ammap/icons/dollar.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/end.swf b/appserver/static/ammap/icons/end.swf
deleted file mode 100755
index adbf3b72..00000000
Binary files a/appserver/static/ammap/icons/end.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/flag.swf b/appserver/static/ammap/icons/flag.swf
deleted file mode 100755
index 495645fa..00000000
Binary files a/appserver/static/ammap/icons/flag.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/hiker.swf b/appserver/static/ammap/icons/hiker.swf
deleted file mode 100755
index 762e1614..00000000
Binary files a/appserver/static/ammap/icons/hiker.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/hospital.swf b/appserver/static/ammap/icons/hospital.swf
deleted file mode 100755
index 71db9831..00000000
Binary files a/appserver/static/ammap/icons/hospital.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/info.swf b/appserver/static/ammap/icons/info.swf
deleted file mode 100755
index ca26867f..00000000
Binary files a/appserver/static/ammap/icons/info.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/interest.swf b/appserver/static/ammap/icons/interest.swf
deleted file mode 100755
index 909fa780..00000000
Binary files a/appserver/static/ammap/icons/interest.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/mountains.swf b/appserver/static/ammap/icons/mountains.swf
deleted file mode 100755
index 3f622390..00000000
Binary files a/appserver/static/ammap/icons/mountains.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/museum.swf b/appserver/static/ammap/icons/museum.swf
deleted file mode 100755
index 96f800a5..00000000
Binary files a/appserver/static/ammap/icons/museum.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/palm.swf b/appserver/static/ammap/icons/palm.swf
deleted file mode 100755
index 5e7dcf84..00000000
Binary files a/appserver/static/ammap/icons/palm.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/phone.swf b/appserver/static/ammap/icons/phone.swf
deleted file mode 100755
index 1767e5d7..00000000
Binary files a/appserver/static/ammap/icons/phone.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/pin.swf b/appserver/static/ammap/icons/pin.swf
deleted file mode 100755
index 0ec1156b..00000000
Binary files a/appserver/static/ammap/icons/pin.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/plane.swf b/appserver/static/ammap/icons/plane.swf
deleted file mode 100755
index 1408a911..00000000
Binary files a/appserver/static/ammap/icons/plane.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/rest.swf b/appserver/static/ammap/icons/rest.swf
deleted file mode 100755
index 35daa22a..00000000
Binary files a/appserver/static/ammap/icons/rest.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/restaurant.swf b/appserver/static/ammap/icons/restaurant.swf
deleted file mode 100755
index be8efc02..00000000
Binary files a/appserver/static/ammap/icons/restaurant.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/skier.swf b/appserver/static/ammap/icons/skier.swf
deleted file mode 100755
index d224cfb9..00000000
Binary files a/appserver/static/ammap/icons/skier.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/skyscraper.swf b/appserver/static/ammap/icons/skyscraper.swf
deleted file mode 100755
index 9866c0ec..00000000
Binary files a/appserver/static/ammap/icons/skyscraper.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/start.swf b/appserver/static/ammap/icons/start.swf
deleted file mode 100755
index 63be41a8..00000000
Binary files a/appserver/static/ammap/icons/start.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/sun.swf b/appserver/static/ammap/icons/sun.swf
deleted file mode 100755
index d59cdcd3..00000000
Binary files a/appserver/static/ammap/icons/sun.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/tent.swf b/appserver/static/ammap/icons/tent.swf
deleted file mode 100755
index aab51441..00000000
Binary files a/appserver/static/ammap/icons/tent.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/train.swf b/appserver/static/ammap/icons/train.swf
deleted file mode 100755
index 0e807c25..00000000
Binary files a/appserver/static/ammap/icons/train.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/water.swf b/appserver/static/ammap/icons/water.swf
deleted file mode 100755
index f8d60b73..00000000
Binary files a/appserver/static/ammap/icons/water.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/wc.swf b/appserver/static/ammap/icons/wc.swf
deleted file mode 100755
index 043a7e7b..00000000
Binary files a/appserver/static/ammap/icons/wc.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/yacht.swf b/appserver/static/ammap/icons/yacht.swf
deleted file mode 100755
index 05275752..00000000
Binary files a/appserver/static/ammap/icons/yacht.swf and /dev/null differ
diff --git a/appserver/static/ammap/icons/zoom_out.swf b/appserver/static/ammap/icons/zoom_out.swf
deleted file mode 100755
index 6a8ce0d1..00000000
Binary files a/appserver/static/ammap/icons/zoom_out.swf and /dev/null differ
diff --git a/appserver/static/ammap/maps/australia.swf b/appserver/static/ammap/maps/australia.swf
deleted file mode 100755
index a74df7c4..00000000
Binary files a/appserver/static/ammap/maps/australia.swf and /dev/null differ
diff --git a/appserver/static/ammap/maps/austria.swf b/appserver/static/ammap/maps/austria.swf
deleted file mode 100755
index 97edfcec..00000000
Binary files a/appserver/static/ammap/maps/austria.swf and /dev/null differ
diff --git a/appserver/static/ammap/maps/belgium.swf b/appserver/static/ammap/maps/belgium.swf
deleted file mode 100755
index 60d1c39d..00000000
Binary files a/appserver/static/ammap/maps/belgium.swf and /dev/null differ
diff --git a/appserver/static/ammap/maps/canada.swf b/appserver/static/ammap/maps/canada.swf
deleted file mode 100755
index 3214451f..00000000
Binary files a/appserver/static/ammap/maps/canada.swf and /dev/null differ
diff --git a/appserver/static/ammap/maps/china.swf b/appserver/static/ammap/maps/china.swf
deleted file mode 100755
index 73b70edc..00000000
Binary files a/appserver/static/ammap/maps/china.swf and /dev/null differ
diff --git a/appserver/static/ammap/maps/continents.swf b/appserver/static/ammap/maps/continents.swf
deleted file mode 100755
index 2e9a6dc0..00000000
Binary files a/appserver/static/ammap/maps/continents.swf and /dev/null differ
diff --git a/appserver/static/ammap/maps/denmark.swf b/appserver/static/ammap/maps/denmark.swf
deleted file mode 100755
index 25b6cc9e..00000000
Binary files a/appserver/static/ammap/maps/denmark.swf and /dev/null differ
diff --git a/appserver/static/ammap/maps/france.swf b/appserver/static/ammap/maps/france.swf
deleted file mode 100755
index ee901a34..00000000
Binary files a/appserver/static/ammap/maps/france.swf and /dev/null differ
diff --git a/appserver/static/ammap/maps/germany.swf b/appserver/static/ammap/maps/germany.swf
deleted file mode 100755
index 7b784b92..00000000
Binary files a/appserver/static/ammap/maps/germany.swf and /dev/null differ
diff --git a/appserver/static/ammap/maps/italy.swf b/appserver/static/ammap/maps/italy.swf
deleted file mode 100755
index b8b760f1..00000000
Binary files a/appserver/static/ammap/maps/italy.swf and /dev/null differ
diff --git a/appserver/static/ammap/maps/japan.swf b/appserver/static/ammap/maps/japan.swf
deleted file mode 100755
index 24ce5282..00000000
Binary files a/appserver/static/ammap/maps/japan.swf and /dev/null differ
diff --git a/appserver/static/ammap/maps/mexico.swf b/appserver/static/ammap/maps/mexico.swf
deleted file mode 100755
index 2a1ee681..00000000
Binary files a/appserver/static/ammap/maps/mexico.swf and /dev/null differ
diff --git a/appserver/static/ammap/maps/new_zealand.swf b/appserver/static/ammap/maps/new_zealand.swf
deleted file mode 100755
index bdfef67d..00000000
Binary files a/appserver/static/ammap/maps/new_zealand.swf and /dev/null differ
diff --git a/appserver/static/ammap/maps/nicaragua.swf b/appserver/static/ammap/maps/nicaragua.swf
deleted file mode 100755
index 9c901da0..00000000
Binary files a/appserver/static/ammap/maps/nicaragua.swf and /dev/null differ
diff --git a/appserver/static/ammap/maps/northamerica.swf b/appserver/static/ammap/maps/northamerica.swf
deleted file mode 100755
index c8dd9a12..00000000
Binary files a/appserver/static/ammap/maps/northamerica.swf and /dev/null differ
diff --git a/appserver/static/ammap/maps/russia.swf b/appserver/static/ammap/maps/russia.swf
deleted file mode 100755
index 9c05a3b1..00000000
Binary files a/appserver/static/ammap/maps/russia.swf and /dev/null differ
diff --git a/appserver/static/ammap/maps/spain.swf b/appserver/static/ammap/maps/spain.swf
deleted file mode 100755
index 5dd51a58..00000000
Binary files a/appserver/static/ammap/maps/spain.swf and /dev/null differ
diff --git a/appserver/static/ammap/maps/switzerland.swf b/appserver/static/ammap/maps/switzerland.swf
deleted file mode 100755
index 98af9969..00000000
Binary files a/appserver/static/ammap/maps/switzerland.swf and /dev/null differ
diff --git a/appserver/static/ammap/maps/united_kingdom.swf b/appserver/static/ammap/maps/united_kingdom.swf
deleted file mode 100755
index c3b298f6..00000000
Binary files a/appserver/static/ammap/maps/united_kingdom.swf and /dev/null differ
diff --git a/appserver/static/ammap/maps/united_kingdom_regions.swf b/appserver/static/ammap/maps/united_kingdom_regions.swf
deleted file mode 100755
index e3ba76f4..00000000
Binary files a/appserver/static/ammap/maps/united_kingdom_regions.swf and /dev/null differ
diff --git a/appserver/static/ammap/maps/usa.swf b/appserver/static/ammap/maps/usa.swf
deleted file mode 100755
index 1a36d28f..00000000
Binary files a/appserver/static/ammap/maps/usa.swf and /dev/null differ
diff --git a/appserver/static/ammap/maps/usa_mercator.swf b/appserver/static/ammap/maps/usa_mercator.swf
deleted file mode 100755
index 19388803..00000000
Binary files a/appserver/static/ammap/maps/usa_mercator.swf and /dev/null differ
diff --git a/appserver/static/ammap/maps/venezuela.swf b/appserver/static/ammap/maps/venezuela.swf
deleted file mode 100755
index 41158dbd..00000000
Binary files a/appserver/static/ammap/maps/venezuela.swf and /dev/null differ
diff --git a/appserver/static/ammap/maps/world.swf b/appserver/static/ammap/maps/world.swf
deleted file mode 100755
index 474ae6bb..00000000
Binary files a/appserver/static/ammap/maps/world.swf and /dev/null differ
diff --git a/appserver/static/ammap/maps/world_with_antarctica.swf b/appserver/static/ammap/maps/world_with_antarctica.swf
deleted file mode 100755
index ebe6409b..00000000
Binary files a/appserver/static/ammap/maps/world_with_antarctica.swf and /dev/null differ
diff --git a/appserver/static/ammap/realtime_ammap_settings.xml b/appserver/static/ammap/realtime_ammap_settings.xml
deleted file mode 100755
index 2c948de7..00000000
--- a/appserver/static/ammap/realtime_ammap_settings.xml
+++ /dev/null
@@ -1,252 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Value between [] brackets, for example [#FFFFFF] shows default value which is used if this parameter is not set  -->
-<!-- This means, that if you are happy with this value, you can delete this line at all and reduce file size          -->
-<!-- value or explanation between () brackets shows the range or type of values you should use for this parameter     -->
-<!-- x, y, widths and heights can be set in pixels or in percents                                                     -->
-
-<settings>
-  <developer_mode></developer_mode>                           <!-- [false] (true / false) If set to true, developer information is displayed. You can also copy developer information to clipboard through right click menu -->
-  <projection>mercator</projection>                           <!-- [xy] (mercator, xy) Projection of your map. If you do not care about actual longitudes and latitudes I recommend to use xy projection. The default world map uses Mercator projection. -->  
-  <width></width>                                             <!-- [] (Number) if empty, will be equal to width of your flash movie -->
-  <height></height>                                           <!-- [] (Number) if empty, will be equal to height of your flash movie -->
-  <font>Tahoma</font>                                         <!-- [Tahoma] (font name) use device fonts, such as Tahoma, Times New Roman, Tahoma, Verdana... -->
-  <text_size>11</text_size>                                   <!-- [11] (Number) text size of all texts. Every text size can be set individually in the settings below -->
-  <text_color></text_color>                                   <!-- [#000000] (hex color code) main text color. Every text color can be set individually in the settings below-->
-  <decimals_separator></decimals_separator>                   <!-- [,] (string) decimal separator. Note, that this is for displaying data only. Decimals in data xml file must be separated with a dot -->
-  <thousands_separator></thousands_separator>                 <!-- [ ] (string) thousand separator -->
-  <redraw></redraw>                                           <!-- [false] (true / false) if redraw is set to true, the map will be resized then screen size changes -->
-  <precision></precision>                                     <!-- [2] (Number) shows how many numbers should be shown after comma for calculated values (percents) -->
-  <reload_data_interval>2</reload_data_interval>               <!-- [0] (Number) how often data should be reloaded (time in seconds) -->
-  <preloader_on_reload></preloader_on_reload>                 <!-- [false] (true / false) Whether to show preloaded when data or settings are reloaded -->
-  <add_time_stamp>true</add_time_stamp>                           <!-- [false] (true / false) if true, a unique number will be added every time flash loads data. This will help to avoid data cashing -->
-  <color_change_time_start>0</color_change_time_start>         <!-- [2] (Number) How fast areas should change color after map is loaded -->
-  <color_change_time_hover></color_change_time_hover>         <!-- [0.2] (Number) How fast areas and movies should change color on roll out -->
-  <fit_to_screen></fit_to_screen>                             <!-- [true] (true / false) whether to resize map or not to fit it on screen -->
-  <drag_map></drag_map>                                       <!-- [true] (true / false) whether map is dragable or not -->
-  <always_hand></always_hand>                                 <!-- [false] (true / false) if set to true, mouse cursor will always be hand but only if drag_map=true -->
-  <mask></mask>                                               <!-- [true] (true / false) this is important if you use print or printAsBitmap JavaScript function and want only visible part of a map to be printed. Also, if you load the map into another swf movie. -->
-  <js_enabled></js_enabled>                                   <!-- [true] (true / false) In case you don't use any flash - JavaScript communication, you can set this setting to false - this will save some CPU and will disable the security warning message which appears when opening the chart from hard drive. -->
-  <force_smoothing></force_smoothing>                         <!-- [false] (true / false) If you use bitmap images as your maps, then you can set this to "true" - the quality of the image will be better (might slow the zooming) -->
-  <layers></layers>																						<!-- [movies,labels,lines] Use this setting to change the sequence of layers. The left-most layer will be behind all the other layers. Please note that objects with x/y coordinates will still be placed on top of objects with long/lat coordinates. -->
-      
-  <background>                                                <!-- background -->
-    <color></color>                                           <!-- [#444444] (hex color code) -->
-    <alpha></alpha>                                           <!-- [0] (0 - 100) use 0 if you are using custom swf or jpg for background -->
-    <border_color></border_color>                             <!-- [#000000] (hex color code) -->
-    <border_alpha></border_alpha>                             <!-- [0] (0 - 100) -->
-    <file></file>                                             <!-- [] (filename) swf or jpg file of a background. This file must be located in path/ folder (set in html file) -->                                                              
-    <stretch></stretch>                                       <!-- [false] (true / false) should we stretch background over the whole width/heigh? -->
-    <overlay_file></overlay_file>                             <!-- [] (filename) swf or jpg file to use as an overlay for the map. This file must be located in path/ folder (set in html file) -->
-    <overlay_stretch></overlay_stretch>                       <!-- [false] (true / false) should we stretch overlay over the whole width/heigh? -->
-  </background>
-  
-  <zoom>                                                      <!-- zoom control -->
-    <enabled>1</enabled>                                  <!-- [true] (true / false) whether to display zoom control or not -->
-    <locked></locked>                                         <!-- [false] (true / false) whether it would be possible to drag zoom bar when dragging "home" icon -->
-    <mouse_wheel_enabled></mouse_wheel_enabled>               <!-- [true] (true / false) whether to enable zooming with mouse wheel. Mouse wheel work only after user clicks somewhere on a flash. To workaround this issue, you have to add: onLoad="ammap.focus()" to your html <body> -->    
-    <arrows_enabled>false</arrows_enabled>                    <!-- [true] (true / false) whether to display navigation arrows or not -->
-    <home_link_enabled></home_link_enabled>                   <!-- [true] (true / false) whether to display home link or not (home link is only displayed if arrows are enabled) -->    
-    <step_size></step_size>                                   <!-- [10] (Number) when moving map with navigation arrows, the map moves by step_size% of flash width or height -->
-    <color></color>                                           <!-- [#990000] (hex color code) background color of "+", "-", scroller buttons and navigation arrows -->
-    <color_hover></color_hover>                               <!-- [#CC0000] (hex color code) -->
-    <alpha></alpha>                                           <!-- [100] (0 - 100) alpha of zoom control buttons -->
-    <outline_color>#527BA9</outline_color>                           <!-- [#FFFFFF] -->
-    <outline_alpha></outline_alpha>                           <!-- [100] (0 - 100) -->
-    <x></x>                                                   <!-- [15] (Number or Number%) x position of zoom control --> 
-    <y></y>                                                   <!-- [15] (Number or Number%) y position of zoom control -->
-    <height></height>                                         <!-- [200] (Number or Number%) zoom control height -->
-    <min></min>                                               <!-- [] (Number%) minimum zoom. if left empty, the minimum value will be calculated automaticaly (to fit all the map to the stage) -->
-    <max></max>                                               <!-- [2000%] (Number%) maximum zoom -->
-    <grid_every></grid_every>                                 <!-- [100%] (Number%) zoom tool grid will will be displayed every "grid_every" value and the dragger height will be equal to the distance between two grids -->
-    <time></time>                                             <!-- [1] time of zoom in seconds -->
-    <effect></effect>                                         <!-- [easeout] (easeout / easein) zoom motion effect -->
-    <rotate></rotate>                                         <!-- [false] (true / false) whether to rotate zoom control by 90 degrees or not. If set to true, zoom control becomes horizontal -->
-    <background_zooms_to_top></background_zooms_to_top>       <!-- [false] (true / false) If this is set to true, clicking on background would be the same as clicking on "home" button -->
-    <zoom_on_click></zoom_on_click>                           <!-- [false] (true / false) If this is set to true, the map will be centered and zoomed in to the place you click. The background_zooms_to_top will be set to false automatically if you set this to true. -->
-    <grid_click_enabled></grid_click_enabled>                 <!-- [true] (true / false) by default clicking on zoom control grid will move slider to that position. Set this setting to "false" to disable this behavior. -->    
-  </zoom>
-  
-  <small_map>                                                 <!-- small map -->
-    <enabled>false</enabled>                                  <!-- [true] (true / false) whether to display small map or not -->
-    <locked></locked>                                         <!-- [false] (true / false) whether it would be possible to drag small map when dragging border of small map -->
-    <active></active>                                         <!-- [true] (true / false) whether clicking on a small map will result position change of big map -->    
-    <x></x>                                                   <!-- [] (Number or Number%) x position of small map. If not defined, will be aligned to right side --> 
-    <y></y>                                                   <!-- [] (Number or Number%) y position of small map. If not defined, will be aligned to bottom -->
-    <width></width>                                           <!-- [25%] (Number or Number%) width of small map (height is calculated automatically) -->
-    <color>#000033</color>                                           <!-- [] (hex color code) leave empty if you want to keep original map color -->    
-    <border_width></border_width>                             <!-- [5] (Number) -->
-    <border_color></border_color>                             <!-- [#FFFFFF] (hex color code) -->
-    <rectangle_color></rectangle_color>                       <!-- [#FFFFFF] (hex color code) color of rectangle, indicating active area on a small map -->
-    <collapse_button_color></collapse_button_color>           <!-- [#000000] (hex color code) colapse button arrow color (background color is the same as small map border color) -->
-    <collapse_button_position></collapse_button_position>     <!-- [BR] (BR / BL / TR / TL) BR - bottom right, BL - bottom left TR - top right TL - top left -->
-  </small_map>
-  
-  <navigation_path>                                           <!-- navigation path -->
-    <enabled>false</enabled>                                  <!-- [false] (true / false) whether to display navigation path or not -->
-    <x></x>                                                   <!-- [70] (Number or Number%) x position of path --> 
-    <y></y>                                                   <!-- [30] (Number or Number%) y position of path -->
-    <color></color>                                           <!-- [#000000] (hex color code) path background color -->
-    <alpha></alpha>                                           <!-- [0] (0 - 100) path background alpha --> 
-    <padding></padding>                                       <!-- [0] (Number) horizontal padding of path buttons -->
-    <text_color></text_color>                                 <!-- [#FFFFFF] (hex color code) -->
-    <text_color_hover></text_color_hover>                     <!-- [#CC0000] (hex color code) -->
-    <text_size></text_size>                                   <!-- [text_size] (Number) -->
-    <separator></separator>                                   <!-- [] symbol which separates path entries -->
-    <home_text></home_text>                                   <!-- [] (text) Home text -->
-  </navigation_path>
-  
-  
-  <area>                                                      <!-- areas are movie clips which are already in map swf file, usualy countries. areas should be listed in data file -->                                                              
-    <balloon_text>                                                    
-      <![CDATA[{value} people live in {title}]]>              <!-- [] ({title} {value} {percents} {description}) You can add your own HTML formated text (only some of html tags are supported) -->
-    </balloon_text>
-    <active_only_if_value_set>true</active_only_if_value_set> <!-- [false] (true / false) if set to true, areas (countries) without defined value in data file will not display balloon and will not change color on roll over -->
-    <color_solid></color_solid>                               <!-- [#990000] (hex color code) color of area with highest value-->
-    <color_light>#000066</color_light>                               <!-- [#FFCC00] (hex color code) color of areas with value = 0 or value is not set -->
-    <color_hover>#FFFFFF</color_hover>                        <!-- [] (hex color code) -->
-    <color_selected></color_selected>                         <!-- [] (hex color code) If not specified, original area color will be used -->
-    <color_unlisted>#004f82</color_unlisted>                  <!-- [] (hex color code) The color of the areas which are in the map file, but not listed in the data file. If you don't set any color here, the area will keep it's original color. Setting a color allows keeping data file smaller. -->
-    <disable_when_clicked>true</disable_when_clicked>         <!-- [false] (true / false) if this area is currently selected, roll over and click events of this area will be disabled if this set to true -->    
-  </area>
-  
-  <movie>                                                     <!-- movies are swf, jpg, gif or png files which you load on top of a map or on stage. You should define your movies in data file -->
-    <balloon_text>                                            
-      <![CDATA[{title}]]>                                     <!-- [] ({title} {value} {description}) You can add your own HTML formated text (only some of html tags are supported) -->
-    </balloon_text> 
-    <active_only_if_value_set>true</active_only_if_value_set>     <!-- [false] (true / false) if set to true, movies without defined value in data file will not display balloon and will not change color on roll over -->
-    <disable_when_clicked>true</disable_when_clicked>         <!-- [false] (true / false) if this area is currently selected, roll over and click events of this area will be disabled if this set to true -->
-    <color></color>                                           <!-- [] (hex color code) If not specified, original area color will be used -->
-    <color_hover></color_hover>                               <!-- [] (hex color code) If not specified, original area color will be used -->
-    <color_selected></color_selected>                         <!-- [] (hex color code) If not specified, original area color will be used -->    
-  </movie>
-  
-  <label>                                                     <!-- labels are texts which you set in data file. labels can be bounded to a map or placed on stage -->
-    <balloon_text>                                            
-      <![CDATA[]]>                                            <!-- [] ({title} {value} {description}) You can add your own HTML formated text (only some of html tags are supported) -->
-    </balloon_text>
-    <bg_margins_horizontal></bg_margins_horizontal>           <!-- [10] if your labels have background, then this parameter sets horizontal margins of background box -->
-    <bg_margins_vertical></bg_margins_vertical>               <!-- [10] if your labels have background, then this parameter sets vertical margins of background box -->    
-  </label>
-
-  <line>                                                      <!-- you can bound lines to a map or draw them on the stage. LInes are defined in data file -->
-    <color></color>                                           <!-- [#990000] (hex color code) default line color -->                                                                
-    <alpha></alpha>                                           <!-- [100] (Number) default line alpha -->      
-    <width></width>                                           <!-- [0] (Number) default line width  -->
-    <dashed></dashed>                                         <!-- [false] (true / false) dashed lines are recommended only for stage lines, not for lines inside a map -->
-    <arrow></arrow>                                           <!-- [] (end / start / middle / both) arrow position --> 
-    <arrow_size></arrow_size>                                 <!-- [8] (Number) arrow size --> 
-    <arrow_color></arrow_color>                               <!-- [] (line.color) default arrow color. If empty, is the same as line color -->
-    <arrow_alpha></arrow_alpha>                               <!-- [100] (0 - 100) arrow alpha -->
-    <curved></curved>                                         <!-- [false] (true / false) If this is set to true, the lines will be "smoothed". The lines will be smoothed only if they have at least 3 points. You can set curved="true" or curved="false" for individual line in the data file -->
-  </line>
-  
-  <legend>                                                    <!-- LEGEND -->
-    <enabled></enabled>                                       <!-- [true] (true / false) -->
-    <x></x>                                                   <!-- [20] (Number / Number% / !Number)  -->
-    <y></y>                                                   <!-- [!55] (Number / Number% / !Number)  -->
-    <width></width>                                           <!-- [] (Number / Number%) -->
-    <max_columns></max_columns>                               <!-- [] (Number) the maximum number of columns in the legend -->    
-    <color></color>                                           <!-- [#FFFFFF] (hex color code) -->
-    <alpha></alpha>                                           <!-- [50] (0 - 100) background opacity -->
-    <border_color></border_color>                             <!-- [#000000] (hex color code) border color -->
-    <border_alpha></border_alpha>                             <!-- [30] (0 - 100) border alpha -->
-    <text_color></text_color>                                 <!-- [text_color] (hex color code) -->   
-    <text_size></text_size>                                   <!-- [text_size] (Number) -->
-    <spacing></spacing>                                       <!-- [10] (Number) vertical and horizontal gap between legend entries -->
-    <margins></margins>                                       <!-- [10] (Number) legend margins (space between legend border and legend entries, recommended to use only if legend border is visible or background color is different from chart area background color) -->
-    <key>                                                     <!-- KEY (the color box near every legend entry) -->
-      <size></size>                                           <!-- [16] (Number) key size-->
-      <border_color></border_color>                           <!-- [] (hex color code) leave empty if you don't want to have border -->
-    </key>    
-    <entries>                                                 <!-- legend entries go gere-->
-      <!-- <entry color="#3366CC">Some title</entry>  -->     <!-- You can have any number of legend entries, uncomment this line and copy as many times as you need -->
-    </entries>
-  </legend>
-  
-  <object_list>                                               <!-- OBJECT LIST -->
-    <enabled></enabled>                                       <!-- [false] (true / false) -->
-    <type></type>                                             <!-- [dropdown] (dropdown / listbox) -->
-    <levels></levels>                                         <!-- [3] (Number) How many levels of objects should be included in the list. You can exclude individual objects from a list by setting object_list="false" in the object's settings in data file. -->
-    <include_areas></include_areas>                           <!-- [true] (true / false) whether areas must be included in a list -->
-    <include_movies></include_movies>                         <!-- [true] (true / false) whether movies must be included in a list -->
-    <include_labels></include_labels>                         <!-- [true] (true / false) whether labels must be included in a list -->
-    <x></x>                                                   <!-- [!200] (Number / Number% / !Number) -->
-    <y></y>                                                   <!-- [0] (Number / Number% / !Number)-->
-    <width></width>                                           <!-- [200] (Number / Number%) -->
-    <height></height>                                         <!-- [100%] (Number / Number%) -->    
-    <color></color>                                           <!-- [#FFFFFF] (hex color code) Background color-->
-    <color_hover></color_hover>                               <!-- [#DADADA] (hex color code) background color of a list item when mouse is over it -->
-    <color_selected></color_selected>                         <!-- [#000000] (hex color code) background color of a selected list item -->
-    <alpha></alpha>                                           <!-- [100] (0 - 100) background opacity -->
-    <border_color></border_color>                             <!-- [#DADADA] (hex color code) -->
-    <border_alpha></border_alpha>                             <!-- [100] (0 - 100) border opacity -->
-    <text_color></text_color>                                 <!-- [text_color] (hex color code) -->
-    <text_color_hover></text_color_hover>                     <!-- [#000000] (hex color code) -->
-    <text_color_selected></text_color_selected>               <!-- [#FFFFFF] (hex color code) -->   
-    <text_size></text_size>                                   <!-- [text_size] (Number) -->
-    <scroller_color></scroller_color>                         <!-- [#990000] (hex color code) -->
-    <scroller_bg_color></scroller_bg_color>                   <!-- [#DADADA] (hex color code) -->
-    <home_text></home_text>                                   <!-- [Home] (text) Set "none" if you don't want the home text at all -->
-  </object_list>  
-
-  
-  <text_box>                                                  <!-- text box is displayed when user clicks on an object and the object contains description. You can disable text box for individual objects in data file -->
-    <enabled></enabled>                                       <!-- [true] (true / false) -->
-    <locked></locked>                                         <!-- [false] (true / false) whether it would be possible to drag text box -->
-    <selectable></selectable>                                 <!-- [true] (true / false) whether it is possible to select the text in text box or not -->
-    <show_on_hover></show_on_hover>                           <!-- [false] (true / false) text box can be showed on roll over too - set this parameter to "true" -->
-    <hide_on_roll_out></hide_on_roll_out>                     <!-- [false] (true / false) if text box is showed on roll over, it can be hidden on roll out -->    
-    <x></x>                                                   <!-- [60%] (Number or Number%) x position of text box. You can set individual x position for every object in data file -->
-    <y></y>                                                   <!-- [20%] (Number or Number%) y position of text box. You can set individual y position for every object in data file -->
-    <width></width>                                           <!-- [35%] (Number or Number%) text box width. You can set individual width for every movie or area -->
-    <height></height>                                         <!-- [40%] (Number or Number%) text box height. You can set individual height for every movie or area -->
-    <color></color>                                           <!-- [#FFFFFF] (hex color code) background color -->
-    <alpha></alpha>                                           <!-- [100] (0 - 100) background alpha -->
-    <shadow_color></shadow_color>                             <!-- [#000000] (hex color code) shadow color -->
-    <shadow_alpha></shadow_alpha>                             <!-- [50] (0 - 100) shadow alpha -->
-    <shadow_blur></shadow_blur>                               <!-- [5] (Number) shadow bluriness -->
-    <shadow_distance></shadow_distance>                       <!-- [5] (Number) shadow distance -->
-    <corner_radius>7</corner_radius>                           <!-- [0] (Number) corner radius -->
-    <border_width></border_width>                             <!-- [0] (Number) border width -->
-    <border_color></border_color>                             <!-- [#DADADA] (hec color code) border color -->
-    <border_alpha></border_alpha>                             <!-- [100] (Number) border alpha -->
-    <margin_width></margin_width>                             <!-- [10] (Number) margin width -->
-    <text_size></text_size>                                   <!-- [text_size] (Number) -->
-    <text_color></text_color>                                 <!-- [text_color] (hex color code) -->
-    <close_button_color></close_button_color>                 <!-- [#000000] (hex color code) -->
-    <close_button_color_hover></close_button_color_hover>     <!-- [#CC0000] (hex color code) -->
-    <scroller_color></scroller_color>                         <!-- [#990000] -->
-    <scroller_bg_color></scroller_bg_color>                   <!-- [#DADADA] -->
-  </text_box>
-  
-  <balloon>                                                   <!-- balloon is shown when user roll overs the objects -->
-    <enabled></enabled>                                       <!-- [true] (true / false) -->
-    <max_width></max_width>                                   <!-- [30%] (Number or Number%) -->                                  
-    <color>#FFFFFF</color>                                    <!-- [#880000] (hex color code) balloon background color -->
-    <alpha>70</alpha>                                         <!-- [100] (0 - 100) -->
-    <text_color>#000000</text_color>                          <!-- [0xFFFFFF] (hex color code) -->
-    <text_size></text_size>                                   <!-- [text_size] (Number) -->
-    <border_color>#C4FFA7</border_color>                      <!-- [balloon.color] (hex color code) -->
-    <border_alpha>90</border_alpha>                          <!-- [balloon.alpha] (0 - 100) -->
-    <border_width>2</border_width>                            <!-- [0] (Number) -->
-    <corner_radius>5</corner_radius>                          <!-- [0] (Number) -->
-    <arrow></arrow>                                           <!-- [vertical] (vertical / horizontal) balloon's arrow position -->
-  </balloon>
-
-  <export_as_image>                                           <!-- export_as_image feature works only on a web server -->
-    <file></file>                                             <!-- [] (filename) if you set filename here, context menu (then user right clicks on flash movie) "Export as image" will appear. This will allow user to export map as an image. Collected image data will be posted to this file name (use ammap/export.php or ammap/export.aspx) -->
-    <target></target>                                         <!-- [] (_blank, _top ...) target of a window in which export file must be called -->
-    <x></x>                                                   <!-- [0] (Number) x position of "Collecting data" text -->
-    <y></y>                                                   <!-- [] (Number) y position of "Collecting data" text. If not set, will be aligned to the bottom of flash movie -->
-    <color></color>                                           <!-- [#BBBB00] (hex color code) background color of "Collecting data" text -->
-    <alpha></alpha>                                           <!-- [0] (0 - 100) background alpha -->
-    <text_color></text_color>                                 <!-- [text_color] (hex color code) -->
-    <text_size></text_size>                                   <!-- [text_size] (Number) -->
-  </export_as_image>  
-    
-  <strings>                                                
-    <loading_map></loading_map>                               <!-- [Loading map] (text) -->
-    <export_as_image></export_as_image>                       <!-- [Export as image] (text) text for right click menu -->
-    <collecting_data></collecting_data>                       <!-- [Collecting data] (text) this text is displayed while exporting map to an image -->    
-  </strings>
-</settings>
diff --git a/appserver/static/ammap/swfobject.js b/appserver/static/ammap/swfobject.js
deleted file mode 100755
index 3a71dd55..00000000
--- a/appserver/static/ammap/swfobject.js
+++ /dev/null
@@ -1,8 +0,0 @@
-/**
- * SWFObject v1.5: Flash Player detection and embed - http://blog.deconcept.com/swfobject/
- *
- * SWFObject is (c) 2007 Geoff Stearns and is released under the MIT License:
- * http://www.opensource.org/licenses/mit-license.php
- *
- */
-if(typeof deconcept=="undefined"){var deconcept=new Object();}if(typeof deconcept.util=="undefined"){deconcept.util=new Object();}if(typeof deconcept.SWFObjectUtil=="undefined"){deconcept.SWFObjectUtil=new Object();}deconcept.SWFObject=function(_1,id,w,h,_5,c,_7,_8,_9,_a){if(!document.getElementById){return;}this.DETECT_KEY=_a?_a:"detectflash";this.skipDetect=deconcept.util.getRequestParameter(this.DETECT_KEY);this.params=new Object();this.variables=new Object();this.attributes=new Array();if(_1){this.setAttribute("swf",_1);}if(id){this.setAttribute("id",id);}if(w){this.setAttribute("width",w);}if(h){this.setAttribute("height",h);}if(_5){this.setAttribute("version",new deconcept.PlayerVersion(_5.toString().split(".")));}this.installedVer=deconcept.SWFObjectUtil.getPlayerVersion();if(!window.opera&&document.all&&this.installedVer.major>7){deconcept.SWFObject.doPrepUnload=true;}if(c){this.addParam("bgcolor",c);}var q=_7?_7:"high";this.addParam("quality",q);this.setAttribute("useExpressInstall",false);this.setAttribute("doExpressInstall",false);var _c=(_8)?_8:window.location;this.setAttribute("xiRedirectUrl",_c);this.setAttribute("redirectUrl","");if(_9){this.setAttribute("redirectUrl",_9);}};deconcept.SWFObject.prototype={useExpressInstall:function(_d){this.xiSWFPath=!_d?"expressinstall.swf":_d;this.setAttribute("useExpressInstall",true);},setAttribute:function(_e,_f){this.attributes[_e]=_f;},getAttribute:function(_10){return this.attributes[_10];},addParam:function(_11,_12){this.params[_11]=_12;},getParams:function(){return this.params;},addVariable:function(_13,_14){this.variables[_13]=_14;},getVariable:function(_15){return this.variables[_15];},getVariables:function(){return this.variables;},getVariablePairs:function(){var _16=new Array();var key;var _18=this.getVariables();for(key in _18){_16[_16.length]=key+"="+_18[key];}return _16;},getSWFHTML:function(){var _19="";if(navigator.plugins&&navigator.mimeTypes&&navigator.mimeTypes.length){if(this.getAttribute("doExpressInstall")){this.addVariable("MMplayerType","PlugIn");this.setAttribute("swf",this.xiSWFPath);}_19="<embed type=\"application/x-shockwave-flash\" src=\""+this.getAttribute("swf")+"\" width=\""+this.getAttribute("width")+"\" height=\""+this.getAttribute("height")+"\" style=\""+this.getAttribute("style")+"\"";_19+=" id=\""+this.getAttribute("id")+"\" name=\""+this.getAttribute("id")+"\" ";var _1a=this.getParams();for(var key in _1a){_19+=[key]+"=\""+_1a[key]+"\" ";}var _1c=this.getVariablePairs().join("&");if(_1c.length>0){_19+="flashvars=\""+_1c+"\"";}_19+="/>";}else{if(this.getAttribute("doExpressInstall")){this.addVariable("MMplayerType","ActiveX");this.setAttribute("swf",this.xiSWFPath);}_19="<object id=\""+this.getAttribute("id")+"\" classid=\"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000\" width=\""+this.getAttribute("width")+"\" height=\""+this.getAttribute("height")+"\" style=\""+this.getAttribute("style")+"\">";_19+="<param name=\"movie\" value=\""+this.getAttribute("swf")+"\" />";var _1d=this.getParams();for(var key in _1d){_19+="<param name=\""+key+"\" value=\""+_1d[key]+"\" />";}var _1f=this.getVariablePairs().join("&");if(_1f.length>0){_19+="<param name=\"flashvars\" value=\""+_1f+"\" />";}_19+="</object>";}return _19;},write:function(_20){if(this.getAttribute("useExpressInstall")){var _21=new deconcept.PlayerVersion([6,0,65]);if(this.installedVer.versionIsValid(_21)&&!this.installedVer.versionIsValid(this.getAttribute("version"))){this.setAttribute("doExpressInstall",true);this.addVariable("MMredirectURL",escape(this.getAttribute("xiRedirectUrl")));document.title=document.title.slice(0,47)+" - Flash Player Installation";this.addVariable("MMdoctitle",document.title);}}if(this.skipDetect||this.getAttribute("doExpressInstall")||this.installedVer.versionIsValid(this.getAttribute("version"))){var n=(typeof _20=="string")?document.getElementById(_20):_20;n.innerHTML=this.getSWFHTML();if(!(navigator.plugins && navigator.mimeTypes.length)) window[this.getAttribute('id')] = document.getElementById(this.getAttribute('id'));return true;}else{if(this.getAttribute("redirectUrl")!=""){document.location.replace(this.getAttribute("redirectUrl"));}}return false;}};deconcept.SWFObjectUtil.getPlayerVersion=function(){var _23=new deconcept.PlayerVersion([0,0,0]);if(navigator.plugins&&navigator.mimeTypes.length){var x=navigator.plugins["Shockwave Flash"];if(x&&x.description){_23=new deconcept.PlayerVersion(x.description.replace(/([a-zA-Z]|\s)+/,"").replace(/(\s+r|\s+b[0-9]+)/,".").split("."));}}else{if(navigator.userAgent&&navigator.userAgent.indexOf("Windows CE")>=0){var axo=1;var _26=3;while(axo){try{_26++;axo=new ActiveXObject("ShockwaveFlash.ShockwaveFlash."+_26);_23=new deconcept.PlayerVersion([_26,0,0]);}catch(e){axo=null;}}}else{try{var axo=new ActiveXObject("ShockwaveFlash.ShockwaveFlash.7");}catch(e){try{var axo=new ActiveXObject("ShockwaveFlash.ShockwaveFlash.6");_23=new deconcept.PlayerVersion([6,0,21]);axo.AllowScriptAccess="always";}catch(e){if(_23.major==6){return _23;}}try{axo=new ActiveXObject("ShockwaveFlash.ShockwaveFlash");}catch(e){}}if(axo!=null){_23=new deconcept.PlayerVersion(axo.GetVariable("$version").split(" ")[1].split(","));}}}return _23;};deconcept.PlayerVersion=function(_29){this.major=_29[0]!=null?parseInt(_29[0]):0;this.minor=_29[1]!=null?parseInt(_29[1]):0;this.rev=_29[2]!=null?parseInt(_29[2]):0;};deconcept.PlayerVersion.prototype.versionIsValid=function(fv){if(this.major<fv.major){return false;}if(this.major>fv.major){return true;}if(this.minor<fv.minor){return false;}if(this.minor>fv.minor){return true;}if(this.rev<fv.rev){return false;}return true;};deconcept.util={getRequestParameter:function(_2b){var q=document.location.search||document.location.hash;if(_2b==null){return q;}if(q){var _2d=q.substring(1).split("&");for(var i=0;i<_2d.length;i++){if(_2d[i].substring(0,_2d[i].indexOf("="))==_2b){return _2d[i].substring((_2d[i].indexOf("=")+1));}}}return "";}};deconcept.SWFObjectUtil.cleanupSWFs=function(){var _2f=document.getElementsByTagName("OBJECT");for(var i=_2f.length-1;i>=0;i--){_2f[i].style.display="none";for(var x in _2f[i]){if(typeof _2f[i][x]=="function"){_2f[i][x]=function(){};}}}};if(deconcept.SWFObject.doPrepUnload){if(!deconcept.unloadSet){deconcept.SWFObjectUtil.prepUnload=function(){__flash_unloadHandler=function(){};__flash_savedUnloadHandler=function(){};window.attachEvent("onunload",deconcept.SWFObjectUtil.cleanupSWFs);};window.attachEvent("onbeforeunload",deconcept.SWFObjectUtil.prepUnload);deconcept.unloadSet=true;}}if(!document.getElementById&&document.all){document.getElementById=function(id){return document.all[id];};}var getQueryParamValue=deconcept.util.getRequestParameter;var FlashObject=deconcept.SWFObject;var SWFObject=deconcept.SWFObject;
diff --git a/appserver/static/appLogo.png b/appserver/static/appLogo.png
deleted file mode 100755
index 141382be..00000000
Binary files a/appserver/static/appLogo.png and /dev/null differ
diff --git a/appserver/static/appicon.png b/appserver/static/appicon.png
index 7f4aef33..f1b1a3b9 100644
Binary files a/appserver/static/appicon.png and b/appserver/static/appicon.png differ
diff --git a/appserver/static/dashboard.css b/appserver/static/dashboard.css
new file mode 100644
index 00000000..06eb7af5
--- /dev/null
+++ b/appserver/static/dashboard.css
@@ -0,0 +1,77 @@
+
+/* Set background */
+.main-section-body {
+    background-color:#dbe6e9;
+    background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#e2e9eb), color-stop(400px, #dbe6e9), to(#dbe6e9));
+    background-image:-webkit-linear-gradient(#e2e9eb, #dbe6e9 400px, #dbe6e9);
+    background-image:-moz-linear-gradient(top, #e2e9eb, #dbe6e9 400px, #dbe6e9);
+    background-image:-o-linear-gradient(#e2e9eb, #dbe6e9 400px, #dbe6e9);
+    background-image:linear-gradient(#e2e9eb, #dbe6e9 400px, #dbe6e9);
+    filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffe2e9eb', endColorstr='#ffdbe6e9', GradientType=0);
+}
+
+/* Make the forms look like they are in a panel */
+/*.fieldset {
+    border-radius: 4px;
+    border: 1px solid #cccccc;
+    background: white;
+    margin: 0 0px 10px 0;
+    box-shadow: 0px 1px 1px rgba(0, 0, 0, 0.08);
+    position: relative;
+    padding: 12px 15px 0px 15px;
+}
+
+.fieldset .hide-label {
+}
+*/
+
+/* Shrink the form text inputs*/
+input, textarea, .uneditable-input {
+    width: 120px;
+}
+
+/* Make the Search button on each dashboard blue instead of green */
+
+.btn-primary {
+    background-color: #5c9732;
+    background-image: -moz-linear-gradient(top, #0087df, #004f82);
+    background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#0087df), to(#004f82));
+    background-image: -webkit-linear-gradient(top, #0087df, #004f82);
+    background-image: -o-linear-gradient(top, #0087df, #004f82);
+    background-image: linear-gradient(to bottom, #0087df, #004f82);
+    background-repeat: repeat-x;
+    filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0087df', endColorstr='#ff004f82', GradientType=0);
+    background-color: #0087df;
+    border: 1px solid #143ab1;
+    border-bottom-color: #0048c9;
+    border-top-color: #004f82;
+    color: #ffffff;
+    text-shadow: 0 -1px 0 rgba(51, 51, 51, 0.7);
+    -webkit-box-shadow: 0px 1px 1px rgba(0, 0, 0, 0.08);
+    -moz-box-shadow: 0px 1px 1px rgba(0, 0, 0, 0.08);
+    box-shadow: 0px 1px 1px rgba(0, 0, 0, 0.08);
+}
+
+.btn-primary:hover {
+    background-color: #7db44d;
+    background-image: -moz-linear-gradient(top, #6ac1fa, #007fd1);
+    background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#6ac1fa), to(#007fd1));
+    background-image: -webkit-linear-gradient(top, #6ac1fa, #007fd1);
+    background-image: -o-linear-gradient(top, #6ac1fa, #007fd1);
+    background-image: linear-gradient(to bottom, #6ac1fa, #007fd1);
+    background-repeat: repeat-x;
+    filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff6ac1fa', endColorstr='#ff007fd1', GradientType=0);
+    background-color: #389ddf;
+    border-color: #0c89db;
+    border-bottom-color: #006eb4;
+    border-top-color: #3f99d3;
+    background-position: 0 0;
+}
+
+.btn-primary:active, .btn-primary.active {
+    background-color: #016baf 9;
+}
+.btn-primary:hover, .btn-primary:focus, .btn-primary:active, .btn-primary.active, .btn-primary.disabled, .btn-primary[disabled] {
+    color: #ffffff;
+    background-color: #016baf;
+}
diff --git a/appserver/static/export_button.html b/appserver/static/export_button.html
deleted file mode 100755
index b182ca82..00000000
--- a/appserver/static/export_button.html
+++ /dev/null
@@ -1,30 +0,0 @@
-<%namespace name="helpers" file="//module/_helpers.html" />
-
-<script type="text/javascript">
-var customExportCallback = function(button) {
-    // kind of ugly, but to open the export form we need a reference to the module (even though we *are* the module)
-    // step 1 -- from the button element, get the id of the containing div. 
-    var moduleId = $(button).parent().parent().attr("id");
-    // step 2 -- ModuleLoader singleton has a public method to get a module reference from an id. 
-    var serverSideIncludeModule = Splunk.Globals["ModuleLoader"].getModuleInstanceById(moduleId);
-    // step 3 -- we get the current context from the module instance.
-    var context = serverSideIncludeModule.getBaseContext();
-    if (context.isJobDispatched()) {
-        var formContainer = $('.exportResultsForm', serverSideIncludeModule.container)[0];
-        Splunk.Popup.createExportResultsForm(formContainer, context.job.getSearchId());
-    } else {
-        alert(_("this custom ServerSideInclude module must be inserted below the point in the hierarchy where the search will have been dispatched."));
-    }
-}
-</script>
-
-<style type="text/css">
-.ServerSideInclude .exportResultsForm {
-    display:none;
-}
-</style>
-<fieldset>
-    <button class="splButton-primary" onclick="customExportCallback(this)"><span>Export</span></button>
-</fieldset>
-
-<%helpers:export className="exportResultsForm" />
\ No newline at end of file
diff --git a/appserver/static/faq.html b/appserver/static/faq.html
deleted file mode 100644
index 05222ecd..00000000
--- a/appserver/static/faq.html
+++ /dev/null
@@ -1,49 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
-<html>
-<head>
-  <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
-  <meta http-equiv="Content-Style-Type" content="text/css">
-  <title></title>
-  <meta name="Generator" content="Cocoa HTML Writer">
-  <meta name="CocoaVersion" content="1138.51">
-  <style type="text/css">
-    p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica}
-    p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Helvetica; min-height: 17.0px}
-    p.p3 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica}
-    p.p4 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica; min-height: 14.0px}
-  </style>
-</head>
-<body>
-<p class="p1"><b>Frequently Asked Questions</b></p>
-<p class="p2"><b></b><br></p>
-<p class="p3">Question: I am using windows. When i installed the app manually, nothing happens. Or splunk crashes on restart</p>
-<p class="p4"><br></p>
-<p class="p3">Answer: Ensure that the user Splunk is running as, has read write access to the $SPLUNK_HOME/etc/apps/SplunkforPaloAltoNetworks directory</p>
-<hr>
-<p class="p2"><b></b><br></p>
-<p class="p3">Question: Why are some fields labeled as Future_Use ?</p>
-<p class="p4"><br></p>
-<p class="p3">Answer: Field extractions for PANOS logs are based on the published Palo Alto spec for syslog forwarding. However, the spec has reserved fields called, Future_Use. 
-<hr>
-<p class="p2"><b></b><br></p>
-<p class="p3">Question: Can I modify the field extractions ? </p>
-<p class="p4"><br></p>
-<p class="p3">Answer: Yes. To do this modify the app's transforms.conf file:</p>
-
- <p class="p3">1. Verify the correct field names in your PAN device's logs. If you don't have a raw copy of the logs you can check by using the command "show logs <log name>" from the CLI.</p>
-
-<p class="p3"><b>NOTE:</b> The log name should be threat,traffic,config, or system.</b>
-
-<p class="p3">2. Copy transforms.conf from "$SPLUNK_HOME/etc/apps/SplunkforPaloAltoNetworks/default" to "$SPLUNK_HOME/etc/apps/SplunkforPaloAltoNetworks/local".</p>
-
-<p class="p3"><b>NOTE:</b>  If you modify the version in default, it will be overwritten during the next upgrade of the app</p>
-
-<p class="p3">3. Modify the stanza relating to your log (extract_threat, extract_traffic, extract_config, or extract_system) and replace the default field name with the correct one from your PANOS log.</p>
-
-<p class="p3">4. Save the file.  Run the following command from the Search Bar in Splunk:</p>
-    
-<p class="p3"><pre><font face="Courier">    |extract reload=true </pre></font></p>
-
-<p class="p3">5. Run a search on your corrected PANOS log to verify correct field name selection. </p>
-</body>
-</html>
diff --git a/appserver/static/pan_overview.css b/appserver/static/pan_overview.css
deleted file mode 100755
index 31078377..00000000
--- a/appserver/static/pan_overview.css
+++ /dev/null
@@ -1,783 +0,0 @@
-/* How to use this file
-
-Any values in application.css will override those from the default.css file. This file allows you to customize the look of your Splunk App. It does not let you change the overall layout. For the most part, use this to change background colors, buttons, navigation, menus, etc. You can change the color of the histogram bars, but the palette for other chart colors is not exposed to CSS yet.
-
-A note on images:
-Alpha channel PNG files are used for a variety of transparency effects (gradient, glass, shadows, etc.) These images will not work on IE6, so you should either provide an alternate image or override the image by using the "underscore" hack, i.e. _background-image:none. To ensure that IE6 does not render alpha channel PNG files, make sure that the override comes after the declaration that contains your PNG. Any image that starts with "overlay" is an alpha channel graphic. As well, the logo images that are PNG format are also alpha channel so you can use on whatever background you like. GIF formats are available and are set as transparent against black and white only.
-
-A note on background positioning:
-We use image sprites (splIcons.gif and arrows.png) for most of the icons and arrows that appear in the UI. Background-position is used to set different colors. By default, this sprite has black, white, grey, green, and blue versions of arrows. If you want to change these colors, edit the local version of this file (inside this directory). Otherwise, you can choose a different color by adjusting the the background position on the selected element. See the arrows section for details.
-
-If there are elements you wish to style that are not included in this file, we strongly recommend that you use a tool like Firebg, which will help you isolate elements and see which style sheets are taking precedence. Trust us, wecould not have created these without Firebug!
-*/
-
-
-/* Basic Typography
----------------------------------*/
-body, td {
-    font-family:Arial,Helvetica,sans-serif;
-    font-size:11px;
-    color: #fff;
-}
-
-input, textarea, select {
-    font-family:Arial,Helvetica,sans-serif;
-    font-size:12px;
-    color: #333;
-}
-
-/* monospaced font */
-.splFont-mono {
-    font-family: Consolas,Monaco,Courier New,monospace;
-}
-
-/* font colors not covered by above */
-h2,h4 {
-color:#000;
-}
-. .default .event {
-color:#333333;
-}
-
-.EventsViewer .default .fields .v {
-color:#999999;
-}
-
-.fieldValuePopup table td, .fieldValuePopup table th {
-color: #ccc;
-}
-
-
-/* App header elements
----------------------------------*/
-
-/* Application logo
-
-height and width should be the same as your image. make sure to include some top and buttom margin in the padding.
-
-Black logo, green >
-    background-image: url(appLogo_black.png);
-Black logo, black >
-    background-image: url(appLogo_allblack.png);
-White logo, green >
-    background-image: url(appLogo_white.png);
-White logo, white >
-    background-image: url(appLogo_allwhite.png);
-    
-For IE6, use the following images. Note that if you make a background color other than black or white (or close to it) you will need to redo the transparent GIF matte.
-White logo, green > for IE6, transparent against black
-    background-image: url(appLogo_white.gif);
-Black logo, green > for IE6, transparent against white
-    background-image: url(appLogo_black.gif);
-*/
-
-.appLogo {
-    height: 43px; 
-    width: 486px; 
-    background-image: url(appLogo.png);
-    _background-image: url(appLogo.gif); /* for IE6 */
-    background-repeat: no-repeat;
-}
-
-/* the name of your app. line height can be adjusted to fix alignment issues w/ the logo. color is the color of the text. if your logo has the name in it, then you can set this to "display:none;  */
-
-.appHeaderWrapper h1 {
-    color: #c8da4a;
-    line-height: 43px;
-    display:none;
-}
-
-
-/* background-color and/or image of your app */
-.appHeaderWrapper {
-background: none none;
-
-   /* background-color: #002563;*/
- background-image: none;
-    background-repeat: repeat-x;
-    background-position: top left;
-    border-bottom-style: solid;
-    border-bottom-width: 0px;
-}
-
-.appHeader { background: #FFF; } 
-
-.navigationHeader { background: #004f82; }
-
-
-
-/* color of top-right text */
-.appHeaderWrapper {
-    color: #BBB;
-}
-/* color of top-right links */
-.appHeaderWrapper a {
-    color:#000;
-}
-
-/* app menu arrows; see arrows section, below, for more info */
-
-.appHeaderWrapper .splIcon-triangle-3-s {
-    background-position: -27px -367px;
-}
-
-
-/* loader background */
-#loading {
-    background-color: #6694c7;
-}
-
-
-/* link colors 
----------------------------------*/
-a, .EventsViewer .default .showinline {
-    color: #004f82;
-}
-
-a.disabled {
-    color: ;
-}
-
-/* neutral link colors */
-div.FlashTimeline a, 
-div.FlashTimeline a:visited,
-.JobStatus a,
-.LinkSwitcher ul li.selected a {
-    color: #004f82;
-}
-
-
-/* nav bar and aux links
----------------------------------*/
-
-/*
-set an overlay effect for your navbar or leave blank for default
-background-image: url(overlay_glass_28.png);
-background-image: url(overlay_gloss_28.png);
-background-image: url(overlay_gradient_28.png);
-background-image: url(overlay_reversegradient_28.png);
-background-image: url(overlay_reversegradient_light_28.png);
-background-image: url(overlay_reversegradientridge_28.png);
-background-image: url(overlay_softgradient_28.png);
-background-image: url(overlay_white_28.png);
-background-image: url(overlay_whiteridge_28.png);
-*/
-
-.splHeader-navigation {
-    background-image: url(overlay_gloss_28.png);
-    background-repeat: repeat-x;
-    _background-image: none;
-}
-
-/*--- some space to the right of the nav items ---*/
-ul.appBarNav li {
-    margin-right: 5px;
-}
-
-/*--- the default state ---*/
-ul.appBarNav li a, ul.appBarNav li a:active, ul.appBarNav li a:visited  {
-    color: #fff;
-}
-
-/*--- the hover state ---*/
-ul.appBarNav li.hasMenu a:hover, ul.appBarNav li a:hover {
-    color: #fff;
-    background-color: #6694c7;
-    background-image: none;
-    background-repeat: repeat-x;
-    _background-image: none;   /* for IE6 */
-}
-
-/*--- the open state ---*/
-ul.appBarNav li a.menuOpen {
-    color: #fff;
-    background-color: #6694c7;
-    background-image: none;
-    background-repeat: repeat-x;
-    _background-image: none;   /* for IE6 */
-}
-
-/*--- link color ---*/
-ul.appBarNav li.hasMenu a:hover, ul.appBarNav li a.menuOpen {
-    color: #fff;
-    }
-
-/* to change arrows, see Menu section, below */
-
-
-/* Menus
----------------------------------*/
-
-/* primary menu */
-.splMenu-primary ul {
-    background-color: #dbe6e9;
-}
-.splMenu-primary, .splMenu-primary a, .splMenu-primary a:visited, .splMenu-primary a:hover {
-    color: #000;
-}
-
-.splMenu-primary li:hover {
-    background-color: #6694c7;
-}
-.splMenu-primary a:hover {
-    color: #FFF;   
-}
-
-/* secondary menu, used for apps pulldown */
-.splMenu-secondary ul {
-    background-color: #dbe6e9;
-}
-.splMenu-secondary, .splMenu-secondary a {
-    color: #000;
-}
-
-/* disabled elements */
-.splMenu-secondary li.disabled a {
-    color: #666;
-}   
-.splMenu-secondary li:hover {
-    background-color: #6694c7;
-}
-.splMenu-secondary a:hover {
-    color: #fff;   
-}
-
-/* actions menu open state */
-.TitleBar div.menuOpen {
-    background-color: #dbe6e9;
-    color: #000;
-}
-
-/* Arrows
----------------------------------*/
-
-/* 
-Arrow color is changed by adjusting the frist background position. The second value controls the direction of the arrow (i.e. NSEW). 
-
-For south arrows, Use the following values for these colors:
-    grey    background-position: -7px -367px;
-    white   background-position: -27px -367px;
-    green   background-position: -47px -367px;
-    black   background-position: -67px -367px;
-
-For east arrows, Use the following values for these colors:    
-    grey    background-position: -7px -407px;
-    white   background-position: -27px -407px;
-    green   background-position: -47px -407px;
-    black   background-position: -67px -407px;
-*/
-
-/* nav arrow, default state */
-ul.appBarNav li.hasMenu a span.splIcon-triangle-2-s {
-}
-
-/* hover state */
-ul.appBarNav li.hasMenu a:hover span.splIcon-triangle-2-s {
-}
-
-/* open state */
-ul.appBarNav li.hasMenu a.menuOpen span.splIcon-triangle-2-s {
-}
-
-/* actions menu open state */
-.TitleBar div.menuOpen .splIcon-triangle-4-s {
-}
-
-/* sub menu indicator */
-.splIcon-triangle-4-e {
-    background-position: -67px -407px;    
-}
-
-
-/* turn black arrows white */
-.splIcon-triangle-4-s {
-    background-position: -67px -367px;
-}
-
-.EventsViewer .default .fields .fm {
-    background-position: -27px -364px;
-}
-
-
-/* show/hide headers */
-
-.ShowHideHeader h2 span.splIcon-triangle {
-background-position:-27px -367px;
-}
-
-.ShowHideHeader h2.closed span.splIcon-triangle {
-background-position:-27px -407px;
-}
-
-
-/* background colors
----------------------------------*/
-
-/* default page color */
-body, .splBackground-default, 
-.graphArea, .resultsArea,  
-.reportSecondPanel, .reportThirdPanel, 
-.sidebarCollapsed,
-.SearchBar .saTypeaheadWrapper,
-.ui-datepicker-links,
-.popupContent {
-    background-color: #FFFFFF;
-}
-
-/* primary background - applies to search controls and primary action panels */
-.viewHeader, .mainSearchControls, .splSearchControls-inline, .SearchBar .saHelpWrapper,
-.popupContent  {
-    background-color: #FBFBFB;
-}
-
-/* secondary background - sidebar, other panels */
-.splBackground-secondary, .sidebarExpanded,
-.fieldValuePopup p.reportLinks {
-    background-color: #dbe6e9;
-}
-
-.TimeRangePicker .timeRangeActivatorWrapper {
-    background-color: ;
-}
-
-/* Specific overrides */
-.layoutCellInner .ResultsHeader .splHeader, .layoutCellInner .ResultsHeader .splHeader-secondary {
-    background: transparent none;
-}
-
-/* Specific overrides */
-.popupFooter {
-    background-color: #dbe6e9;
-}
-
-/* dashboard background color */
-body.splTemplate-dashboard {
-    background-color: #dbe6e9;
-}
-
-/* dashboard containers */
-.dashboardCell {
-    background-color: #fbfbfb; 
-    background-image:url(overlay_topgradient.png);
-    background-repeat:repeat-x;
-    -moz-box-shadow: none;
-    -webkit-box-shadow: none;
-    _background-image: none;   /* for IE6 */
-}
-
-/* headers 
----------------------------------*/
-
-/* default header font color */
-.splHeader-dashboard h2, .dashboardContent .ServerSideInclude h2, .dashboardContent .GenericHeader h3, .SearchBar .saRow h4  {
-    color: #394345;
-}
-
-/* primary header background color + overlay */
-.splHeader-primary,
-.TitleBar .splHeader, 
-.FieldPickerPopup .splHeader-primary {
-    background-color: #FBFBFB;
-    background-image:url(overlay_reversegradient_28.png);
-    background-repeat:repeat-x;
-    _background-image: none;
-}
-
-/* secondary (i.e. sidebar) header background color + overlay */
-.splHeader-secondary {
-background-color: #dbe6e9;
-background-image:url(overlay_topgradient_soft.png);
-background-repeat:repeat-x;
-_background-image: none;
-}
-
-/* headers w/o any overlay */
-.FlashTimeline .splHeader-primary {
-    background-color: #FBFBFB;
-    background-image: url(overlay_topInnerShadow_35.png);
-}
-
-/* borders 
----------------------------------*/
-
-/* ALL elements with a generic border attribute */
-* { 
-border-color: #e4e2e3;
-}
-
-/* refactor to remove these in default.css since they have specific color declarations; should be same value as * elements, above */ 
-.popupContainer,
-.fieldLayers .popupContainer,
-.splMenu-primary .actionsMenuDivider { 
-border-color: #142a2d;
-}
-
-/* those rare instances when someone uses an HR */
-hr {
-    color: #112225;
-}
-
-/* specific overrides */ 
-
-.fieldValuePopup table tr.fieldNameHeaderRow th {
-border-bottom:1px solid #142a2d;
-}
-
-/* horizontal rules in the sidebar */ 
-.splDivider, .SuggestedFieldViewer .splBorder-n {
-border-color: #142a2d;
-}
-
-/* tables */
-table.splTable, table.splTable td, table.splTable th {
-border-color: #142a2d;
-}
-
-.fieldValuePopup table td, .fieldValuePopup table th {
-border-color: #142a2d;
-}
-
-
-
-
-/* search controls 
----------------------------------*/
-
-/* search button color; background-position of 0 0 is black, -40px 0 is white */
-input.searchButton {
-    background-color: #6694c7;
-    background-position:-40px 0;   
-}
-
-/* search assistant */
-
-.SearchBar .assistantActivator {
-background-color: #6694c7;
-}
-
-/* search asst. arrow closed */
-.SearchBar .assTab span.splIcon-triangle {
-/* 
-white > background-position:-27px -367px; 
-black > background-position:-67px -367px;
-*/
-background-position:-27px -367px;
-}
-
-/* search asst. arrow open */
-.SearchBar a.assistantEnabled span.splIcon-triangle {
-/* 
-white > background-position:-27px -386px; 
-black > background-position:-67px -386px;
-*/
-background-position:-27px -386px;
-}
-
-
-
-.splSearchControls-inline {
-    background-image: none;
-}
-
-.SearchBar .searchFieldWrapperInner {
-border-color: #6694c7;
-}
-
-/* Flash line and charts 
----------------------------------*/
-
-/* All flash charts */
-/*
-  background-color -> controls bgcolor
-  border-left-color -> controls foregroundColor
-  color -> controls fontColor
-  controls and and font color get screened via an alpha layer, so should probably be set to all black or white, depending on main background
-*/
-div.FlashChart {
-    background-color: #fbfbfb;
-    border-left-color:#000;
-    color: #000;
-}
-
-/* flash timeline specific */
-/*
-  background-color -> controls bgcolor
-  border-left-color -> controls foregroundColor
-  color -> controls fontColor
-  border-right-color -> controls seriesColor
-controls and and font color get screened via an alpha layer, so should probably be set to all black or white, depending on main background
-*/
-div.FlashTimeline {
-    background-color: #fbfbfb;
-    border-left-color: #000;
-    color: #000;
-    /* the color of the histogram bar. border-right-color = fill */
-    border-right-color: #6694c7; 
-}
-
-/* popup bar chart; should be same color as flash timeline */
-.splBarGraphBar {
-background-color: #6694c7;
-}
-
-/* background of bar graph */
-.splBarGraph {
-background:#FFFFFF;
-}
-
-
-
-/* buttons 
----------------------------------*/
-
-.splButton-primary {
-    background-color: #6694c7;   
-    color: ;
-    background-image: url(overlay_softgradient_28.png); 
-}
-.splButton-primary:hover {
-    background-color: #6694c7;   
-    background-image: url(overlay_softgradient_28.png); 
-}
-.splButton-secondary {
-    background-color: #6694c7;
-    color: ;   
-    background-image: url(overlay_softgradient_28.png); 
-}
-.splButton-secondary:hover {
-    background-color: #6694c7;  
-    background-image: url(overlay_softgradient_28.png);  
-}
-
-/* form elements
-_________________________________*/
-
-fieldset legend {
-    color: #c8da4a;
-    font-size: 12px;
-}
-fieldset legend span {
-    color: #ccc;
-    font-size: 11px;
-}
-p.exampleText {
-    color: #ccc;
-}
-p.fieldsetHelpText {
-    color: #ccc;
-}
-
-/*-- disabled and read-only form elements --*/
-
-label.disabledLabel {
-    color: ;
-}
-select option[disabled] {
-    color: ;
-}
-input.readonly {
-    background-color: ;
-}
-
-
-input[disabled]{
-background-color: transparent;
-border-color: transparent;
-color: ;
-}
-
-/* Icons 
----------------------------------*/
-/*-- hash mark for jobs icons  --*/
-.JobStatus .output ul li {
-    background-image: url(bg_hash_grey.gif);
-}
-
-.splIcon-events-list, .splIcon-events-table, .splIcon-results-table {
-/*-- 
-master icon file. edit the local file and include this stanza if you want to override the defaults
-background-image: url(splIcons.gif);
-
- --*/
-}
-
-/*-- background color for icons --*/
-.splIcon {
-    background-color: #6694c7;
-}
-
-
-
-/*-- switchers that use icons  --*/
-
-.ButtonSwitcher ul li.selected, .ButtonSwitcher ul li.selected:hover,
-.EventsViewer .default .actions,
-div.FlashTimeline a.logScaleSelected span, div.FlashTimeline a.linScaleSelected span  {
-    border: 1px solid #6694c7;
-    background-color: #6694c7;
-}
-
-.ButtonSwitcher ul li, .Paginator a, .Paginator .disabled:hover {
-    border-color: transparent;
-}
-
-/*-- hash mark for jobs icons  --*/
-.JobStatus .output ul li {
-    background-image: url(bg_hash_grey.gif);
-}
-
-
-/*-- paginator uses similar styles --*/
-
-.Paginator .active a, .Paginator .active a:hover {
-    background-color: #6694c7;
-    border-color: #6694c7;
-    color: #fff;
-}
-
-/*-- arrow icons --*/
-.splIcon-arrow-n, .splIcon-arrow-e, .splIcon-arrow-s, .splIcon-arrow-w {
-    background-color: #6694c7;
-}
-
-/* triangles. keep this last to avoid getting background colors in the arrows! */
-/* Note: to separate color from implementation, we're using a numbering system to differentiate colors.  
-   1=grey,2=white,3=green,4=black,5=blue.  If the icon sprite changes, the number mapping to colors would be different */
-.splIcon-triangle, 
-.splIcon-triangle-1-n, .splIcon-triangle-1-s, .splIcon-triangle-1-e, .splIcon-triangle-1-w,
-.splIcon-triangle-2-n, .splIcon-triangle-2-s, .splIcon-triangle-2-e, .splIcon-triangle-2-w,
-.splIcon-triangle-3-n, .splIcon-triangle-3-s, .splIcon-triangle-3-e, .splIcon-triangle-3-w,
-.splIcon-triangle-4-n, .splIcon-triangle-4-s, .splIcon-triangle-4-e, .splIcon-triangle-4-w,
-.splIcon-triangle-5-n, .splIcon-triangle-5-s, .splIcon-triangle-5-e, .splIcon-triangle-5-w {
-    background-color:transparent;   
-}
-.splIcon-triangle-large {
-    background-color:transparent;  
-}
-
-/*-- table sort icons --*/
-.FieldPickerPopup .fpFieldListContainerOuter th span {
-    background-position:-27px -441px;
-}
-
-.FieldPickerPopup .fpFieldListContainerOuter th.headerSortDown span {
-background-position:-27px -360px;
-}
-
-.FieldPickerPopup .fpFieldListContainerOuter th.headerSortUp span {
-background-position:-27px -379px;
-}
-
-
-/* highlight colors 
----------------------------------*/
-/*-- event items --*/
-.EventsViewer .default .a, .EventsViewer .default .h, .EventsViewer .default .fields .v:hover, .EventsViewer .default .fields .tg:hover {
-    background-color: #f2cb3f;
-}
-
-/*-- row highlighting for tables --*/
-table.splTable tr:hover td {
-    background-color:#f2cb3f;
-}
-.mouseoverHighlight, .mouseoverHightlight td {
-    background-color:#f2cb3f;
-}
-
-/*-- matching search terms --*/
-.SimpleEventsViewer span.searchTermHighlight {
-    background-color:#f2d440;
-}
-
-/* MultiFieldViewer + SuggestedFieldViewer, i.e. highlight in the fields sidebar */
-.MultiFieldViewer .fieldTabs .mouseoverHighlight,
-.MultiFieldViewer .fieldTabs .selected,
-.SuggestedFieldViewer .fieldTabs .mouseoverHighlight,
-.SuggestedFieldViewer .fieldTabs .selected {
-    background-color: #277991;
-}
-
-/* field picker popup hover row */
-.FieldPickerPopup .fpFieldList tbody tr:hover, .FieldPickerPopup .fpFieldList tbody tr.mouseoverHighlight {
-    background-color: #277991;
-}
-
-.fieldTabs a:hover {
-    color: #fff;
-}
-
-
-
-/* date picker 
----------------------------------*/
-.ui-datepicker-current-day {
-    background-color: #6694c7;
-}
-
-.ui-datepicker-links {
-    background-image: url(overlay_gradient.png) repeat-x 0 0;
-    _background-image: none;
-} 
-
-/* popups 
----------------------------------*/
-.splHeader-popup {
-    background-color: #000;
-    background-image: url(overlay_gradient.png);
-    background-repeat: repeat-x;
-    _background-image: none;
-}
-
-.splHeader-popup h2 {
-    color:#FFF; 
-}
-
-
-
-/* modal overlay */
-.splOverlay, .splOverlay-white {
-    background-color: #000;    
-    opacity:0.8;
-    filter:alpha(opacity=80);
-}
-.splOverlay-white {
-    background-color:#FFF;  
-}
-
-/* Misc 
----------------------------------*/
-
-/* resize handle */
-.ui-resizable-s {
-background-color:#6694c7 !important;
-}
-
-/* loading image for jobs */
-.JobStatus .output .running h2,
-.JobStatus .output .runningReport h2,
-.JobStatus .output .finalizing h2 {
-background-image: url(loader.gif);
-}
-
-
-/* remove the gradient at top of event and results area */
-.EventsViewer, .SimpleResultsTableResults {
-background-image: none;
-}
-
-/* used on some dashbaords */
-.SingleValueHolder {
-background-color:#194775;
-color: #fff
-}
-
-/* tighten up dashboard title displays */
-.NullModule { display: none; }
-
-.dashboardCell .FlashChart {
-    background-color: transparent;
-}
-
-.dashboardContent h3 {
-    margin-top: 0;
-}
diff --git a/appserver/static/realtime_ammap.html b/appserver/static/realtime_ammap.html
deleted file mode 100755
index e3b586bf..00000000
--- a/appserver/static/realtime_ammap.html
+++ /dev/null
@@ -1,16 +0,0 @@
-
-  <script type="text/javascript" src="/static/app/SplunkforPaloAltoNetworks/ammap/swfobject.js"></script>
-	<div id="flashcontent">
-		<strong>If you see this message you most likley need to adjust your HTML file in this view or you are trying to view the HTML directly instead of in a Splunk view module.</strong>
-	</div>
-
-	<script type="text/javascript">
-		// <![CDATA[		
-		var so = new SWFObject("/static/app/SplunkforPaloAltoNetworks/ammap/ammap.swf", "ammap", "100%", "400", "8", "#FFFFFF");
-		so.addVariable("path", "/static/app/SplunkforPaloAltoNetworks/ammap/");
-		so.addVariable("settings_file", escape("/static/app/SplunkforPaloAltoNetworks/ammap/realtime_ammap_settings.xml"));                  // you can set two or more different settings files here (separated by commas)
-		so.addVariable("data_file", escape("/static/app/SplunkforPaloAltoNetworks/xml_out/realtime_threat_data.xml"));		
-		so.write("flashcontent");
-so.addParam('wmode', 'transparent');
-		// ]]>
-	</script>
diff --git a/appserver/static/screenshot.jpg b/appserver/static/screenshot.jpg
deleted file mode 100755
index bcbc21f4..00000000
Binary files a/appserver/static/screenshot.jpg and /dev/null differ
diff --git a/appserver/static/screenshot.png b/appserver/static/screenshot.png
new file mode 100644
index 00000000..332089a0
Binary files /dev/null and b/appserver/static/screenshot.png differ
diff --git a/appserver/static/threat_map.html b/appserver/static/threat_map.html
deleted file mode 100755
index 84e63b0e..00000000
--- a/appserver/static/threat_map.html
+++ /dev/null
@@ -1,28 +0,0 @@
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-<title>ammap</title>
-</head>
-
-<body>
-<!-- saved from url=(0013)about:internet -->
-<!-- ammap script-->
-  <script type="text/javascript" src="/static/app/Splunk_CiscoSecuritySuite/ammap/swfobject.js"></script>
-	<div id="flashcontent">
-		<strong>If you see this message you most likley need to adjust your HTML file in this view or you are trying to view the HTML directly instead of in a Splunk view module.</strong>
-	</div>
-
-	<script type="text/javascript">
-		// <![CDATA[		
-		var so = new SWFObject("/static/app/Splunk_CiscoSecuritySuite/ammap/ammap.swf", "ammap", "100%", "350", "8", "#FFFFFF");
-		so.addVariable("path", "/static/app/Splunk_CiscoSecuritySuite/ammap/");
-		so.addVariable("settings_file", escape("/static/app/Splunk_CiscoSecuritySuite/ammap/ammap_settings.xml"));                  // you can set two or more different settings files here (separated by commas)
-		so.addVariable("data_file", escape("/static/app/Splunk_CiscoSecuritySuite/xml_out/home_threat_data.xml"));		
-		so.addParam('wmode', 'transparent');
-		so.write("flashcontent");
-		// ]]>
-	</script>
-<!-- end of ammap script -->
-
-</body>
-</html>
diff --git a/appserver/static/threat_overview.css b/appserver/static/threat_overview.css
deleted file mode 100755
index c0aba3a5..00000000
--- a/appserver/static/threat_overview.css
+++ /dev/null
@@ -1,13 +0,0 @@
-#ExtendedFieldSearch_0_0_0 label, 
-#ExtendedFieldSearch_1_1_0 label,
-#ExtendedFieldSearch_2_2_0 label{
-width: 85px;
-display: inline-block;
-}
-
-
-#ExtendedFieldSearch_3_3_0 label,
-#ExtendedFieldSearch_4_4_0 label{
-width: 60px;
-display: inline-block;
-}
diff --git a/appserver/static/traffic_overview.css b/appserver/static/traffic_overview.css
deleted file mode 100755
index 0f19278b..00000000
--- a/appserver/static/traffic_overview.css
+++ /dev/null
@@ -1,18 +0,0 @@
-#ExtendedFieldSearch_0_0_0 label, 
-#ExtendedFieldSearch_4_4_0 label{
-width: 75px;
-display: inline-block;
-}
-
-
-#ExtendedFieldSearch_1_1_0 label,
-#ExtendedFieldSearch_2_2_0 label{
-width: 95px;
-display: inline-block;
-}
-
-#ExtendedFieldSearch_3_3_0 label,
-#ExtendedFieldSearch_5_5_0 label {
-width: 45px;
-display: inline-block;
-}
\ No newline at end of file
diff --git a/appserver/static/web_activity.css b/appserver/static/web_activity.css
deleted file mode 100755
index 07a445db..00000000
--- a/appserver/static/web_activity.css
+++ /dev/null
@@ -1,19 +0,0 @@
-#ExtendedFieldSearch_2_2_0 label 
-{
-width: 125px;
-display: inline-block;
-}
-
-#ExtendedFieldSearch_1_1_0 label{
-width: 75px;
-display: inline-block;
-}
-
-#TimeRangePicker_0_0_0 {
-padding-top: 3px;
-}
-
-#ExtendedFieldSearch_0_0_0 label{
-width: 60px;
-display: inline-block;
-}
diff --git a/appserver/static/xml_out/realtime_threat_data.xml b/appserver/static/xml_out/realtime_threat_data.xml
deleted file mode 100755
index 110e9a72..00000000
--- a/appserver/static/xml_out/realtime_threat_data.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<map map_file="maps/world.swf" tl_long="-168.5" tl_lat="83.50" br_long="190" br_lat="-55"  zoom="399.8812%" zoom_x="-33.8%" zoom_y="-142.62%"  >
- 
-	
-	  <areas> 
-
-      <area title="borders" mc_name="borders" color="#FFFFFF" balloon="false"></area>
-
-  </areas>
-  
-  
-	<movies>	
-
-<movie url="/app/SplunkforPaloAltoNetworks/flashtimeline?q=search%20dst_ip%3D111.221.74.34" target="_parent" fixed_size="true" file="circle" alpha="60" title="&lt;b&gt; Singapore
- Event(s): 1
- Unique IP(s): 1"
- lat="1.3667" long="103.8" height="10" width="10" color="#33CCFF">
-</movie>
-
-
-<movie url="/app/SplunkforPaloAltoNetworks/flashtimeline?q=search%20dst_ip%3D64.78.56.109" target="_parent" fixed_size="true" file="circle" alpha="60" title="&lt;b&gt; Sunnyvale, CA, United States
- Event(s): 9
- Unique IP(s): 1"
- lat="37.3697" long="-122.0214" height="10" width="10" color="#33CCFF">
-</movie>
-
-</movies></map>
\ No newline at end of file
diff --git a/appserver/static/xml_out/rt_threat_data.xml b/appserver/static/xml_out/rt_threat_data.xml
deleted file mode 100755
index 3877db1b..00000000
--- a/appserver/static/xml_out/rt_threat_data.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<map map_file="maps/world.swf" tl_long="-168.5" tl_lat="83.50" br_long="190" br_lat="-55"  zoom="399.8812%" zoom_x="-33.8%" zoom_y="-142.62%"  >
- 
-	
-	  <areas> 
-
-      <area title="borders" mc_name="borders" color="#FFFFFF" balloon="false"></area>
-
-  </areas>
-  
-  
-	<movies>	
-
-<movie url="/app/SplunkforPaloAltoNetworks/flashtimeline?q=search%20dst_ip%3D208.85.41.43%20OR%20dst_ip%3D208.85.41.35" target="_parent" fixed_size="true" file="circle" alpha="60" title="&lt;b&gt; Oakland, CA, United States
- Security Event(s): 4
- Unique IP(s): 2"
- lat="37.8091" long="-122.2702" height="10" width="10" color="#FF0000">
-</movie>
-
-</movies></map>
\ No newline at end of file
diff --git a/bin/alert_scripts/map_results.sh b/bin/alert_scripts/map_results.sh
deleted file mode 100755
index b7c48633..00000000
--- a/bin/alert_scripts/map_results.sh
+++ /dev/null
@@ -1,2 +0,0 @@
-echo "$@" >> /tmp/map_results.run
-python $SPLUNK_HOME/etc/apps/SplunkforPaloAltoNetworks/bin/map_results.py "$@"
diff --git a/bin/alert_scripts/mapit.sh b/bin/alert_scripts/mapit.sh
deleted file mode 100755
index 74b5a184..00000000
--- a/bin/alert_scripts/mapit.sh
+++ /dev/null
@@ -1,2 +0,0 @@
-echo "$@" > /tmp/ammap_map_results.run
-python $SPLUNK_HOME/etc/apps/AMMAP/bin/map_results.py "$@"
diff --git a/bin/map_results.py b/bin/map_results.py
deleted file mode 100755
index aea08e84..00000000
--- a/bin/map_results.py
+++ /dev/null
@@ -1,192 +0,0 @@
-import sys, os, gzip, csv, time, traceback
-import sys,splunk.Intersplunk
-import traceback
-		
-#TODO App should be determined by search that calls the script
-map_type = "threat"
-log = open(os.path.join(os.environ["SPLUNK_HOME"], 'var', 'log', 'splunk','ammap_map_results.log'), 'a')   
-results_file = ""
-result_path = os.path.join(os.environ["SPLUNK_HOME"], 'var', 'run', 'splunk','dispatch')
-DEBUG = 1
-zoom_string = ' zoom="399.8812%" zoom_x="-33.8%" zoom_y="-142.62%" ' 
-
-
-def get_results():
-	global outputFile
-	global app
-	global zoom
-	if len(sys.argv)>5:
-		logger("INFO - Alert Action Suspected!")
-		results = sys.argv[6]
-		path = results[results.find('sid=')+4:]
-		results_file = os.path.join(result_path,path,'results.csv.gz')
-		
-		logger("INFO - Alert Action Fired...Moving On")
-	elif len(sys.argv) == 2:
-		logger("INFO - checking for SID: "+ sys.argv[1])
-
-		results_file =  os.path.join(results_file,sys.argv[1],'results.csv.gz')
-
-		logger("INFO - SID found....Moving On")
-	elif sys.argv.count('-f')>0:
-		logger("INFO - Attempting to read from local file: "+ sys.argv[2])
-		results_file = sys.argv[2]
-		logger("INFO - File found....Moving On")
-	else:
-		logger("INFO - Checking Intersplunk for results")
-		results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()
-		
-		result_dict_list = []
-		logger("INFO - checking for target app in search results")
-		if results[0].has_key("app"):
-			app  = results[0]["app"]
-		logger("INFO - checking for output file in search results")
-		if results[0].has_key("output_file"):
-			outputFile  = os.path.join(os.environ["SPLUNK_HOME"], 'etc', 'apps', app,'appserver','static','xml_out',results[0]["output_file"])
-		logger("INFO - checking for zoom settings in search results")
-		if results[0].has_key("zoom"):
-			zoom  = results[0]["zoom"]
-		else:
-			zoom = zoom_string
-
-
-
-
-		return results
-	results = csv.reader(gzip.open(results_file),delimiter=',', quotechar='"')
-	logger("INFO - Results Recieved, constructing dict")
-	header = []
-	resultDict = {}
-	result_dict_list = []
-	first = 1
-
-	for row in results:
-		if first:
-			header = row
-			logger("FOUND FIELDS: "+str(row)) 
-			first = 0	
-			continue;
-		resultDict = {}
-		x = 0	
-		for col in row:
-			resultDict[header[x]] = col
-			x = x + 1 
-		result_dict_list.append(resultDict)
-	logger("checking for target app in search results")
-	if result_dict_list[0].has_key("app"):
-		app  = result_dict_list[0]["app"]
-
-	logger("checking for output file in search results")
-	if result_dict_list[0].has_key("output_file"):
-		outputFile = os.path.join(os.environ["SPLUNK_HOME"], 'etc', 'apps', app,'appserver','static','xml_out',result_dict_list[0]["output_file"])
-
-	if result_dict_list[0].has_key("zoom"):
-		zoom  = result_dict_list[0]["zoom"]
-
-	else:
-		zoom = zoom_string
-
-
-
-
-	return result_dict_list
-
-
-def aggregate_results(result_dict_list): 
-	logger("INFO - Aggregating results ....")
-	iterator = result_dict_list[0]["iterator"]
-	geo_dict = {}
-	for dict in result_dict_list:
-## Need to crate a unique key to calculate totals by location. 
-		key = dict["client_lon"]+dict["client_lat"]
-		if geo_dict.has_key(key) == False:
-			geo_dict[key] = {'iterator':iterator,'uniq':{dict[iterator]:1},'count':int(dict["count"]),iterator:[dict[iterator]],"city":dict["client_city"],"region":dict["client_region"],"country":dict["client_country"],"long":dict["client_lon"],"lat":dict["client_lat"],"label":dict["iterator_label"],"movie_color":dict["movie_color"],"title":dict["count_label"]} 	
-		else:
-#			logger("Repeat Key updating iterator list and count for:" + key)
-			geo_dict[key]['count'] = geo_dict[key]['count'] + int(dict["count"])
-			geo_dict[key][iterator].append(dict[iterator])
-			if geo_dict[key]['uniq'].has_key(dict[iterator]):
-				continue;
-			else:
-				geo_dict[key]['uniq'][dict[iterator]] = 1
-	return geo_dict
-
-def format_movies(geo_results):
-	movie_list = []
-	for key in geo_results.keys():
-		movie = ""
-		title = ""
-		url = "/app/"+app+"/flashtimeline?q=search%20"
-		if len(geo_results[key]["country"])>1:
-			title = geo_results[key]["country"]
-		if len(geo_results[key]["region"])>1:
-			title = geo_results[key]["region"]+", "+ title 
-		if len(geo_results[key]["city"])>1:
-			title = geo_results[key]["city"]+", "+ title 
-		title = title + '\n ' + geo_results[key]["title"] + '(s): ' + str(geo_results[key]["count"]) + "\n Unique " +geo_results[key]["label"] + "(s): "+ str(len(geo_results[key]["uniq"])) + '"'
-		uniq_keys = ""
-		for x in geo_results[key]["uniq"].keys():
-			uniq_keys = uniq_keys + geo_results[key]["iterator"] + "%3D" + x + "%20OR%20"   
-		url = url + uniq_keys[:len(uniq_keys)-8]		
-		size = int(geo_results[key]["count"]) / 10
- 		if size>15: size = 25
-		if size==15: size = 25
- 		if size<2: size = 10
- 		if size==2: size=10
-		movie = '\n<movie url="'+url+'" target="_parent" fixed_size="true" file="circle" alpha="60" title="&lt;b&gt; '
-		movie = movie + title + '\n lat="'+geo_results[key]["lat"]+'" long="'+geo_results[key]["long"]+'" height="'+str(size)+'" width="'+str(size)+'" color="'+geo_results[key]["movie_color"]+'">\n</movie>\n' 
-		movie_list.append(movie)
-	return movie_list
-
-def write_threat_xml(movies):
-
-	movies_string = ""
-	for movie in movies:
-		movies_string = movie + '\n' + movies_string 
-	end = '''
-  <labels>
-    <label x="0" y="50" width="100%" align="center" text_size="16" color="#FFFFFF">
-      <text><![CDATA[]]></text>
-      <description><![CDATA[]]></description>
-    </label>
-  </labels>  
-</map>
-		'''
-
-	borders = '''
-	
-	  <areas> 
-
-      <area title="borders" mc_name="borders" color="#FFFFFF" balloon="false"></area>
-
-  </areas>
-  
-  '''
-	xml_out =  '<map map_file="maps/world.swf" tl_long="-168.5" tl_lat="83.50" br_long="190" br_lat="-55" '+zoom+' >\n '+borders+'\n\t<movies>\t\n' + movies_string + '</movies></map>'
-	xml_file = open(outputFile,'w')
-	xml_file.write(xml_out)
-	logger("Writing XML to : " + outputFile) 
-	return 0
-
-
-def logger(string):
-	if DEBUG==1:
-#		print time.asctime() + ' - ' + string
-		log.write(time.asctime() + ' - ' + string + "\n")
-		return 0
-def run():
-	try:
-		logger( "INFO - get_results()" )
-		result_dict_list = get_results()
-		logger("INFO - aggregate_results()")
-		geo_results = aggregate_results(result_dict_list)
-		logger("INFO - format_movies()")
-		movies = format_movies(geo_results)
-		logger("INFO - write_threat_xml()")
-		write_threat_xml(movies)
-		print "Map Results Completed"
-	except:
-		stack =  traceback.format_exc()
-		logger('ERROR - Traceback:' + str(stack))
-		
-run()
diff --git a/default/app.conf b/default/app.conf
index 96d636ef..8adda24f 100755
--- a/default/app.conf
+++ b/default/app.conf
@@ -5,7 +5,7 @@ label = Splunk for Palo Alto Networks
 [launcher]
 author= btorres-gil@paloaltonetworks.com
 description= The Splunk for Palo Alto Networks app is a set of field extractions, reports, lookups and dashboards which provide visibility into the Palo Alto Networks Firewall data. 
-version = 3.4
+version = 4.0
 
 [package]
 id= SplunkforPaloAltoNetworks
diff --git a/default/commands.conf b/default/commands.conf
index 9ac1d2db..6d064e53 100755
--- a/default/commands.conf
+++ b/default/commands.conf
@@ -1,13 +1,3 @@
-[ciscomap]
-filename = cisco_map_results.py
-retainsevents = true
-overrides_timeorder = false
-
-[mapit]
-filename = map_results.py
-retainsevents = true
-overrides_timeorder = false
-
 [panblock]
 filename = panChange.py
 passauth = true
diff --git a/default/data/ui/nav/default.xml b/default/data/ui/nav/default.xml
index 97a40985..0350ff70 100755
--- a/default/data/ui/nav/default.xml
+++ b/default/data/ui/nav/default.xml
@@ -1,90 +1,91 @@
-<nav>
-  <collection label="Splunk for Palo Alto Networks">
-    <view name="pan_overview_switcher_maps" default="true"/>
-    <collection label="Search Palo Alto Data">
-      <a href="flashtimeline">Search</a>
-      <a href="flashtimeline?q=search%20%60pan_traffic%60">Traffic Logs</a>
-      <a href="flashtimeline?q=search%20%60pan_threat%60">Threat Data</a>
-      <a href="flashtimeline?q=search%20%60pan_url%60">URL Logs</a>
-      <a href="flashtimeline?q=search%20%60pan_data%60">Data Filtering Logs</a>
-      <a href="flashtimeline?q=search%20%60pan_wildfire%60">WildFire Logs</a>
-      <a href="flashtimeline?q=search%20%60pan_config%60">Config Messages</a>
-      <a href="flashtimeline?q=search%20%60pan_system%60">System Logs</a>
-    </collection>
-    <divider />
-    <a href="/manager/SplunkforPaloAltoNetworks/apps/local/SplunkforPaloAltoNetworks/setup?action=edit">Configuration</a>
-    <divider />
-    <a href="mailto:bd-labs@splunk.com">Send Feedback</a>
-  </collection>
-  
-  <collection label="Traffic">
-    <view name="traffic_overview" />
-    <divider />
-    <view name="web_usage_report" />
-    <divider />
-    <collection label="Searches &amp; Reports">
-      <a href="flashtimeline?q=search%20%60pan_traffic%60">Search Traffic Data</a>
-      <divider />
-      <saved source="all" match="PAN - Traffic" view="flashtimeline" />
-    </collection>
-  </collection>
-  
-  <collection label="Threat">
-    <view name="threat_overview" />
-    <view name="threat_detail" />
-    <divider />
-    <collection label="Searches &amp; Reports">
-      <a href="flashtimeline?q=search%20%60pan_threat%60">Search Threat Data</a>
-      <divider />
-      <saved source="all" match="PAN - Threat" view="flashtimeline" />
-    </collection>
-  </collection>
-  
-    <collection label="Content">
-    <view name="content_overview" />
-    <view name="url_filtering" />
-    <view name="data_filtering" />
-    <divider />
-    <collection label="Searches &amp; Reports">
-      <a href="flashtimeline?q=search%20%60pan_web_activity%60">Search URL Data</a>
-      <a href="flashtimeline?q=search%20%60pan_data_filtering%60">Search Data Filtering Data</a>
-      <divider />
-      <saved source="all" match="PAN - Threat" view="flashtimeline" />
-    </collection>
-  </collection>
-
-  <collection label="WildFire">
-    <view name="wildfire_overview" />
-    <view name="wildfire_detail" />
-    <divider />
-    <collection label="Searches &amp; Reports">
-      <a href="flashtimeline?q=search%20%60pan_wildfire%60">Search WildFire Log Data</a>
-      <a href="flashtimeline?q=search%20%60pan_wildfire_report%60">Search WildFire Report Data</a>
-      <divider />
-      <saved source="all" match="PAN - WildFire" view="flashtimeline" />
-    </collection>
-  </collection>
-  
-  <collection label="Console">
-    <view name="system_overview" />
-    <view name="config_overview" />
-    <divider />
-    <collection label="System Message Reports">
-      <a href="flashtimeline?q=search%20%60pan_system%60">Search System Messages</a>
-      <divider />
-      <saved source="all" match="PAN - System" view="flashtimeline" />
-    </collection>
-    <collection label="Configuration Reports">
-      <a href="flashtimeline?q=search%20%60pan_config%60">Search Config Changes</a>
-      <divider />
-      <saved source="all" match="PAN - Config" view="flashtimeline" />
-    </collection>
-  </collection>
-
-  <!-- Search -->
-  <view name="flashtimeline" />
-  <!--<collection label="Help">
-    <view name="readme"/>
-    <view name="faq" />
-  </collection>-->
-</nav>
+<nav search_view="search" color="#004f82">
+  <collection label="Palo Alto Networks">
+    <view name="overview" default="true"/>
+    <collection label="Search Palo Alto Networks Logs">
+      <a href="search">Search</a>
+      <a href="search?q=%60pan_traffic%60">Traffic Logs</a>
+      <a href="search?q=%60pan_threat%60">Threat Data</a>
+      <a href="search?q=%60pan_url%60">URL Logs</a>
+      <a href="search?q=%60pan_data%60">Data Filtering Logs</a>
+      <a href="search?q=%60pan_file%60">File Blocking Logs</a>
+      <a href="search?q=%60pan_wildfire%60">WildFire Logs</a>
+      <a href="search?q=%60pan_config%60">Config Messages</a>
+      <a href="search?q=%60pan_system%60">System Logs</a>
+    </collection>
+    <divider />
+    <a href="/manager/SplunkforPaloAltoNetworks/apps/local/SplunkforPaloAltoNetworks/setup?action=edit">Configuration</a>
+    <divider />
+    <a href="http://answers.splunk.com/ask/?appid=491" target="_blank">Send Feedback</a>
+  </collection>
+  
+  <collection label="Traffic">
+    <view name="traffic_overview" />
+    <divider />
+    <view name="web_usage_report" />
+    <divider />
+    <collection label="Searches &amp; Reports">
+      <a href="search?q=search%20%60pan_traffic%60">Search Traffic Data</a>
+      <divider />
+      <saved source="all" match="PAN - Traffic" view="search" />
+    </collection>
+  </collection>
+  
+  <collection label="Threat">
+    <view name="threat_overview" />
+    <view name="threat_detail" />
+    <divider />
+    <collection label="Searches &amp; Reports">
+      <a href="search?q=search%20%60pan_threat%60">Search Threat Data</a>
+      <divider />
+      <saved source="all" match="PAN - Threat" view="search" />
+    </collection>
+  </collection>
+  
+    <collection label="Content">
+    <view name="content_overview" />
+    <view name="url_filtering_overview" />
+    <view name="data_filtering_overview" />
+    <divider />
+    <collection label="Searches &amp; Reports">
+      <a href="search?q=search%20%60pan_web_activity%60">Search URL Data</a>
+      <a href="search?q=search%20%60pan_data_filtering%60">Search Data Filtering Data</a>
+      <divider />
+      <saved source="all" match="PAN - Threat" view="search" />
+    </collection>
+  </collection>
+
+  <collection label="WildFire">
+    <view name="wildfire_overview" />
+    <view name="wildfire_detail" />
+    <divider />
+    <collection label="Searches &amp; Reports">
+      <a href="search?q=search%20%60pan_wildfire%60">Search WildFire Log Data</a>
+      <a href="search?q=search%20%60pan_wildfire_report%60">Search WildFire Report Data</a>
+      <divider />
+      <saved source="all" match="PAN - WildFire" view="search" />
+    </collection>
+  </collection>
+  
+  <collection label="Console">
+    <view name="system_overview" />
+    <view name="config_overview" />
+    <divider />
+    <collection label="System Message Reports">
+      <a href="search?q=search%20%60pan_system%60">Search System Messages</a>
+      <divider />
+      <saved source="all" match="PAN - System" view="search" />
+    </collection>
+    <collection label="Configuration Reports">
+      <a href="search?q=search%20%60pan_config%60">Search Config Changes</a>
+      <divider />
+      <saved source="all" match="PAN - Config" view="search" />
+    </collection>
+  </collection>
+
+  <!-- Search -->
+  <view name="search" stylesheet="application.css"/>
+  <!--<collection label="Help">
+    <view name="readme"/>
+    <view name="faq" />
+  </collection>-->
+</nav>
diff --git a/default/data/ui/nav/default.xml.nfi_disabled b/default/data/ui/nav/default.xml.nfi_disabled
index 97a40985..0350ff70 100755
--- a/default/data/ui/nav/default.xml.nfi_disabled
+++ b/default/data/ui/nav/default.xml.nfi_disabled
@@ -1,90 +1,91 @@
-<nav>
-  <collection label="Splunk for Palo Alto Networks">
-    <view name="pan_overview_switcher_maps" default="true"/>
-    <collection label="Search Palo Alto Data">
-      <a href="flashtimeline">Search</a>
-      <a href="flashtimeline?q=search%20%60pan_traffic%60">Traffic Logs</a>
-      <a href="flashtimeline?q=search%20%60pan_threat%60">Threat Data</a>
-      <a href="flashtimeline?q=search%20%60pan_url%60">URL Logs</a>
-      <a href="flashtimeline?q=search%20%60pan_data%60">Data Filtering Logs</a>
-      <a href="flashtimeline?q=search%20%60pan_wildfire%60">WildFire Logs</a>
-      <a href="flashtimeline?q=search%20%60pan_config%60">Config Messages</a>
-      <a href="flashtimeline?q=search%20%60pan_system%60">System Logs</a>
-    </collection>
-    <divider />
-    <a href="/manager/SplunkforPaloAltoNetworks/apps/local/SplunkforPaloAltoNetworks/setup?action=edit">Configuration</a>
-    <divider />
-    <a href="mailto:bd-labs@splunk.com">Send Feedback</a>
-  </collection>
-  
-  <collection label="Traffic">
-    <view name="traffic_overview" />
-    <divider />
-    <view name="web_usage_report" />
-    <divider />
-    <collection label="Searches &amp; Reports">
-      <a href="flashtimeline?q=search%20%60pan_traffic%60">Search Traffic Data</a>
-      <divider />
-      <saved source="all" match="PAN - Traffic" view="flashtimeline" />
-    </collection>
-  </collection>
-  
-  <collection label="Threat">
-    <view name="threat_overview" />
-    <view name="threat_detail" />
-    <divider />
-    <collection label="Searches &amp; Reports">
-      <a href="flashtimeline?q=search%20%60pan_threat%60">Search Threat Data</a>
-      <divider />
-      <saved source="all" match="PAN - Threat" view="flashtimeline" />
-    </collection>
-  </collection>
-  
-    <collection label="Content">
-    <view name="content_overview" />
-    <view name="url_filtering" />
-    <view name="data_filtering" />
-    <divider />
-    <collection label="Searches &amp; Reports">
-      <a href="flashtimeline?q=search%20%60pan_web_activity%60">Search URL Data</a>
-      <a href="flashtimeline?q=search%20%60pan_data_filtering%60">Search Data Filtering Data</a>
-      <divider />
-      <saved source="all" match="PAN - Threat" view="flashtimeline" />
-    </collection>
-  </collection>
-
-  <collection label="WildFire">
-    <view name="wildfire_overview" />
-    <view name="wildfire_detail" />
-    <divider />
-    <collection label="Searches &amp; Reports">
-      <a href="flashtimeline?q=search%20%60pan_wildfire%60">Search WildFire Log Data</a>
-      <a href="flashtimeline?q=search%20%60pan_wildfire_report%60">Search WildFire Report Data</a>
-      <divider />
-      <saved source="all" match="PAN - WildFire" view="flashtimeline" />
-    </collection>
-  </collection>
-  
-  <collection label="Console">
-    <view name="system_overview" />
-    <view name="config_overview" />
-    <divider />
-    <collection label="System Message Reports">
-      <a href="flashtimeline?q=search%20%60pan_system%60">Search System Messages</a>
-      <divider />
-      <saved source="all" match="PAN - System" view="flashtimeline" />
-    </collection>
-    <collection label="Configuration Reports">
-      <a href="flashtimeline?q=search%20%60pan_config%60">Search Config Changes</a>
-      <divider />
-      <saved source="all" match="PAN - Config" view="flashtimeline" />
-    </collection>
-  </collection>
-
-  <!-- Search -->
-  <view name="flashtimeline" />
-  <!--<collection label="Help">
-    <view name="readme"/>
-    <view name="faq" />
-  </collection>-->
-</nav>
+<nav search_view="search" color="#004f82">
+  <collection label="Palo Alto Networks">
+    <view name="overview" default="true"/>
+    <collection label="Search Palo Alto Networks Logs">
+      <a href="search">Search</a>
+      <a href="search?q=%60pan_traffic%60">Traffic Logs</a>
+      <a href="search?q=%60pan_threat%60">Threat Data</a>
+      <a href="search?q=%60pan_url%60">URL Logs</a>
+      <a href="search?q=%60pan_data%60">Data Filtering Logs</a>
+      <a href="search?q=%60pan_file%60">File Blocking Logs</a>
+      <a href="search?q=%60pan_wildfire%60">WildFire Logs</a>
+      <a href="search?q=%60pan_config%60">Config Messages</a>
+      <a href="search?q=%60pan_system%60">System Logs</a>
+    </collection>
+    <divider />
+    <a href="/manager/SplunkforPaloAltoNetworks/apps/local/SplunkforPaloAltoNetworks/setup?action=edit">Configuration</a>
+    <divider />
+    <a href="http://answers.splunk.com/ask/?appid=491" target="_blank">Send Feedback</a>
+  </collection>
+  
+  <collection label="Traffic">
+    <view name="traffic_overview" />
+    <divider />
+    <view name="web_usage_report" />
+    <divider />
+    <collection label="Searches &amp; Reports">
+      <a href="search?q=search%20%60pan_traffic%60">Search Traffic Data</a>
+      <divider />
+      <saved source="all" match="PAN - Traffic" view="search" />
+    </collection>
+  </collection>
+  
+  <collection label="Threat">
+    <view name="threat_overview" />
+    <view name="threat_detail" />
+    <divider />
+    <collection label="Searches &amp; Reports">
+      <a href="search?q=search%20%60pan_threat%60">Search Threat Data</a>
+      <divider />
+      <saved source="all" match="PAN - Threat" view="search" />
+    </collection>
+  </collection>
+  
+    <collection label="Content">
+    <view name="content_overview" />
+    <view name="url_filtering_overview" />
+    <view name="data_filtering_overview" />
+    <divider />
+    <collection label="Searches &amp; Reports">
+      <a href="search?q=search%20%60pan_web_activity%60">Search URL Data</a>
+      <a href="search?q=search%20%60pan_data_filtering%60">Search Data Filtering Data</a>
+      <divider />
+      <saved source="all" match="PAN - Threat" view="search" />
+    </collection>
+  </collection>
+
+  <collection label="WildFire">
+    <view name="wildfire_overview" />
+    <view name="wildfire_detail" />
+    <divider />
+    <collection label="Searches &amp; Reports">
+      <a href="search?q=search%20%60pan_wildfire%60">Search WildFire Log Data</a>
+      <a href="search?q=search%20%60pan_wildfire_report%60">Search WildFire Report Data</a>
+      <divider />
+      <saved source="all" match="PAN - WildFire" view="search" />
+    </collection>
+  </collection>
+  
+  <collection label="Console">
+    <view name="system_overview" />
+    <view name="config_overview" />
+    <divider />
+    <collection label="System Message Reports">
+      <a href="search?q=search%20%60pan_system%60">Search System Messages</a>
+      <divider />
+      <saved source="all" match="PAN - System" view="search" />
+    </collection>
+    <collection label="Configuration Reports">
+      <a href="search?q=search%20%60pan_config%60">Search Config Changes</a>
+      <divider />
+      <saved source="all" match="PAN - Config" view="search" />
+    </collection>
+  </collection>
+
+  <!-- Search -->
+  <view name="search" stylesheet="application.css"/>
+  <!--<collection label="Help">
+    <view name="readme"/>
+    <view name="faq" />
+  </collection>-->
+</nav>
diff --git a/default/data/ui/nav/default.xml.nfi_enabled b/default/data/ui/nav/default.xml.nfi_enabled
index cd2a81c0..5f71416c 100755
--- a/default/data/ui/nav/default.xml.nfi_enabled
+++ b/default/data/ui/nav/default.xml.nfi_enabled
@@ -1,113 +1,114 @@
-<nav>
-  <collection label="Splunk for Palo Alto Networks">
-    <view name="pan_overview_switcher_maps" default="true"/>
-    <collection label="Search Palo Alto Data">
-      <a href="flashtimeline">Search</a>
-      <a href="flashtimeline?q=search%20%60pan_traffic%60">Traffic Logs</a>
-      <a href="flashtimeline?q=search%20%60pan_threat%60">Threat Data</a>
-      <a href="flashtimeline?q=search%20%60pan_url%60">URL Logs</a>
-      <a href="flashtimeline?q=search%20%60pan_data%60">Data Filtering Logs</a>
-      <a href="flashtimeline?q=search%20%60pan_wildfire%60">WildFire Logs</a>
-      <a href="flashtimeline?q=search%20%60pan_config%60">Config Messages</a>
-      <a href="flashtimeline?q=search%20%60pan_system%60">System Logs</a>
-    </collection>
-    <divider />
-    <a href="/manager/SplunkforPaloAltoNetworks/apps/local/SplunkforPaloAltoNetworks/setup?action=edit">Configuration</a>
-    <divider />
-    <a href="mailto:bd-labs@splunk.com">Send Feedback</a>
-  </collection>
-  
-  <collection label="Traffic">
-    <view name="traffic_overview" />
-    <divider />
-    <view name="web_usage_report" />
-    <divider />
-    <collection label="Searches &amp; Reports">
-      <a href="flashtimeline?q=search%20%60pan_traffic%60">Search Traffic Data</a>
-      <divider />
-      <saved source="all" match="PAN - Traffic" view="flashtimeline" />
-    </collection>
-  </collection>
-  
-  <collection label="Threat">
-    <view name="threat_overview" />
-    <view name="threat_detail" />
-    <divider />
-    <collection label="Searches &amp; Reports">
-      <a href="flashtimeline?q=search%20%60pan_threat%60">Search Threat Data</a>
-      <divider />
-      <saved source="all" match="PAN - Threat" view="flashtimeline" />
-    </collection>
-  </collection>
-  
-    <collection label="Content">
-    <view name="content_overview" />
-    <view name="url_filtering" />
-    <view name="data_filtering" />
-    <divider />
-    <collection label="Searches &amp; Reports">
-      <a href="flashtimeline?q=search%20%60pan_web_activity%60">Search URL Data</a>
-      <a href="flashtimeline?q=search%20%60pan_data_filtering%60">Search Data Filtering Data</a>
-      <divider />
-      <saved source="all" match="PAN - Threat" view="flashtimeline" />
-    </collection>
-  </collection>
-
-  <collection label="WildFire">
-    <view name="wildfire_overview" />
-    <view name="wildfire_detail" />
-    <divider />
-    <collection label="Searches &amp; Reports">
-      <a href="flashtimeline?q=search%20%60pan_wildfire%60">Search WildFire Log Data</a>
-      <a href="flashtimeline?q=search%20%60pan_wildfire_report%60">Search WildFire Report Data</a>
-      <divider />
-      <saved source="all" match="PAN - WildFire" view="flashtimeline" />
-    </collection>
-  </collection>
-  
-  <collection label="Console">
-    <view name="system_overview" />
-    <view name="config_overview" />
-    <divider />
-    <collection label="System Message Reports">
-      <a href="flashtimeline?q=search%20%60pan_system%60">Search System Messages</a>
-      <divider />
-      <saved source="all" match="PAN - System" view="flashtimeline" />
-    </collection>
-    <collection label="Configuration Reports">
-      <a href="flashtimeline?q=search%20%60pan_config%60">Search Config Changes</a>
-      <divider />
-      <saved source="all" match="PAN - Config" view="flashtimeline" />
-    </collection>
-  </collection>
-
-  <collection label="NetFlow">
-    <view name="nfi_about"/>
-    <divider />
-    <view name="nfi_overview"/>
-    <divider />
-    <view name="nfi_top_consumers"/>
-    <view name="nfi_top_destinations"/>
-    <view name="nfi_top_violators"/>
-    <view name="nfi_top_connectors"/>
-    <view name="nfi_top_apps"/>
-    <view name="nfi_top_apps_users"/>
-    <divider />
-    <collection label="Searches">
-      <view name="nfi_search_consumers"/>
-      <view name="nfi_search_destinations"/>
-      <view name="nfi_search_violators"/>
-      <view name="nfi_search_connectors"/>
-      <view name="nfi_search_apps"/>
-      <view name="nfi_search_apps_users"/>
-    </collection>
-    <a href="flashtimeline?q=search%20`nfi_pan_unified`">Timeline</a>
-  </collection>
-  
-  <!-- Search -->
-  <view name="flashtimeline" />
-  <!--<collection label="Help">
-    <view name="readme"/>
-    <view name="faq" />
-  </collection>-->
-</nav>
+<nav search_view="search" color="#004f82">
+  <collection label="Palo Alto Networks">
+    <view name="overview" default="true"/>
+    <collection label="Search Palo Alto Networks Logs">
+      <a href="search">Search</a>
+      <a href="search?q=%60pan_traffic%60">Traffic Logs</a>
+      <a href="search?q=%60pan_threat%60">Threat Data</a>
+      <a href="search?q=%60pan_url%60">URL Logs</a>
+      <a href="search?q=%60pan_data%60">Data Filtering Logs</a>
+      <a href="search?q=%60pan_file%60">File Blocking Logs</a>
+      <a href="search?q=%60pan_wildfire%60">WildFire Logs</a>
+      <a href="search?q=%60pan_config%60">Config Messages</a>
+      <a href="search?q=%60pan_system%60">System Logs</a>
+    </collection>
+    <divider />
+    <a href="/manager/SplunkforPaloAltoNetworks/apps/local/SplunkforPaloAltoNetworks/setup?action=edit">Configuration</a>
+    <divider />
+    <a href="http://answers.splunk.com/ask/?appid=491" target="_blank">Send Feedback</a>
+  </collection>
+  
+  <collection label="Traffic">
+    <view name="traffic_overview" />
+    <divider />
+    <view name="web_usage_report" />
+    <divider />
+    <collection label="Searches &amp; Reports">
+      <a href="search?q=search%20%60pan_traffic%60">Search Traffic Data</a>
+      <divider />
+      <saved source="all" match="PAN - Traffic" view="search" />
+    </collection>
+  </collection>
+  
+  <collection label="Threat">
+    <view name="threat_overview" />
+    <view name="threat_detail" />
+    <divider />
+    <collection label="Searches &amp; Reports">
+      <a href="search?q=search%20%60pan_threat%60">Search Threat Data</a>
+      <divider />
+      <saved source="all" match="PAN - Threat" view="search" />
+    </collection>
+  </collection>
+  
+    <collection label="Content">
+    <view name="content_overview" />
+    <view name="url_filtering_overview" />
+    <view name="data_filtering_overview" />
+    <divider />
+    <collection label="Searches &amp; Reports">
+      <a href="search?q=search%20%60pan_web_activity%60">Search URL Data</a>
+      <a href="search?q=search%20%60pan_data_filtering%60">Search Data Filtering Data</a>
+      <divider />
+      <saved source="all" match="PAN - Threat" view="search" />
+    </collection>
+  </collection>
+
+  <collection label="WildFire">
+    <view name="wildfire_overview" />
+    <view name="wildfire_detail" />
+    <divider />
+    <collection label="Searches &amp; Reports">
+      <a href="search?q=search%20%60pan_wildfire%60">Search WildFire Log Data</a>
+      <a href="search?q=search%20%60pan_wildfire_report%60">Search WildFire Report Data</a>
+      <divider />
+      <saved source="all" match="PAN - WildFire" view="search" />
+    </collection>
+  </collection>
+  
+  <collection label="Console">
+    <view name="system_overview" />
+    <view name="config_overview" />
+    <divider />
+    <collection label="System Message Reports">
+      <a href="search?q=search%20%60pan_system%60">Search System Messages</a>
+      <divider />
+      <saved source="all" match="PAN - System" view="search" />
+    </collection>
+    <collection label="Configuration Reports">
+      <a href="search?q=search%20%60pan_config%60">Search Config Changes</a>
+      <divider />
+      <saved source="all" match="PAN - Config" view="search" />
+    </collection>
+  </collection>
+
+  <collection label="NetFlow">
+    <view name="nfi_about"/>
+    <divider />
+    <view name="nfi_overview"/>
+    <divider />
+    <view name="nfi_top_consumers"/>
+    <view name="nfi_top_destinations"/>
+    <view name="nfi_top_violators"/>
+    <view name="nfi_top_connectors"/>
+    <view name="nfi_top_apps"/>
+    <view name="nfi_top_apps_users"/>
+    <divider />
+    <collection label="Searches">
+      <view name="nfi_search_consumers"/>
+      <view name="nfi_search_destinations"/>
+      <view name="nfi_search_violators"/>
+      <view name="nfi_search_connectors"/>
+      <view name="nfi_search_apps"/>
+      <view name="nfi_search_apps_users"/>
+    </collection>
+    <a href="flashtimeline?q=search%20`nfi_pan_unified`">Timeline</a>
+  </collection>
+
+  <!-- Search -->
+  <view name="search" stylesheet="application.css"/>
+  <!--<collection label="Help">
+    <view name="readme"/>
+    <view name="faq" />
+  </collection>-->
+</nav>
diff --git a/default/data/ui/views/about.xml b/default/data/ui/views/about.xml
deleted file mode 100755
index f3080921..00000000
--- a/default/data/ui/views/about.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<view template="dashboard.html">
-  <label>About Splunk for Palo Alto Networks</label>
-  <module name="AccountBar" layoutPanel="appHeader" />
-  <module name="AppBar" layoutPanel="navigationHeader" />
-  <module name="Message" layoutPanel="messaging">
-    <param name="filter">*</param>
-    <param name="clearOnJobDispatch">False</param>
-    <param name="maxSize">1</param>
-  </module>
-  <module name="TitleBar" layoutPanel="navigationHeader">
-    <param name="showActionsMenu">False</param>
-  </module>
-  <module name="ServerSideInclude" layoutPanel="panel_row1_col1">
-    <param name="src">gettingstarted.html</param>
-  </module>
-</view>
diff --git a/default/data/ui/views/ammap_view.xml b/default/data/ui/views/ammap_view.xml
deleted file mode 100755
index d50e7a4e..00000000
--- a/default/data/ui/views/ammap_view.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<view template="dashboard.html">
-  <label>AMMAP View</label>
-  <module name="AccountBar" layoutPanel="appHeader"/>
-  <module name="AppBar" layoutPanel="navigationHeader"/>
-  <module name="Message" layoutPanel="messaging">
-    <param name="filter">*</param>
-    <param name="clearOnJobDispatch">False</param>
-    <param name="maxSize">1</param>
-  </module>
-  <module name="TitleBar" layoutPanel="viewHeader">
-    <param name="actionsMenuFilter">dashboard</param>
-  </module>  
-  <module name="SearchBar" layoutPanel="splSearchControls-inline">
-    <param name="useAssistant">true</param>
-    <param name="useTypeahead">true</param>
-    <param name="useOwnSubmitButton">False</param>
-    <module name="TimeRangePicker">
-      <param name="selected">All time</param>
-      <param name="searchWhenChanged">True</param>
-      <module name="SubmitButton">
-        <param name="allowSoftSubmit">True</param>
-        <module name="ViewRedirector" layoutPanel="viewHeader">
-          <param name="viewTarget">flashtimeline</param>
-        </module>
-      </module>    
-    </module>
-  </module>
-
-  <module name="ServerSideInclude" layoutPanel="panel_row1_col1">
-    <param name="src">ammap.html</param>
-  </module>
-
-
-</view>
diff --git a/default/data/ui/views/config_overview.xml b/default/data/ui/views/config_overview.xml
old mode 100755
new mode 100644
index e6359e0a..8022cdc3
--- a/default/data/ui/views/config_overview.xml
+++ b/default/data/ui/views/config_overview.xml
@@ -1,272 +1,243 @@
-<view template="dashboard.html" stylesheet="threat_overview.css">
+<form>
   <label>Config Dashboard</label>
-  <module name="AccountBar" layoutPanel="appHeader"/>
-  <module name="AppBar" layoutPanel="navigationHeader"/>
-  <module name="Message" layoutPanel="messaging">
-    <param name="filter">*</param>
-    <param name="clearOnJobDispatch">False</param>
-    <param name="maxSize">1</param>
-  </module>
-  <module name="TitleBar" layoutPanel="viewHeader">
-    <param name="actionsMenuFilter">dashboard</param>
-  </module>
-  <module name="GenericHeader" layoutPanel="panel_row1_col1">
-    <param name="label">Config Dashboard</param>
-  </module>
-  <module name="StaticContentSample" layoutPanel="panel_row1_col1">
-    <param name="text">This dashboard provides visibility into System changes and activity in your Palo Alto Networks
-      environment. Threats can be filtered by type using the form fields.
-    </param>
-  </module>
-  <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp1">
-    <param name="label">Admin:</param>
-    <param name="field">admin</param>
-    <param name="replacementMap">
-      <param name="arg">
-        <param name="admin">
-          <param name="value"></param>
-        </param>
-      </param>
-    </param>
-    <param name="intention">
-      <param name="name">stringreplace</param>
-      <param name="arg">
-        <param name="admin">
-          <param name="default"></param>
-          <param name="prefix">admin="</param>
-          <param name="suffix">"</param>
-          <param name="fillOnEmpty">false</param>
-        </param>
-      </param>
-    </param>
-    <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp1">
-      <param name="label">Command:</param>
-      <param name="field">cmd</param>
-      <param name="replacementMap">
-        <param name="arg">
-          <param name="cmd">
-            <param name="value"></param>
-          </param>
-        </param>
-      </param>
-      <param name="intention">
-        <param name="name">stringreplace</param>
-        <param name="arg">
-          <param name="cmd">
-            <param name="default"></param>
-            <param name="prefix">cmd="</param>
-            <param name="suffix">"</param>
-            <param name="fillOnEmpty">false</param>
-          </param>
-        </param>
-      </param>
-      <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp1">
-        <param name="label">Result:</param>
-        <param name="field">result</param>
-        <param name="replacementMap">
-          <param name="arg">
-            <param name="result">
-              <param name="value"></param>
-            </param>
-          </param>
-        </param>
-        <param name="intention">
-          <param name="name">stringreplace</param>
-          <param name="arg">
-            <param name="result">
-              <param name="default"></param>
-              <param name="prefix">result="</param>
-              <param name="suffix">"</param>
-              <param name="fillOnEmpty">false</param>
-            </param>
-          </param>
-        </param>
-        <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp2">
-          <param name="label">Virtual System:</param>
-          <param name="field">vsys</param>
-          <param name="replacementMap">
-            <param name="arg">
-              <param name="vsys">
-                <param name="value"></param>
-              </param>
-            </param>
-          </param>
-          <param name="intention">
-            <param name="name">stringreplace</param>
-            <param name="arg">
-              <param name="vsys">
-                <param name="default"></param>
-                <param name="prefix">vsys="</param>
-                <param name="suffix">"</param>
-                <param name="fillOnEmpty">false</param>
-              </param>
-            </param>
-          </param>
-
-          <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp2">
-            <param name="label">Client:</param>
-            <param name="field">client</param>
-            <param name="replacementMap">
-              <param name="arg">
-                <param name="client">
-                  <param name="value"></param>
-                </param>
-              </param>
-            </param>
-            <param name="intention">
-              <param name="name">stringreplace</param>
-              <param name="arg">
-                <param name="client">
-                  <param name="default"></param>
-                  <param name="prefix">client="</param>
-                  <param name="suffix">"</param>
-                  <param name="fillOnEmpty">false</param>
-                </param>
-              </param>
-            </param>
-
-
-            <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp2">
-              <param name="label">Host:</param>
-              <param name="field">host</param>
-              <param name="replacementMap">
-                <param name="arg">
-                  <param name="host">
-                    <param name="host"></param>
-                  </param>
-                </param>
-              </param>
-              <param name="intention">
-                <param name="name">stringreplace</param>
-                <param name="arg">
-                  <param name="host">
-                    <param name="default"></param>
-                    <param name="prefix">host="</param>
-                    <param name="suffix">"</param>
-                    <param name="fillOnEmpty">false</param>
-                  </param>
-                </param>
-              </param>
-              <module name="TimeRangePicker" layoutPanel="panel_row1_col1" autoRun="True">
-                <param name="selected">Last 60 minutes</param>
-                <param name="searchWhenChanged">True</param>
-
-                <module name="HiddenSearch" layoutPanel="panel_row2_col1" group="Latest Events">
-                  <param name="search">| `tstats` count(admin) FROM pan_config WHERE * $host$ $admin$ $client$ $result$
-                    $cmd$ groupby _time result serial_number host admin client cmd configuration_path span=5m | table
-                    _time result serial_number host admin client cmd configuration_path result
-                  </param>
-                  <module name="Paginator">
-                    <param name="count">10</param>
-                    <param name="entityName">results</param>
-                    <module name="SimpleResultsTable">
-                      <param name="drilldown">row</param>
-                      <param name="allowTransformedFieldSelect">True</param>
-                      <param name="drilldown">all</param>
-                      <module name="SimpleDrilldown">
-                        <param name="links">
-                          <param name="_time">./flashtimeline?q=`pan_config` _time="$row._time$"</param>
-                          <param name="result">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_config` result="$row.result"</param>
-                          <param name="serial_number">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_config` serial_number="$row.serial_number$"</param>
-                          <param name="host">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_config` host="$row.host"</param>
-                          <param name="admin">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_config` admin="$row.admin"</param>
-                          <param name="client">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_config` client="$row.client"</param>
-                          <param name="configuration_path">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_config` configuration_path="$row.configuration_path"</param>
-                        </param>
-                      </module>
-                    </module>
-                  </module>
-                </module>
-                <module name="HiddenSearch" layoutPanel="panel_row3_col1">
-                  <param name="search">| `tstats` count(cmd) AS cr FROM pan_config WHERE * $host$ $admin$ $client$
-                    $result$ $cmd$ groupby _time cmd span=5m| timechart values(cr) by cmd
-                  </param>
-                  <module name="HiddenChartFormatter">
-                    <param name="chartTitle">Config Events Over Time</param>
-                    <param name="chart">column</param>
-                    <param name="chart.stackMode">stacked</param>
-                    <param name="legend.placement">bottom</param>
-                    <module name="JSChart">
-                      <param name="width">100%</param>
-                      <module name="SimpleDrilldown">
-                        <param name="links">
-                          <param name="*">./flashtimeline?q=`pan_index` cmd="$click.name2$" earliest=$click.value$ [|
-                            stats count | eval latest = $click.value$ %2b 300 | fields latest]
-                          </param>
-                        </param>
-                      </module>
-                    </module>
-                  </module>
-                </module>
-                <module name="HiddenSearch" layoutPanel="panel_row3_col2">
-                  <param name="search">| `tstats` count(admin) AS ca FROM pan_config WHERE * $host$ $admin$ $client$
-                    $result$ $cmd$ groupby _time admin span=5m | timechart values(admin) by admin
-                  </param>
-                  <module name="HiddenChartFormatter">
-                    <param name="chartTitle">Configuration Administrators</param>
-                    <param name="chart">column</param>
-                    <param name="chart.stackMode">stacked</param>
-                    <param name="legend.placement">bottom</param>
-                    <module name="JSChart">
-                      <param name="width">100%</param>
-                      <module name="SimpleDrilldown">
-                        <param name="links">
-                          <param name="*">./flashtimeline?q=`pan_index` admin="$click.name2$" earliest=$click.value$ [|
-                            stats count | eval latest = $click.value$ %2b 300 | fields latest]
-                          </param>
-                        </param>
-                      </module>
-                    </module>
-                  </module>
-                </module>
-                <module name="HiddenSearch" layoutPanel="panel_row4_col1">
-                  <param name="search">| `tstats` count(client) AS cc FROM pan_config WHERE * $host$ $admin$ $client$
-                    $result$ $cmd$ $vsys$ groupby client
-                  </param>
-                  <module name="HiddenChartFormatter">
-                    <param name="chartTitle">Configuration Clients Used</param>
-                    <param name="chart">pie</param>
-                    <param name="legend.placement">bottom</param>
-                    <module name="JSChart">
-                      <param name="width">100%</param>
-                      <param name="height">250px</param>
-                      <module name="SimpleDrilldown">
-                        <param name="links">
-                          <param name="*">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index`
-                            $click.name$="$click.value$"
-                          </param>
-                        </param>
-                      </module>
-                    </module>
-                  </module>
-                </module>
-                <module name="HiddenSearch" layoutPanel="panel_row4_col2">
-                  <param name="search">| `tstats` count(result) AS cr FROM pan_config WHERE * $host$ $admin$ $client$
-                    $result$ $cmd$ $vsys$ groupby result
-                  </param>
-                  <module name="HiddenChartFormatter">
-                    <param name="chartTitle">Events by Results</param>
-                    <param name="chart">pie</param>
-                    <param name="legend.placement">bottom</param>
-                    <module name="JSChart">
-                      <param name="width">100%</param>
-                      <param name="height">250px</param>
-                      <module name="SimpleDrilldown">
-                        <param name="links">
-                          <param name="*">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index`
-                            $click.name$="$click.value$"
-                          </param>
-                        </param>
-                      </module>
-                    </module>
-                  </module>
-                </module>
-
-              </module>
-            </module>
-          </module>
-        </module>
-      </module>
-    </module>
-  </module>
-</view>
\ No newline at end of file
+  <fieldset autoRun="true" submitButton="true">
+    <input type="time" searchWhenChanged="true">
+      <default>
+        <earliestTime>-60m</earliestTime>
+        <latestTime>now</latestTime>
+      </default>
+    </input>
+    <input type="dropdown" token="admin">
+      <label>Admin</label>
+      <default></default>
+      <prefix>admin="</prefix>
+      <suffix>"</suffix>
+      <choice value="">ANY</choice>
+      <populatingSearch fieldForValue="admin" fieldForLabel="admin_with_count">|tstats count(admin) as count
+        FROM pan_config WHERE earliest=$earliest$ latest=$latest$ groupby admin
+        | eval admin_with_count = admin . " (" . count . ")"</populatingSearch>
+    </input>
+    <input type="dropdown" token="host">
+      <label>Host</label>
+      <default></default>
+      <prefix>host="</prefix>
+      <suffix>"</suffix>
+      <choice value="">ANY</choice>
+      <populatingSearch fieldForValue="host" fieldForLabel="host_with_count">|tstats count(host) as count
+        FROM pan_config WHERE earliest=$earliest$ latest=$latest$ groupby host
+        | eval host_with_count = host . " (" . count . ")"</populatingSearch>
+    </input>
+    <input type="dropdown" token="client">
+      <label>Client</label>
+      <default></default>
+      <prefix>client="</prefix>
+      <suffix>"</suffix>
+      <choice value="">ANY</choice>
+      <populatingSearch fieldForValue="client" fieldForLabel="client_with_count">|tstats count(client) as count
+        FROM pan_config WHERE earliest=$earliest$ latest=$latest$ groupby client
+        | eval client_with_count = client . " (" . count . ")"</populatingSearch>
+    </input>
+    <input type="dropdown" token="cmd">
+      <label>Command</label>
+      <default></default>
+      <prefix>cmd="</prefix>
+      <suffix>"</suffix>
+      <choice value="">ANY</choice>
+      <populatingSearch fieldForValue="cmd" fieldForLabel="cmd_with_count">|tstats count(cmd) as count
+        FROM pan_config WHERE earliest=$earliest$ latest=$latest$ groupby cmd
+        | eval cmd_with_count = cmd . " (" . count . ")"</populatingSearch>
+    </input>
+    <input type="dropdown" token="result">
+      <label>Result</label>
+      <default></default>
+      <prefix>result="</prefix>
+      <suffix>"</suffix>
+      <choice value="">ANY</choice>
+      <populatingSearch fieldForValue="result" fieldForLabel="result_with_count">|tstats count(result) as count
+        FROM pan_config WHERE earliest=$earliest$ latest=$latest$ groupby result
+        | eval result_with_count = result . " (" . count . ")"</populatingSearch>
+    </input>
+    <input type="dropdown" token="vsys">
+      <label>Virtual System</label>
+      <default></default>
+      <prefix>vsys="</prefix>
+      <suffix>"</suffix>
+      <choice value="">ANY</choice>
+      <populatingSearch fieldForValue="vsys" fieldForLabel="vsys_with_count">|tstats count(vsys) as count
+        FROM pan_config WHERE earliest=$earliest$ latest=$latest$ groupby vsys
+        | eval vsys_with_count = vsys . " (" . count . ")"</populatingSearch>
+    </input>
+  </fieldset>
+  <row>
+    <table>
+      <title>Latest Events</title>
+      <searchString>| tstats count(admin) FROM pan_config WHERE earliest=$earliest$ latest=$latest$ $host$ $admin$ $client$ $result$ $cmd$ $vsys$ groupby _time result serial_number host admin client cmd configuration_path | table _time result serial_number host admin client cmd configuration_path result | sort -_time</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">area</option>
+      <option name="charting.chart.nullValueMode">connect</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">stacked</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">bottom</option>
+      <option name="wrap">false</option>
+      <option name="displayRowNumbers">true</option>
+      <option name="dataOverlayMode">none</option>
+      <option name="drilldown">row</option>
+      <option name="count">10</option>
+      <drilldown>
+        <link field="_time">
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_config` _time="$row._time$"
+        ]]>
+        </link>
+        <link field="result">
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_config` result="$row.result$"&earliest=$earliest$&latest=$latest$
+          ]]>
+        </link>
+        <link field="serial_number">
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_config` serial_number="$row.serial_number$"&earliest=$earliest$&latest=$latest$
+          ]]>
+        </link>
+        <link field="host">
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_config` host="$row.host$"&earliest=$earliest$&latest=$latest$
+          ]]>
+        </link>
+        <link field="admin">
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_config` admin="$row.admin$"&earliest=$earliest$&latest=$latest$
+          ]]>
+        </link>
+        <link field="client">
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_config` client="$row.client$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+        <link field="configuration_path">
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_config` configuration_path="$row.configuration_path$"
+	  ]]>
+        </link>
+      </drilldown>
+    </table>
+  </row>
+  <row>
+    <chart>
+      <title>Config Events</title>
+      <searchString>| tstats count(cmd) AS cr FROM pan_config WHERE earliest=$earliest$ latest=$latest$ $host$ $admin$ $client$
+                    $result$ $cmd$ $vsys$ groupby _time cmd| timechart values(cr) by cmd</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">column</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">stacked</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">bottom</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` protocol="$click.name2$" [| stats count | eval latest = $click.value$ %2b 300 | fields latest] earliest = $click.value$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+    <chart>
+      <title>Configuration Administrators</title>
+      <searchString>| tstats count(admin) AS ca FROM pan_config WHERE earliest=$earliest$ latest=$latest$ $host$ $admin$ $client$ $result$ $cmd$ $vsys$ groupby _time admin | timechart values(admin) by admin</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">column</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">stacked</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">bottom</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` protocol="$click.name2$" [| stats count | eval latest = $click.value$ %2b 300 | fields latest] earliest = $click.value$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+  </row>
+  <row>
+    <chart>
+      <title>Clients Used</title>
+      <searchString>| tstats count(client) AS cc FROM pan_config WHERE earliest=$earliest$ latest=$latest$ $host$ $admin$ $client$ $result$ $cmd$ $vsys$ groupby client</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` $click.name$="$click.value$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+    <chart>
+      <title>Results</title>
+      <searchString>| tstats count(result) AS cr FROM pan_config WHERE earliest=$earliest$ latest=$latest$ $host$ $admin$ $client$ $result$ $cmd$ $vsys$ groupby result</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` $click.name$="$click.value$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+  </row>
+</form>
diff --git a/default/data/ui/views/content_overview.xml b/default/data/ui/views/content_overview.xml
old mode 100755
new mode 100644
index d95ead5e..39f25d3d
--- a/default/data/ui/views/content_overview.xml
+++ b/default/data/ui/views/content_overview.xml
@@ -1,241 +1,221 @@
-<view template="dashboard.html" stylesheet="threat_overview.css">
-  <label>Content Dashboard</label>
-  <module name="AccountBar" layoutPanel="appHeader"/>
-  <module name="AppBar" layoutPanel="navigationHeader"/>
-  <module name="Message" layoutPanel="messaging">
-    <param name="filter">*</param>
-    <param name="clearOnJobDispatch">False</param>
-    <param name="maxSize">1</param>
-  </module>
-  <module name="TitleBar" layoutPanel="viewHeader">
-    <param name="actionsMenuFilter">dashboard</param>
-  </module>
-  <module name="GenericHeader" layoutPanel="panel_row1_col1">
-    <param name="label">Content Dashboard</param>
-  </module>
-  <module name="StaticContentSample" layoutPanel="panel_row1_col1">
-    <param name="text">This dashboard provides visibility into various content activity in your Palo Alto Networks environment. Content can be filtered by type using the form fields.</param>
-  </module>
-  <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp1">
-    <param name="label">Source IP:</param>
-    <param name="field">src_ip</param>
-    <param name="replacementMap">
-      <param name="arg">
-        <param name="src_ip">
-          <param name="value"></param>
-        </param>
-      </param>
-    </param>
-    <param name="intention">
-      <param name="name">stringreplace</param>
-      <param name="arg">
-        <param name="src_ip">
-          <param name="default"></param>
-          <param name="prefix">src_ip="</param>
-          <param name="suffix">"</param>
-          <param name="fillOnEmpty">false</param>
-        </param>
-      </param>
-    </param>
-    <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp1">
-      <param name="label">Destination IP:</param>
-      <param name="field">dst_ip</param>
-      <param name="replacementMap">
-        <param name="arg">
-          <param name="dst_ip">
-            <param name="value"></param>
-          </param>
-        </param>
-      </param>
-      <param name="intention">
-        <param name="name">stringreplace</param>
-        <param name="arg">
-          <param name="dst_ip">
-            <param name="default"></param>
-            <param name="prefix">dst_ip="</param>
-            <param name="suffix">"</param>
-            <param name="fillOnEmpty">false</param>
-          </param>
-        </param>
-      </param>
-      <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp1">
-        <param name="label">Content Type:</param>
-        <param name="field">content_type</param>
-        <param name="replacementMap">
-          <param name="arg">
-            <param name="content_type">
-              <param name="value"></param>
-            </param>
-          </param>
-        </param>
-        <param name="intention">
-          <param name="name">stringreplace</param>
-          <param name="arg">
-            <param name="content_type">
-              <param name="default"></param>
-              <param name="prefix">content_type="</param>
-              <param name="suffix">"</param>
-              <param name="fillOnEmpty">false</param>
-            </param>
-          </param>
-        </param>
-        <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp2">
-          <param name="label">App:</param>
-          <param name="field">app</param>
-          <param name="replacementMap">
-            <param name="arg">
-              <param name="app">
-                <param name="value"></param>
-              </param>
-            </param>
-          </param>
-          <param name="intention">
-            <param name="name">stringreplace</param>
-            <param name="arg">
-              <param name="app">
-                <param name="default"></param>
-                <param name="prefix">app="</param>
-                <param name="suffix">"</param>
-                <param name="fillOnEmpty">false</param>
-              </param>
-            </param>
-          </param>
-          <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp2">
-            <param name="label">Category:</param>
-            <param name="field">category</param>
-            <param name="replacementMap">
-              <param name="arg">
-                <param name="category">
-                  <param name="value"></param>
-                </param>
-              </param>
-            </param>
-            <param name="intention">
-              <param name="name">stringreplace</param>
-              <param name="arg">
-                <param name="category">
-                  <param name="default"></param>
-                  <param name="prefix">category="</param>
-                  <param name="suffix">"</param>
-                  <param name="fillOnEmpty">false</param>
-                </param>
-              </param>
-            </param>
-            <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp2">
-              <param name="label">Virtual System:</param>
-              <param name="field">vsys</param>
-              <param name="replacementMap">
-                <param name="arg">
-                  <param name="vsys">
-                    <param name="value"></param>
-                  </param>
-                </param>
-              </param>
-              <param name="intention">
-                <param name="name">stringreplace</param>
-                <param name="arg">
-                  <param name="vsys">
-                    <param name="default"></param>
-                    <param name="prefix">vsys="</param>
-                    <param name="suffix">"</param>
-                    <param name="fillOnEmpty">false</param>
-                  </param>
-                </param>
-              </param>
-              <module name="TimeRangePicker" layoutPanel="panel_row1_col1" autoRun="True">
-                <param name="selected">Last 60 minutes</param>
-                <param name="searchWhenChanged">True</param>
-                <module name="ViewRedirectorLink">
-                  <param name="viewTarget">flashtimeline</param>
-                  <param name="label">View Full Report</param>
-                </module>
-                <module name="HiddenSearch" layoutPanel="panel_row2_col1">
-                  <param name="search">| `tstats` count(content_type) AS cc FROM pan_content WHERE * $vsys$ $app$ $category$ $dst_ip$ $src_ip$ $content_type$ groupby _time Major_Type span=5m| timechart values(cc) by Major_Type</param>
-                  <module name="HiddenChartFormatter">
-                    <param name="chartTitle">Major Content Types</param>
-                    <param name="chart">column</param>
-                    <param name="chart.stackMode">stacked</param>
-                    <param name="legend.placement">bottom</param>
-                    <module name="JSChart">
-                      <param name="width">100%</param>
-                      <module name="SimpleDrilldown">
-                        <param name="links">
-                          <param name="*">./flashtimeline?q=`pan_index` content_type="$click.name2$*" earliest=$click.value$ [| stats count | eval latest = $click.value$ %2b 300 | fields latest]</param>
-                        </param>
-                      </module>
-                    </module>
-                  </module>
-                </module>
-                <module name="HiddenSearch" layoutPanel="panel_row2_col2">
-                  <param name="search">| `tstats` count(content_type) AS cc FROM pan_content WHERE * $vsys$ $app$ $category$ $dst_ip$ $src_ip$ $content_type$ groupby _time content_type span=5m| timechart values(cc) by content_type</param>
-                  <module name="HiddenChartFormatter">
-                    <param name="chartTitle">Full Content Types</param>
-                    <param name="chart">column</param>
-                    <param name="chart.stackMode">stacked</param>
-                    <param name="legend.placement">bottom</param>
-                    <module name="JSChart">
-                      <param name="width">100%</param>
-                      <module name="SimpleDrilldown">
-                        <param name="links">
-                          <param name="*">./flashtimeline?q=`pan_index` content_type="$click.name2$"  earliest=$click.value$ [| stats count | eval latest = $click.value$ %2b 300 | fields latest]</param>
-                        </param>
-                      </module>
-                    </module>
-                  </module>
-                </module>
-                <module name="HiddenSearch" layoutPanel="panel_row3_col1" group="Content Types and Apps">
-                  <param name="search">|`tstats` count(content_type) AS cc FROM pan_content WHERE * $vsys$ $app$ $category$ $dst_ip$ $src_ip$ $content_type$ groupby app content_type | stats values(cc) AS Count by content_type app | rename app AS Application | rename content_type AS "Content Type"</param>
-                  <module name="Paginator">
-                    <param name="count">10</param>
-                    <param name="entityName">results</param>
-                    <module name="SimpleResultsTable">
-                      <param name="allowTransformedFieldSelect">True</param>
-                      <param name="drilldown">all</param>
-                      <module name="SimpleDrilldown">
-                        <param name="links">
-                          <param name="*">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` content_type="$row.Content Type$" app="$row.Application$"</param>
-                        </param>
-                      </module>
-                    </module>
-                  </module>
-                </module>
-                <module name="HiddenSearch" layoutPanel="panel_row3_col2" group="Non-Web Browsing Content Type">
-                  <param name="search">|`tstats` count(content_type) AS cc FROM pan_content WHERE * $vsys$ $app$ $category$ $dst_ip$ $src_ip$ $content_type$ groupby app content_type | where app != "web-browsing" | stats values(cc) AS Count by content_type app| rename app AS Application | rename content_type AS "Content Type"</param>
-                  <module name="Paginator">
-                    <param name="count">10</param>
-                    <param name="entityName">results</param>
-                    <module name="SimpleResultsTable">
-                      <param name="allowTransformedFieldSelect">True</param>
-                      <param name="drilldown">all</param>
-                      <module name="SimpleDrilldown">
-                        <param name="links">
-                          <param name="*">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` content_type="$row.Content Type$" app="$row.Application$"</param>
-                        </param>
-                      </module>
-                    </module>
-                  </module>
-                </module>
-                <module name="HiddenSearch" layoutPanel="panel_row3_col3" group="Content Types and Web Categories">
-                  <param name="search">|`tstats` count(content_type) AS cc FROM pan_content WHERE * $vsys$ $app$ $category$ $dst_ip$ $src_ip$ $content_type$ groupby category content_type | stats values(cc) AS Count by content_type category | rename category AS Category | rename content_type AS "Content Type"</param>
-                  <module name="Paginator">
-                    <param name="count">10</param>
-                    <param name="entityName">results</param>
-                    <module name="SimpleResultsTable">
-                      <param name="allowTransformedFieldSelect">True</param>
-                      <param name="drilldown">all</param>
-                      <module name="SimpleDrilldown">
-                        <param name="links">
-                          <param name="*">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` content_type="$row.Content Type$" category="$row.Category$"</param>
-                        </param>
-                      </module>
-                    </module>
-                  </module>
-                </module>
-              </module>
-            </module>
-          </module>
-        </module>
-      </module>
-    </module>
-  </module>
-</view>
\ No newline at end of file
+<form>
+  <label>Content Dashboard</label>
+  <fieldset autoRun="true" submitButton="true">
+    <input type="time" searchWhenChanged="true">
+      <default>
+        <earliestTime>-60m</earliestTime>
+        <latestTime>now</latestTime>
+      </default>
+    </input>
+    <input type="text" token="src_ip">
+      <label>Source IP</label>
+      <default></default>
+      <prefix>src_ip="</prefix>
+      <suffix>"</suffix>
+    </input>
+    <input type="text" token="dst_ip">
+      <label>Destination IP</label>
+      <default></default>
+      <prefix>dst_ip="</prefix>
+      <suffix>"</suffix>
+    </input>
+    <input type="dropdown" token="content_type">
+      <label>Content Type</label>
+      <default></default>
+      <prefix>content_type="</prefix>
+      <suffix>"</suffix>
+      <choice value="">ANY</choice>
+      <populatingSearch fieldForValue="content_type" fieldForLabel="content_type_with_count">| tstats count(content_type) as count
+        FROM pan_content WHERE earliest=$earliest$ latest=$latest$ groupby content_type
+        | eval content_type_with_count = content_type . " (" . count . ")"</populatingSearch>
+    </input>
+    <input type="dropdown" token="category">
+      <label>Category</label>
+      <default></default>
+      <prefix>category="</prefix>
+      <suffix>"</suffix>
+      <choice value="">ANY</choice>
+      <populatingSearch fieldForValue="category" fieldForLabel="category_with_count">| tstats count(category) as count
+        FROM pan_content WHERE earliest=$earliest$ latest=$latest$ groupby category
+        | eval category_with_count = category . " (" . count . ")"</populatingSearch>
+    </input>
+    <input type="dropdown" token="app">
+      <label>Application</label>
+      <default></default>
+      <prefix>app="</prefix>
+      <suffix>"</suffix>
+      <choice value="">ANY</choice>
+      <populatingSearch fieldForValue="app" fieldForLabel="app_with_count">| tstats count(app) as count
+        FROM pan_content WHERE earliest=$earliest$ latest=$latest$ groupby app
+        | eval app_with_count = app . " (" . count . ")"</populatingSearch>
+    </input>
+    <input type="dropdown" token="vsys">
+      <label>Virtual System</label>
+      <default></default>
+      <prefix>vsys="</prefix>
+      <suffix>"</suffix>
+      <choice value="">ANY</choice>
+      <populatingSearch fieldForValue="vsys" fieldForLabel="vsys_with_count">| tstats count(vsys) as count
+        FROM pan_content WHERE earliest=$earliest$ latest=$latest$ groupby vsys
+        | eval vsys_with_count = vsys . " (" . count . ")"</populatingSearch>
+    </input>
+  </fieldset>
+  <row>
+    <chart>
+      <title>Major Content Types</title>
+      <searchString>| tstats count(content_type) AS cc FROM pan_content WHERE earliest=$earliest$ latest=$latest$ $vsys$ $app$ $category$ $dst_ip$ $src_ip$ $content_type$ groupby _time Major_Type| timechart values(cc) by Major_Type</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">column</option>
+      <option name="charting.chart.nullValueMode">connect</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">stacked</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">bottom</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` content_type="$click.name2$*" [| stats count | eval latest = $click.value$ %2b 300 | fields latest] earliest = $click.value$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+    <chart>
+      <title>Full Content Types</title>
+      <searchString>| tstats count(content_type) AS cc FROM pan_content WHERE earliest=$earliest$ latest=$latest$ $vsys$ $app$ $category$ $dst_ip$ $src_ip$ $content_type$ groupby _time content_type| timechart values(cc) by content_type</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">column</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">stacked</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">bottom</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` content_type="$click.name2$" [| stats count | eval latest = $click.value$ %2b 300 | fields latest] earliest = $click.value$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+  </row>
+  <row>
+    <table>
+      <title>Content Types and Apps</title>
+      <searchString>| tstats count(content_type) AS cc FROM pan_content WHERE earliest=$earliest$ latest=$latest$ $vsys$ $app$ $category$ $dst_ip$ $src_ip$ $content_type$ groupby app content_type | stats values(cc) AS Count by content_type app | sort -Count | rename app AS Application | rename content_type AS "Content Type"</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <option name="list.drilldown">full</option>
+      <option name="list.wrap">1</option>
+      <option name="maxLines">5</option>
+      <option name="raw.drilldown">full</option>
+      <option name="rowNumbers">0</option>
+      <option name="table.drilldown">1</option>
+      <option name="table.sortDirection">asc</option>
+      <option name="table.wrap">1</option>
+      <option name="type">list</option>
+      <option name="wrap">true</option>
+      <option name="displayRowNumbers">true</option>
+      <option name="dataOverlayMode">none</option>
+      <option name="drilldown">row</option>
+      <option name="count">10</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` content_type="$row.Content Type$" app="$row.Application$"&earliest=$earliest$&latest=$latest$
+      ]]>
+        </link>
+      </drilldown>
+    </table>
+    <table>
+      <title>Non-Web Browsing Content Types</title>
+      <searchString>| tstats count(content_type) AS cc FROM pan_content WHERE earliest=$earliest$ latest=$latest$ $vsys$ $app$ $category$ $dst_ip$ $src_ip$ $content_type$ groupby app content_type | where app != "web-browsing" | stats values(cc) AS Count by content_type app | sort -Count | rename app AS Application | rename content_type AS "Content Type"</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <option name="wrap">true</option>
+      <option name="displayRowNumbers">true</option>
+      <option name="dataOverlayMode">none</option>
+      <option name="drilldown">row</option>
+      <option name="count">10</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` content_type="$row.Content Type$" app="$row.Application$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </table>
+    <table>
+      <title>Content Types and Web Categories</title>
+      <searchString>| tstats count(content_type) AS cc FROM pan_content WHERE earliest=$earliest$ latest=$latest$ $vsys$ $app$ $category$ $dst_ip$ $src_ip$ $content_type$ groupby category content_type | stats values(cc) AS Count by content_type category | sort -Count | rename category AS Category | rename content_type AS "Content Type"</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <option name="wrap">true</option>
+      <option name="displayRowNumbers">true</option>
+      <option name="dataOverlayMode">none</option>
+      <option name="drilldown">row</option>
+      <option name="count">10</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` content_type="$row.Content Type$" category="$row.Category$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </table>
+  </row>
+</form>
diff --git a/default/data/ui/views/data_filtering.xml b/default/data/ui/views/data_filtering.xml
deleted file mode 100755
index c639b19b..00000000
--- a/default/data/ui/views/data_filtering.xml
+++ /dev/null
@@ -1,276 +0,0 @@
-<view template="dashboard.html" stylesheet="threat_overview.css">
-  <label>Data Filtering Dashboard</label>
-  <module name="AccountBar" layoutPanel="appHeader" />
-  <module name="AppBar" layoutPanel="navigationHeader" />
-  <module name="Message" layoutPanel="messaging">
-    <param name="filter">*</param>
-    <param name="clearOnJobDispatch">False</param>
-    <param name="maxSize">1</param>
-  </module>
-  <module name="TitleBar" layoutPanel="viewHeader">
-    <param name="actionsMenuFilter">dashboard</param>
-  </module>
-  <module name="GenericHeader" layoutPanel="panel_row1_col1">
-    <param name="label">Data Filtering Dashboard</param>
-  </module>
-  <module name="StaticContentSample" layoutPanel="panel_row1_col1">
-    <param name="text">This dashboard provides visibility into data filetering activity in your Palo Alto Networks environment. Threats can be filtered by type using the form fields.</param>
-  </module>
-  <module name="ExtendedFieldSearch" layoutPanel="panel_row2_col1_grp1">
-    <param name="label">Source IP:</param>
-    <param name="field">src_ip</param>
-    <param name="replacementMap">
-      <param name="arg">
-        <param name="src_ip">
-          <param name="value"></param>
-        </param>
-      </param>
-    </param>
-    <param name="intention">
-      <param name="name">stringreplace</param>
-      <param name="arg">
-        <param name="src_ip">
-          <param name="default"></param>
-          <param name="prefix">src_ip="</param>
-          <param name="suffix">"</param>
-          <param name="fillOnEmpty">false</param>
-        </param>
-      </param>
-    </param>
-    <module name="ExtendedFieldSearch" layoutPanel="panel_row2_col1_grp1">
-      <param name="label">Destination IP:</param>
-      <param name="field">dst_ip</param>
-      <param name="replacementMap">
-        <param name="arg">
-          <param name="dst_ip">
-            <param name="value"></param>
-          </param>
-        </param>
-      </param>
-      <param name="intention">
-        <param name="name">stringreplace</param>
-        <param name="arg">
-          <param name="dst_ip">
-            <param name="default"></param>
-            <param name="prefix">dst_ip="</param>
-            <param name="suffix">"</param>
-            <param name="fillOnEmpty">false</param>
-          </param>
-        </param>
-      </param>
-      <module name="ExtendedFieldSearch" layoutPanel="panel_row2_col1_grp2">
-        <param name="label">Action:</param>
-        <param name="field">action</param>
-        <param name="replacementMap">
-          <param name="arg">
-            <param name="action">
-              <param name="value"></param>
-            </param>
-          </param>
-        </param>
-        <param name="intention">
-          <param name="name">stringreplace</param>
-          <param name="arg">
-            <param name="action">
-              <param name="default"></param>
-              <param name="prefix">action="</param>
-              <param name="suffix">"</param>
-              <param name="fillOnEmpty">false</param>
-            </param>
-          </param>
-        </param>
-       <module name="ExtendedFieldSearch" layoutPanel="panel_row2_col1_grp3">
-        <param name="label">User:</param>
-        <param name="field">src_user</param>
-        <param name="replacementMap">
-          <param name="arg">
-            <param name="src_user">
-              <param name="value"></param>
-            </param>
-          </param>
-        </param>
-        <param name="intention">
-          <param name="name">stringreplace</param>
-          <param name="arg">
-            <param name="src_user">
-              <param name="default"></param>
-              <param name="prefix">src_user="</param>
-              <param name="suffix">"</param>
-              <param name="fillOnEmpty">false</param>
-            </param>
-          </param>
-        </param>
-        <module name="ExtendedFieldSearch" layoutPanel="panel_row2_col1_grp4">
-            <param name="label">Virtual System:</param>
-            <param name="field">vsys</param>
-            <param name="replacementMap">
-              <param name="arg">
-                <param name="vsys">
-                  <param name="value"></param>
-                </param>
-              </param>
-            </param>
-            <param name="intention">
-              <param name="name">stringreplace</param>
-              <param name="arg">
-                <param name="vsys">
-                  <param name="default"></param>
-                  <param name="prefix">vsys="</param>
-                  <param name="suffix">"</param>
-                  <param name="fillOnEmpty">false</param>
-                </param>
-              </param>
-            </param>
-
-                 <module name="ExtendedFieldSearch" layoutPanel="panel_row2_col1_grp2">
-           <param name="label">Location:</param>
-            <param name="field">dst_location</param>
-            <param name="replacementMap">
-              <param name="arg">
-                <param name="dst_location">
-                  <param name="value"></param>
-                </param>
-              </param>
-            </param>
-            <param name="intention">
-              <param name="name">stringreplace</param>
-              <param name="arg">
-                <param name="dst_location">
-                  <param name="default"></param>
-                  <param name="prefix">dst_location="</param>
-                  <param name="suffix">"</param>
-                  <param name="fillOnEmpty">false</param>
-                </param>
-              </param>
-            </param>
-         <module name="ExtendedFieldSearch" layoutPanel="panel_row2_col1_grp3">
-          <param name="label">App:</param>
-          <param name="field">app</param>
-          <param name="replacementMap">
-            <param name="arg">
-              <param name="app">
-                <param name="value"></param>
-              </param>
-            </param>
-          </param>
-          <param name="intention">
-            <param name="name">stringreplace</param>
-            <param name="arg">
-              <param name="app">
-                <param name="default"></param>
-                <param name="prefix">app="</param>
-                <param name="suffix">"</param>
-                <param name="fillOnEmpty">false</param>
-              </param>
-            </param>
-          </param>
-          <module name="ExtendedFieldSearch" layoutPanel="panel_row2_col1_grp4">
-            <param name="label">Threat ID:</param>
-            <param name="field">threat_id</param>
-            <param name="replacementMap">
-              <param name="arg">
-                <param name="threat_id">
-                  <param name="value"></param>
-                </param>
-              </param>
-            </param>
-            <param name="intention">
-              <param name="name">stringreplace</param>
-              <param name="arg">
-                <param name="threat_id">
-                  <param name="default"></param>
-                  <param name="prefix">threat_id="</param>
-                  <param name="suffix">"</param>
-                  <param name="fillOnEmpty">false</param>
-                </param>
-              </param>
-            </param>
-            <module name="TimeRangePicker" layoutPanel="panel_row1_col1" autoRun="True">
-              <param name="selected">Last 60 minutes</param>
-              <param name="searchWhenChanged">True</param>
-                <module name="HiddenSearch" group="Data Events" layoutPanel="panel_row3_col1">
-                  <param name="search">| `tstats` count(action) AS ca FROM pan_data WHERE * $src_user$ $dst_location$ $src_ip$ $dst_ip$ $app$ $threat_id$ $action$ $vsys$ groupby _time action span=5m| timechart values(ca) by action</param>
-                  <module name="HiddenChartFormatter">
-                    <param name="chartTitle">Action</param>
-                    <param name="chart">column</param>
-                    <param name="chart.stackMode">stacked</param>
-                    <param name="legend.placement">bottom</param>
-                    <module name="JSChart">
-                      <param name="width">100%</param>
-                      <module name="SimpleDrilldown">
-                        <param name="links">
-                          <param name="*">./flashtimeline?q=`pan_index` action="$click.name2$"  earliest=$click.value$ [| stats count | eval latest = $click.value$ %2b 300 | fields latest]</param>
-                        </param>
-                      </module>
-                    </module>
-                  </module>
-                </module>
-                <module name="HiddenSearch" layoutPanel="panel_row3_col2">
-                  <param name="search">| `tstats` count(app) AS ca FROM pan_data WHERE * $src_user$ $dst_location$ $src_ip$ $dst_ip$ $app$ $threat_id$ $action$ $vsys$ groupby _time app span=5m| timechart values(ca) by app</param>
-                  <module name="HiddenChartFormatter">
-                    <param name="chartTitle">Application</param>
-                    <param name="chart">column</param>
-                    <param name="chart.stackMode">stacked</param>
-                    <param name="legend.placement">bottom</param>
-                    <module name="JSChart">
-                      <param name="width">100%</param>
-                      <module name="SimpleDrilldown">
-                        <param name="links">
-                          <param name="*">./flashtimeline?q=`pan_index` app="$click.name2$"  earliest=$click.value$ [| stats count | eval latest = $click.value$ %2b 300 | fields latest]</param>
-                        </param>
-                      </module>
-                    </module>
-                  </module>
-                </module>
-                <module name="HiddenSearch" layoutPanel="panel_row4_col1" group="Data Filter Events by Application">
-                  <param name="search">| `tstats` count(action) AS ca FROM pan_data WHERE * $src_user$ $dst_location$ $src_ip$ $dst_ip$ $app$ $threat_id$ $action$ $vsys$ groupby threat_id action src_ip app|
-                   stats values(ca) AS "Count" by threat_id action src_ip app | 
-                   rename threat_id AS "Threat ID" | 
-                   rename action AS Action | 
-                   rename src_ip AS "Source" |
-                   rename app AS Application </param>
-                  <module name="Paginator">
-                  <param name="count">10</param>
-                  <param name="entityName">results</param>
-                  <module name="SimpleResultsTable">
-                    <param name="allowTransformedFieldSelect">True</param>
-                    <param name="drilldown">all</param>
-                    <module name="SimpleDrilldown">
-                      <param name="links">
-                        <param name="*">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` threat_id="$row.Threat ID$" action="$row.Action$" src_ip="$row.Source$" app="$row.Application$" </param>
-                      </param>
-                    </module>
-                  </module>
-                </module>
-              </module>
-                <module name="HiddenSearch" layoutPanel="panel_row4_col2" group="Data Filter Events by Destination">
-                  <param name="search">| `tstats` count(action) AS ca FROM pan_data WHERE * $src_user$ $dst_location$ $src_ip$ $dst_ip$ $app$ $threat_id$ $action$ $vsys$ groupby action src_ip dst_ip dst_location |
-                   stats values(ca) AS "Count" by action src_ip dst_ip dst_location | 
-                   rename dst_ip AS "Destination" | 
-                   rename dst_location AS "Location" | 
-                   rename src_ip AS "Source" |
-                   rename app AS Application </param>
-                  <module name="Paginator">
-                  <param name="count">10</param>
-                  <param name="entityName">results</param>
-                  <module name="SimpleResultsTable">
-                    <param name="allowTransformedFieldSelect">True</param>
-                    <param name="drilldown">all</param>
-                    <module name="SimpleDrilldown">
-                      <param name="links">
-                        <param name="*">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` dst_ip="$row.Destination$" dst_location="$row.Location$" src_ip="$row.Source$" </param>
-                      </param>
-                    </module>
-                    </module>
-                  </module>
-                </module>
-              </module>
-            </module>
-          </module>
-        </module>
-      </module>
-    </module>
-  </module>
-</module>
-</module>
-</view>
diff --git a/default/data/ui/views/data_filtering_overview.xml b/default/data/ui/views/data_filtering_overview.xml
new file mode 100644
index 00000000..6c62128a
--- /dev/null
+++ b/default/data/ui/views/data_filtering_overview.xml
@@ -0,0 +1,186 @@
+<form>
+  <label>Data Filtering Dashboard</label>
+  <fieldset autoRun="true" submitButton="true">
+    <input type="time" searchWhenChanged="true">
+      <default>
+        <earliestTime>-60m</earliestTime>
+        <latestTime>now</latestTime>
+      </default>
+    </input>
+    <input type="text" token="src_ip">
+      <label>Source IP</label>
+      <default></default>
+      <prefix>src_ip="</prefix>
+      <suffix>"</suffix>
+    </input>
+    <input type="text" token="dst_ip">
+      <label>Destination IP</label>
+      <default></default>
+      <prefix>dst_ip="</prefix>
+      <suffix>"</suffix>
+    </input>
+    <input type="text" token="src_user">
+      <label>Source User</label>
+      <default></default>
+      <prefix>src_user="</prefix>
+      <suffix>"</suffix>
+    </input>
+    <input type="dropdown" token="app">
+      <label>Application</label>
+      <default></default>
+      <prefix>app="</prefix>
+      <suffix>"</suffix>
+      <choice value="">ANY</choice>
+      <populatingSearch fieldForValue="app" fieldForLabel="app_with_count">|tstats count(app) as count
+        FROM pan_data WHERE earliest=$earliest$ latest=$latest$ groupby app
+        | eval app_with_count = app . " (" . count . ")"</populatingSearch>
+    </input>
+    <input type="dropdown" token="action">
+      <label>Action</label>
+      <default></default>
+      <prefix>action="</prefix>
+      <suffix>"</suffix>
+      <choice value="">ANY</choice>
+      <populatingSearch fieldForValue="action" fieldForLabel="action_with_count">|tstats count(action) as count
+        FROM pan_data WHERE earliest=$earliest$ latest=$latest$ groupby action
+        | eval action_with_count = action . " (" . count . ")"</populatingSearch>
+    </input>
+    <input type="dropdown" token="vsys">
+      <label>Virtual System</label>
+      <default></default>
+      <prefix>vsys="</prefix>
+      <suffix>"</suffix>
+      <choice value="">ANY</choice>
+      <populatingSearch fieldForValue="vsys" fieldForLabel="vsys_with_count">|tstats count(vsys) as count
+        FROM pan_data WHERE earliest=$earliest$ latest=$latest$ groupby vsys
+        | eval vsys_with_count = vsys . " (" . count . ")"</populatingSearch>
+    </input>
+  </fieldset>
+  <row>
+    <chart>
+      <title>Data Events</title>
+      <searchString>| tstats count(action) AS ca FROM pan_data WHERE earliest=$earliest$ latest=$latest$ $src_user$ $src_ip$ $dst_ip$ $app$ $action$ $vsys$ groupby _time action| timechart values(ca) by action</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">column</option>
+      <option name="charting.chart.nullValueMode">connect</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">stacked</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">bottom</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+          /app/SplunkforPaloAltoNetworks/search?q=`pan_index` action="$click.name2$"  earliest=$click.value$ [| stats count | eval latest = $click.value$ %2b 300 | fields latest]
+      ]]>
+        </link>
+      </drilldown>
+    </chart>
+    <chart>
+      <title>Application</title>
+      <searchString>| tstats count(app) AS ca FROM pan_data WHERE earliest=$earliest$ latest=$latest$ $src_user$ $src_ip$ $dst_ip$ $app$ $action$ $vsys$ groupby _time app| timechart values(ca) by app</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">column</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">stacked</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">bottom</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` app="$click.name2$"  earliest=$click.value$ [| stats count | eval latest = $click.value$ %2b 300 | fields latest]
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+  </row>
+  <row>
+    <table>
+      <title>Data Filter Events by Application</title>
+      <searchString>| tstats count(action) AS ca FROM pan_data WHERE earliest=$earliest$ latest=$latest$ $src_user$ $src_ip$ $dst_ip$ $app$ $action$ $vsys$ groupby threat_id action src_ip app | stats values(ca) AS "Count" by threat_id action src_ip app | sort -Count | rename threat_id AS "Threat ID" | rename action AS Action | rename src_ip AS "Source" | rename app AS Application</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <option name="list.drilldown">full</option>
+      <option name="list.wrap">1</option>
+      <option name="maxLines">5</option>
+      <option name="raw.drilldown">full</option>
+      <option name="rowNumbers">0</option>
+      <option name="table.drilldown">1</option>
+      <option name="table.sortDirection">asc</option>
+      <option name="table.wrap">1</option>
+      <option name="type">list</option>
+      <option name="wrap">false</option>
+      <option name="displayRowNumbers">true</option>
+      <option name="dataOverlayMode">none</option>
+      <option name="drilldown">row</option>
+      <option name="count">10</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` threat_id="$row.Threat ID$" action="$row.Action$" src_ip="$row.Source$" app="$row.Application$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </table>
+    <table>
+      <title>Data Filter Events by Destination</title>
+      <searchString>| tstats count(action) AS ca FROM pan_data WHERE earliest=$earliest$ latest=$latest$ $src_user$ $src_ip$ $dst_ip$ $app$ $action$ $vsys$ groupby action src_ip dst_ip dst_location | stats values(ca) AS "Count" by action src_ip dst_ip dst_location | sort -Count | rename dst_ip AS "Destination" | rename dst_location AS "Location" | rename src_ip AS "Source" | rename app AS Application</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <option name="wrap">false</option>
+      <option name="displayRowNumbers">true</option>
+      <option name="dataOverlayMode">none</option>
+      <option name="drilldown">row</option>
+      <option name="count">10</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` dst_ip="$row.Destination$" dst_location="$row.Location$" src_ip="$row.Source$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </table>
+  </row>
+</form>
diff --git a/default/data/ui/views/faq.xml b/default/data/ui/views/faq.xml
deleted file mode 100644
index 3a02a618..00000000
--- a/default/data/ui/views/faq.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<view template="dashboard.html"> <label>FAQ</label> 
-    <module name="AccountBar" layoutPanel="appHeader"/> 
-    <module name="AppBar" layoutPanel="navigationHeader"/> 
-    <module name="ServerSideInclude" layoutPanel="panel_row1_col1"> 
-        <param name="src">faq.html</param> 
-    </module> 
-</view>
diff --git a/default/data/ui/views/nfi_overview.xml b/default/data/ui/views/nfi_overview.xml
index b2c435b9..37d83db1 100644
--- a/default/data/ui/views/nfi_overview.xml
+++ b/default/data/ui/views/nfi_overview.xml
@@ -1,5 +1,5 @@
 <view template="dashboard.html">
-  <label>Overview</label>
+  <label>NetFlow Overview</label>
   <module name="AccountBar" layoutPanel="appHeader"/>
   <module name="AppBar" layoutPanel="navigationHeader"/>
   <module name="Message" layoutPanel="messaging">
diff --git a/default/data/ui/views/overview.xml b/default/data/ui/views/overview.xml
new file mode 100644
index 00000000..5e3af34c
--- /dev/null
+++ b/default/data/ui/views/overview.xml
@@ -0,0 +1,110 @@
+<?xml version="1.0" encoding="utf-8"?><dashboard>
+  <label>Overview</label>
+  <description/>
+  <row>
+    <single>
+      <searchString>`pan_index` | stats dc(host)</searchString>
+      <earliestTime>rt-30s</earliestTime>
+      <latestTime>rt</latestTime>
+      <option name="classField">None</option>
+      <option name="underLabel">PAN Reporting</option>
+      <option name="linkView">search</option>
+    </single>
+    <single>
+      <searchString>`pan_index` | stats count</searchString>
+      <earliestTime>rt-30s</earliestTime>
+      <latestTime>rt</latestTime>
+      <option name="classField">None</option>
+      <option name="underLabel">Total Events</option>
+      <option name="linkView">search</option>
+    </single>
+    <single>
+      <searchString>`pan_index` action=block* OR action=deny | stats count</searchString>
+      <earliestTime>rt-30s</earliestTime>
+      <latestTime>rt</latestTime>
+      <option name="classField">None</option>
+      <option name="underLabel">Total Blocks</option>
+      <option name="linkView">search</option>
+    </single>
+    <single>
+      <searchString>`pan_index` sourcetype=pan_traffic NOT any| top limit=1 category</searchString>
+      <earliestTime>rt-30s</earliestTime>
+      <latestTime>rt</latestTime>
+      <option name="classField">None</option>
+      <option name="underLabel">Top Category</option>
+      <option name="linkView">search</option>
+    </single>
+  </row>
+  <row>
+    <chart>
+      <title>Event Types</title>
+      <searchString>`pan_index` sourcetype="pan_*" log_subtype="*" | timechart span=10s count by log_subtype</searchString>
+      <earliestTime>rt-5m</earliestTime>
+      <latestTime>rt</latestTime>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">area</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">stacked</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.gaugeAutoRanges">1</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <option name="classField">None</option>
+      <option name="dataOverlayMode">none</option>
+      <option name="displayRowNumbers">false</option>
+      <option name="drilldown">cell</option>
+      <option name="histogram">0</option>
+      <option name="list.drilldown">full</option>
+      <option name="list.wrap">1</option>
+      <option name="maxLines">5</option>
+      <option name="raw.drilldown">full</option>
+      <option name="rowNumbers">0</option>
+      <option name="table.drilldown">0</option>
+      <option name="table.sortDirection">asc</option>
+      <option name="table.wrap">1</option>
+      <option name="type">list</option>
+      <option name="wrap">true</option>
+      <option name="count">10</option>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.axisTitleY.text">Events</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+              /app/SplunkforPaloAltoNetworks/search?q=`pan_index` sourcetype="pan_*" log_subtype="$click.name2$"&earliest=-5m&latest=now
+              ]]>
+        </link>
+      </drilldown>
+    </chart>
+    <table>
+      <title>Top Applications</title>
+      <searchName>PAN - Traffic - Applications</searchName>
+      <option name="afterLabel">Total Events</option>
+      <option name="classField">None</option>
+      <option name="dataOverlayMode">none</option>
+      <option name="displayRowNumbers">true</option>
+      <option name="drilldown">cell</option>
+      <option name="wrap">false</option>
+      <option name="count">10</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+              /app/SplunkforPaloAltoNetworks/search?q=`pan_index` sourcetype="pan_traffic" app="$click.value$"&earliest=-5m&latest=now
+              ]]>
+        </link>
+      </drilldown>
+    </table>
+  </row>
+  <row>
+    <map>
+      <title>Applications by Destination IP Location</title>
+      <searchString>`pan_traffic` | iplocation "dst_ip" | geostats count by app</searchString>
+      <earliestTime>rt-5m</earliestTime>
+      <latestTime>rt</latestTime>
+    </map>
+  </row>
+</dashboard>
\ No newline at end of file
diff --git a/default/data/ui/views/pan_overview_switcher_maps.xml b/default/data/ui/views/pan_overview_switcher_maps.xml
deleted file mode 100755
index 88af9435..00000000
--- a/default/data/ui/views/pan_overview_switcher_maps.xml
+++ /dev/null
@@ -1,222 +0,0 @@
-<view template="dashboard.html" stylesheet="pan_overview.css" refresh="600">
-  <label>PAN Overview</label>
-  <module name="AccountBar" layoutPanel="appHeader"/>
-  <module name="AppBar" layoutPanel="navigationHeader"/>
-  <module name="Message" layoutPanel="messaging">
-    <param name="filter">*</param>
-    <param name="clearOnJobDispatch">False</param>
-    <param name="maxSize">1</param>
-  </module>
-  <module name="TitleBar" layoutPanel="viewHeader">
-    <param name="actionsMenuFilter">dashboard</param>
-  </module>  
-
-  <module name="NullModule" layoutPanel="panel_row1_col1" autoRun="True">
-  <module name="HiddenSearch" layoutPanel="panel_row1_col1_grp1" autoRun="True">
-    <param name="search"> `pan_index` | stats dc(host)</param>
-    <param name="earliest">rt-30s</param>
-    <param name="latest">rt</param>
-    <module name="ViewstateAdapter">
-      <param name="suppressionList">
-        <item>field</item>
-        <item>afterLabel</item>
-        <item>classField</item>
-      </param>
-      <module name="HiddenFieldPicker">
-        <param name="strictMode">True</param>
-        <module name="JobProgressIndicator">
-          <module name="SingleValue">
-            <param name="field">dc(host)</param>
-            <param name="afterLabel">PAN Reporting</param>
-            <param name="classField">range</param>
-            <module name="Gimp"/>
-          </module>
-        </module>
-      </module>
-    </module>
-  </module>
-
-<module name="HiddenSearch" layoutPanel="panel_row1_col1_grp2" autoRun="True">
-    <param name="search">`pan_index` | stats count</param>
-    <param name="earliest">rt-30s</param>
-    <param name="latest">rt</param>
-    <module name="ViewstateAdapter">
-      <param name="suppressionList">
-        <item>field</item>
-        <item>afterLabel</item>
-        <item>classField</item>
-      </param>
-      <module name="HiddenFieldPicker">
-        <param name="strictMode">True</param>
-        <module name="JobProgressIndicator">
-          <module name="SingleValue">
-            <param name="field">count</param>
-            <param name="afterLabel">Events</param>
-            <param name="classField">range</param>
-            <module name="Gimp"/>
-          </module>
-        </module>
-      </module>
-    </module>
-  </module>
-  
-  <module name="HiddenSearch" layoutPanel="panel_row1_col1_grp3" autoRun="True">
-    <param name="search">`pan_index` sourcetype=pan_threat action=block-url | stats count</param>
-    <param name="earliest">rt-30s</param>
-    <param name="latest">rt</param>
-    <module name="ViewstateAdapter">
-      <param name="suppressionList">
-        <item>field</item>
-        <item>afterLabel</item>
-        <item>classField</item>
-      </param>
-      <module name="HiddenFieldPicker">
-        <param name="strictMode">True</param>
-        <module name="JobProgressIndicator">
-          <module name="SingleValue">
-            <param name="field">count</param>
-            <param name="afterLabel">Block-URL</param>
-            <param name="classField">range</param>
-            <module name="Gimp"/>
-          </module>
-        </module>
-      </module>
-    </module>
-  </module>
-  
-    <module name="HiddenSearch" layoutPanel="panel_row1_col1_grp4" autoRun="True">
-    <param name="search">`pan_index` sourcetype=pan_threat | stats count by category | sort -count | head 1</param>
-    <param name="earliest">rt-30s</param>
-    <param name="latest">rt</param>
-    <module name="ViewstateAdapter">
-      <param name="suppressionList">
-        <item>field</item>
-        <item>afterLabel</item>
-        <item>classField</item>
-      </param>
-      <module name="HiddenFieldPicker">
-        <param name="strictMode">True</param>
-        <module name="JobProgressIndicator">
-          <module name="SingleValue">
-            <param name="field">category</param>
-            <param name="afterLabel">Top Category</param>
-            <param name="classField">range</param>
-            <module name="Gimp"/>
-          </module>
-        </module>
-      </module>
-    </module>
-  </module>
-</module>
-  
-  <module name="LinkSwitcher" layoutPanel="panel_row2_col1">
-    <param name="mode">independent</param>
-    <param name="label">Maps</param>
-    
-    <module name="HiddenSearch" layoutPanel="panel_row2_col1" autoRun="true">
-  	 <param name="groupLabel">Google Map</param>
-     <param name="search">`pan_index` sourcetype="pan_traffic" | rename dst_ip as clientip| localop | geoip clientip</param>
-  	 <param name="earliest">rt-5m</param>
-   	 <param name="latest">rt</param>
-      
-      <module name="GoogleMaps" layoutPanel="panel_row2_col1">
-        <param name="mapStyles">roadmap,terrain,satellite</param>
-        <param name="mapType">roadmap</param>
-        <param name="drilldown">true</param>
-        <param name="overlay">clusters</param>
-        <param name="overlay.style">m</param>
-        <param name="overlay.opacity">0.75</param>
-        <param name="overlay.rangeMap">0, 100, 500, 1000, 10000</param>
-        <param name="overlay.roundQuantity">true</param>
-        <param name="height">500px</param>
-        <param name="scrollwheel">on</param>
-           
-        <module name="GeoDrilldown" layoutPanel="panel_row2_col1">
-            <module name="ViewRedirector">
-                <param name="popup">true</param>
-                <param name="viewTarget">flashtimeline</param>
-            </module>
-        </module>
-    </module>
-</module>
-  
-    <module name="HiddenSearch" autoRun="True">
-      <param name="groupLabel">Ammap</param>
-    <param name="search">`pan_index` sourcetype="pan_traffic" | stats count by dst_ip | eval count_label="Event" | eval iterator="dst_ip" | eval iterator_label="IP" | eval movie_color="#33CCFF" | eval output_file="realtime_threat_data.xml" | eval app="SplunkforPaloAltoNetworks" | lookup geoip clientip as dst_ip | mapit</param>
-    <param name="earliest">rt-30s</param>
-    <param name="latest">rt</param>
-  <module name="ServerSideInclude" layoutPanel="panel_row2_col1">
-    <param name="src">realtime_ammap.html</param>
-  </module>
-	<module name="JobProgressIndicator"/>
-</module>
-
-</module>
-
-<module name="HiddenSearch" layoutPanel="panel_row2_col2" autoRun="True">
-    <param name="search">`pan_index` sourcetype=pan_* log_subtype=* | timechart span=10s count by log_subtype</param>
-    <param name="earliest">rt-5m</param>
-    <param name="latest">rt</param>
-    <module name="ViewstateAdapter">
-      <param name="suppressionList">
-        <item>charting.chart</item>
-      </param>
-      <module name="HiddenFieldPicker">
-        <param name="strictMode">True</param>
-        <module name="JobProgressIndicator">
-          <module name="EnablePreview">
-            <param name="enable">True</param>
-            <param name="display">False</param>
-            <module name="HiddenChartFormatter">
-              <param name="chartTitle">Event Types</param>
-              <param name="primaryAxisTitle.text"> </param>
-              <param name="charting.chart">area</param>
-              <param name="charting.chart.stackMode">stacked</param>
-              <param name="charting.chart.nullValueMode">gaps</param>
-              <param name="charting.secondaryAxisTitle.text">Events</param>
-              <module name="JSChart">
-                <param name="width">100%</param>
-                <module name="SimpleDrilldown">
-                  <param name="links">
-                    <param name="*">./flashtimeline?q=`pan_index` log_subtype="$click.name2$" [| stats count | eval latest = $click.value$ %2b 10 | fields latest] earliest = $click.value$</param>
-                  </param>
-                </module>
-              </module>
-            </module>
-          </module>
-        </module>
-      </module>
-    </module>
-  </module>
-  
-    <module name="HiddenSavedSearch" layoutPanel="panel_row2_col2" autoRun="True">
-    <param name="savedSearch">PAN - Traffic - Applications</param>
-    <module name="ViewstateAdapter">
-      <param name="suppressionList"/>
-      <param name="savedSearch">PAN - Traffic - Applications</param>
-      <module name="HiddenFieldPicker">
-        <param name="strictMode">True</param>
-        <module name="JobProgressIndicator"/>
-        <module name="Paginator">
-          <param name="count">10</param>
-          <param name="entityName">results</param>
-          <module name="EnablePreview">
-            <param name="enable">True</param>
-            <param name="display">False</param>
-            <module name="SimpleResultsTable">
-              <param name="entityName">results</param>
-              <param name="allowTransformedFieldSelect">True</param>
-              <param name="drilldown">all</param>
-              <module name="SimpleDrilldown">
-                <param name="links">
-                  <param name="*">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` app="$row.Application$" vsys="$row.VSYS$" src_zone="$row.Source Zone$"</param>
-                </param>
-              </module>
-            </module>
-          </module>
-        </module>
-      </module>
-    </module>
-  </module>
-
-</view>
\ No newline at end of file
diff --git a/default/data/ui/views/readme.xml b/default/data/ui/views/readme.xml
deleted file mode 100644
index 9dda148e..00000000
--- a/default/data/ui/views/readme.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<view template="dashboard.html"> <label>Readme</label> 
-    <module name="AccountBar" layoutPanel="appHeader"/> 
-    <module name="AppBar" layoutPanel="navigationHeader"/> 
-    <module name="ServerSideInclude" layoutPanel="panel_row1_col1"> 
-        <param name="src">README.html</param> 
-    </module> 
-</view>
diff --git a/default/data/ui/views/system_overview.xml b/default/data/ui/views/system_overview.xml
old mode 100755
new mode 100644
index 76e457d1..7020b529
--- a/default/data/ui/views/system_overview.xml
+++ b/default/data/ui/views/system_overview.xml
@@ -1,211 +1,169 @@
-<view template="dashboard.html" stylesheet="threat_overview.css">
+<form>
   <label>System Dashboard</label>
-  <module name="AccountBar" layoutPanel="appHeader" />
-  <module name="AppBar" layoutPanel="navigationHeader" />
-  <module name="Message" layoutPanel="messaging">
-    <param name="filter">*</param>
-    <param name="clearOnJobDispatch">False</param>
-    <param name="maxSize">1</param>
-  </module>
-  <module name="TitleBar" layoutPanel="viewHeader">
-    <param name="actionsMenuFilter">dashboard</param>
-  </module>
-  <module name="GenericHeader" layoutPanel="panel_row1_col1">
-    <param name="label">System Dashboard</param>
-  </module>
-  <module name="StaticContentSample" layoutPanel="panel_row1_col1">
-    <param name="text">This dashboard provides visibility into System changes and activity in your Palo Alto Networks environment. Threats can be filtered by type using the form fields.</param>
-  </module>
-        <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp1">
-        <param name="label">Log Subtype:</param>
-        <param name="field">log_subtype</param>
-        <param name="replacementMap">
-          <param name="arg">
-            <param name="log_subtype">
-              <param name="value"></param>
-            </param>
-          </param>
-        </param>
-        <param name="intention">
-          <param name="name">stringreplace</param>
-          <param name="arg">
-            <param name="log_subtype">
-              <param name="default"></param>
-              <param name="prefix">log_subtype="</param>
-              <param name="suffix">"</param>
-              <param name="fillOnEmpty">false</param>
-            </param>
-          </param>
-        </param>
-        <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp1">
-          <param name="label">Event Id:</param>
-          <param name="field">event_id</param>
-          <param name="replacementMap">
-            <param name="arg">
-              <param name="event_id">
-                <param name="value"></param>
-              </param>
-            </param>
-          </param>
-          <param name="intention">
-            <param name="name">stringreplace</param>
-            <param name="arg">
-              <param name="event_id">
-                <param name="default"></param>
-                <param name="prefix">event_id="</param>
-                <param name="suffix">"</param>
-                <param name="fillOnEmpty">false</param>
-              </param>
-            </param>
-          </param>
-  <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp1">
-    <param name="label">Serial Number:</param>
-    <param name="field">serial_number</param>
-    <param name="replacementMap">
-      <param name="arg">
-        <param name="serial_number">
-          <param name="value"></param>
-        </param>
-      </param>
-    </param>
-    <param name="intention">
-      <param name="name">stringreplace</param>
-      <param name="arg">
-        <param name="serial_number">
-          <param name="default"></param>
-          <param name="prefix">serial_number="</param>
-          <param name="suffix">"</param>
-          <param name="fillOnEmpty">false</param>
-        </param>
-      </param>
-    </param>
-    <!--<module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp2">
-      <param name="label">Virtual System:</param>
-      <param name="field">vsys</param>
-      <param name="replacementMap">
-        <param name="arg">
-          <param name="vsys">
-            <param name="value"></param>
-          </param>
-        </param>
-      </param>
-      <param name="intention">
-        <param name="name">stringreplace</param>
-        <param name="arg">
-          <param name="vsys">
-            <param name="default"></param>
-            <param name="prefix">vsys="</param>
-            <param name="suffix">"</param>
-            <param name="fillOnEmpty">false</param>
-          </param>
-        </param>
-      </param>
-        -->
-          <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp2">
-            <param name="label">Severity:</param>
-            <param name="field">severity</param>
-            <param name="replacementMap">
-              <param name="arg">
-                <param name="severity">
-                  <param name="value"></param>
-                </param>
-              </param>
-            </param>
-            <param name="intention">
-              <param name="name">stringreplace</param>
-              <param name="arg">
-                <param name="severity">
-                  <param name="default"></param>
-                  <param name="prefix">severity="</param>
-                  <param name="suffix">"</param>
-                  <param name="fillOnEmpty">false</param>
-                </param>
-              </param>
-            </param><module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp2">
-            <param name="label">Description:</param>
-            <param name="field">description</param>
-            <param name="replacementMap">
-              <param name="arg">
-                <param name="description">
-                  <param name="value"></param>
-                </param>
-              </param>
-            </param>
-            <param name="intention">
-              <param name="name">stringreplace</param>
-              <param name="arg">
-                <param name="description">
-                  <param name="default"></param>
-                  <param name="prefix">description="</param>
-                  <param name="suffix">"</param>
-                  <param name="fillOnEmpty">false</param>
-                </param>
-              </param>
-            </param>
-            <module name="TimeRangePicker" layoutPanel="panel_row1_col1" autoRun="True">
-              <param name="selected">Last 60 minutes</param>
-              <param name="searchWhenChanged">True</param>
-              
-                <module name="HiddenSearch" layoutPanel="panel_row2_col1" group="Latest Events">
-                <param name="search">| `tstats` count(description) AS cls FROM pan_system WHERE * $serial_number$ $description$ $log_subtype$ $severity$ $event_id$ groupby _time serial_number description log_subtype severity event_id span=5m |
-                  table _time serial_number description log_subtype severity event_id</param>
-                <module name="Paginator">
-                  <param name="count">10</param>
-                  <param name="entityName">results</param>
-                  <module name="SimpleResultsTable">
-                    <param name="drilldown">all</param>
-                    <module name="SimpleDrilldown">
-                      <param name="links">
-                        <param name="_time">./flashtimeline?q=`pan_index` _time="$row._time$"</param>
-                        <param name="serial_number">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` serial_number="$row.serial_number$"</param>
-                        <param name="description">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` description="$row.description$"</param>
-                        <param name="log_subtype">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` log_subtype="$row.log_subtype$"</param>
-                        <param name="severity">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` severity="$row.severity$"</param>
-                        <param name="event_id">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` event_id="$row.event_id$"</param>
-                      </param>
-                    </module>
-                  </module>
-                </module>
-              </module>
-                <module name="HiddenSearch" layoutPanel="panel_row3_col1">
-                  <param name="search">|`tstats` count(log_subtype) AS ce FROM pan_system WHERE * $serial_number$ $description$ $log_subtype$ $severity$ $event_id$ groupby _time log_subtype span=5m | timechart values(ce) by log_subtype</param>
-                  <module name="HiddenChartFormatter">
-                    <param name="chartTitle">System Events Over Time</param>
-                    <param name="chart">column</param>
-                    <param name="chart.stackMode">stacked</param>
-                    <param name="legend.placement">bottom</param>
-                    <module name="JSChart">
-                      <param name="width">100%</param>
-                      <module name="SimpleDrilldown">
-                        <param name="links">
-                          <param name="*">./flashtimeline?q=`pan_index` log_subtype="$click.name2$" [| stats count | eval latest = $click.value$ %2b 300 | fields latest] earliest = $click.value$</param>
-                        </param>
-                      </module>
-                    </module>
-                  </module>
-                </module>
-                <module name="HiddenSearch" layoutPanel="panel_row3_col2">
-                  <param name="search">| `tstats` count(severity) AS cs FROM pan_system WHERE * $serial_number$ $description$ $log_subtype$ $severity$ $event_id$  groupby _time severity span=5m | timechart values(cs) by severity </param>
-                  <module name="HiddenChartFormatter">
-                    <param name="chartTitle">Severity over Time</param>
-                    <param name="chart">column</param>
-                    <param name="chart.stackMode">stacked</param>
-                    <param name="legend.placement">bottom</param>
-                    <module name="JSChart">
-                      <param name="width">100%</param>
-                      <module name="SimpleDrilldown">
-                        <param name="links">
-                          <param name="*">./flashtimeline?q=`pan_index` severity="$click.name2$" [| stats count | eval latest = $click.value$ %2b 300 | fields latest] earliest = $click.value$</param>
-                        </param>
-                      </module>
-                    </module>
-                  </module>
-                </module>
-
-              </module>
-            </module>
-          </module>
-        </module>
-      </module>
-    </module>
-</view>
\ No newline at end of file
+  <fieldset autoRun="true" submitButton="true">
+    <input type="time" searchWhenChanged="true">
+      <default>
+        <earliestTime>-60m</earliestTime>
+        <latestTime>now</latestTime>
+      </default>
+    </input>
+    <input type="dropdown" token="log_subtype">
+      <label>Log Subtype</label>
+      <default></default>
+      <prefix>log_subtype="</prefix>
+      <suffix>"</suffix>
+      <choice value="">ANY</choice>
+      <populatingSearch fieldForValue="log_subtype" fieldForLabel="log_subtype_with_count">|tstats count(log_subtype) as count
+        FROM pan_system WHERE earliest=$earliest$ latest=$latest$ groupby log_subtype
+        | eval log_subtype_with_count = log_subtype . " (" . count . ")"</populatingSearch>
+    </input>
+    <input type="dropdown" token="event_id">
+      <label>Event ID</label>
+      <default></default>
+      <prefix>event_id="</prefix>
+      <suffix>"</suffix>
+      <choice value="">ANY</choice>
+      <populatingSearch fieldForValue="event_id" fieldForLabel="event_id_with_count">|tstats count(event_id) as count
+        FROM pan_system WHERE earliest=$earliest$ latest=$latest$ groupby event_id
+        | eval event_id_with_count = event_id . " (" . count . ")"</populatingSearch>
+    </input>
+    <input type="dropdown" token="serial_number">
+      <label>Serial Number</label>
+      <default></default>
+      <prefix>serial_number="</prefix>
+      <suffix>"</suffix>
+      <choice value="">ANY</choice>
+      <populatingSearch fieldForValue="serial_number" fieldForLabel="serial_number_with_count">|tstats count(serial_number) as count
+        FROM pan_system WHERE earliest=$earliest$ latest=$latest$ groupby serial_number
+        | eval serial_number_with_count = serial_number . " (" . count . ")"</populatingSearch>
+    </input>
+    <input type="dropdown" token="severity">
+      <label>Severity</label>
+      <default></default>
+      <prefix>severity="</prefix>
+      <suffix>"</suffix>
+      <choice value="">ANY</choice>
+      <populatingSearch fieldForValue="severity" fieldForLabel="severity_with_count">|tstats count(severity) as count
+        FROM pan_system WHERE earliest=$earliest$ latest=$latest$ groupby severity
+        | eval severity_with_count = severity . " (" . count . ")"</populatingSearch>
+    </input>
+    <input type="text" token="description">
+      <label>Description</label>
+      <default></default>
+      <prefix>description="</prefix>
+      <suffix>"</suffix>
+    </input>
+  </fieldset>
+  <row>
+    <table>
+      <title>Latest Events</title>
+      <searchString>| tstats count(description) AS cls FROM pan_system WHERE earliest=$earliest$ latest=$latest$ $serial_number$ $description$ $log_subtype$ $severity$ $event_id$ groupby _time serial_number description log_subtype severity event_id | table _time serial_number description log_subtype severity event_id | sort -_time</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">area</option>
+      <option name="charting.chart.nullValueMode">connect</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">stacked</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">bottom</option>
+      <option name="wrap">false</option>
+      <option name="displayRowNumbers">true</option>
+      <option name="dataOverlayMode">none</option>
+      <option name="drilldown">cell</option>
+      <option name="count">10</option>
+      <drilldown>
+        <link field="_time">
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` _time="$row._time$"
+        ]]>
+        </link>
+        <link field="serial_number">
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` serial_number="$row.serial_number$"&earliest=$earliest$&latest=$latest$
+          ]]>
+        </link>
+        <link field="description">
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` description="$row.description$"&earliest=$earliest$&latest=$latest$
+          ]]>
+        </link>
+        <link field="log_subtype">
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` log_subtype="$row.log_subtype$"&earliest=$earliest$&latest=$latest$
+          ]]>
+        </link>
+        <link field="severity">
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` severity="$row.severity$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+        <link field="event_id">
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` event_id="$row.event_id$"
+	  ]]>
+        </link>
+      </drilldown>
+    </table>
+  </row>
+  <row>
+    <chart>
+      <title>System Events Over Time</title>
+      <searchString>| tstats count(log_subtype) AS ce FROM pan_system WHERE earliest=$earliest$ latest=$latest$ $serial_number$ $description$ $log_subtype$ $severity$ $event_id$ groupby _time log_subtype | timechart values(ce) by log_subtype</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">column</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">stacked</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">bottom</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` log_subtype="$click.name2$" [| stats count | eval latest = $click.value$ %2b 300 | fields latest] earliest = $click.value$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+    <chart>
+      <title>Severity</title>
+      <searchString>| tstats count(severity) AS cs FROM pan_system WHERE earliest=$earliest$ latest=$latest$ $serial_number$ $description$ $log_subtype$ $severity$ $event_id$  groupby _time severity | timechart values(cs) by severity</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">column</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">stacked</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">bottom</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` severity="$click.name2$" [| stats count | eval latest = $click.value$ %2b 300 | fields latest] earliest = $click.value$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+  </row>
+</form>
diff --git a/default/data/ui/views/threat_detail.xml b/default/data/ui/views/threat_detail.xml
old mode 100755
new mode 100644
index f5fdace5..1c4ec7a6
--- a/default/data/ui/views/threat_detail.xml
+++ b/default/data/ui/views/threat_detail.xml
@@ -1,216 +1,166 @@
-<view template="dashboard.html" stylesheet="threat_overview.css">
-    <label>Threat Details</label>
-    <module name="AccountBar" layoutPanel="appHeader"/>
-    <module name="AppBar" layoutPanel="navigationHeader"/>
-    <module name="Message" layoutPanel="messaging">
-        <param name="filter">*</param>
-        <param name="clearOnJobDispatch">False</param>
-        <param name="maxSize">1</param>
-    </module>
-    <module name="TitleBar" layoutPanel="viewHeader">
-        <param name="actionsMenuFilter">dashboard</param>
-    </module>
-    <module name="GenericHeader" layoutPanel="panel_row1_col1_grp1">
-        <param name="label">Threat Details</param>
-    </module>
-    <module name="StaticContentSample" layoutPanel="panel_row1_col1_grp1">
-        <param name="text">This dashboard provides additional detail on traffic generated by activities related to threats.
-        </param>
-    </module>
-    <!--
-    Bytes By dst_hostname
-    Bytes by User
-
-    Table: stats sum(bytes) sum(elapsed_time) by user, application dst_hostname
-    -->
-        <module name="ExtendedFieldSearch" layoutPanel="panel_row2_col1_grp1">
-            <param name="label">Threat:</param>
-            <param name="field">threat</param>
-            <param name="replacementMap">
-                <param name="arg">
-                    <param name="threat">
-                        <param name="value"></param>
-                    </param>
-                </param>
-            </param>
-            <param name="intention">
-                <param name="name">stringreplace</param>
-                <param name="arg">
-                    <param name="threat">
-                        <param name="prefix">Threat="</param>
-                        <param name="suffix">"</param>
-                        <param name="fillOnEmpty">False</param>
-                    </param>
-                </param>
-            </param>
-
-            <module name="ExtendedFieldSearch" layoutPanel="panel_row2_col1_grp2">
-                <param name="label">User:</param>
-                <param name="field">user</param>
-                <param name="replacementMap">
-                    <param name="arg">
-                        <param name="user">
-                            <param name="value"></param>
-                        </param>
-                    </param>
-                </param>
-                <param name="intention">
-                    <param name="name">stringreplace</param>
-                    <param name="arg">
-                        <param name="user">
-                            <param name="prefix">User="</param>
-                            <param name="suffix">"</param>
-                            <param name="fillOnEmpty">False</param>
-                        </param>
-                    </param>
-                </param>
-
-                <module name="ExtendedFieldSearch" layoutPanel="panel_row2_col1_grp3">
-                    <param name="label">Application:</param>
-                    <param name="field">application</param>
-                    <param name="replacementMap">
-                        <param name="arg">
-                            <param name="application">
-                                <param name="value"></param>
-                            </param>
-                        </param>
-                    </param>
-                    <param name="intention">
-                        <param name="name">stringreplace</param>
-                        <param name="arg">
-                            <param name="application">
-                                <param name="prefix">Application="</param>
-                                <param name="suffix">"</param>
-                                <param name="fillOnEmpty">False</param>
-                            </param>
-                        </param>
-                    </param>
-
-                    <module name="ExtendedFieldSearch" layoutPanel="panel_row2_col1_grp4">
-                        <param name="label">Location:</param>
-                        <param name="field">location</param>
-                        <param name="replacementMap">
-                            <param name="arg">
-                                <param name="location">
-                                    <param name="value"></param>
-                                </param>
-                            </param>
-                        </param>
-                        <param name="intention">
-                            <param name="name">stringreplace</param>
-                            <param name="arg">
-                                <param name="location">
-                                    <param name="prefix">Location="</param>
-                                    <param name="suffix">"</param>
-                                    <param name="fillOnEmpty">False</param>
-                                </param>
-                            </param>
-                        </param>
-
-                        <module name="TimeRangePicker" layoutPanel="panel_row1_col1_grp1" autoRun="True">
-                            <param name="selected">Last 60 minutes</param>
-                            <param name="searchWhenChanged">True</param>
-                            <module name="ViewRedirectorLink">
-                                <param name="viewTarget">flashtimeline</param>
-                                <param name="label">View Full Report</param>
-                            </module>
-
-                            <module name="HiddenSearch" layoutPanel="panel_row3_col1" autoRun="True">
-                                <param name="search">
-                                    | `tstats` count(Location) from pan_threatDetail where * $threat$ $user$ $application$ $location$ groupby Location Bytes| eval KB=Bytes/1024 |
-                                    stats sum(KB) as "Total Bytes (KB)" by Location |
-                                    sort -"Total Bytes (KB)"
-                                </param>
-                                <module name="HiddenChartFormatter">
-                                    <param name="chartTitle">Top Locations by KBytes</param>
-                                    <param name="chart">pie</param>
-                                    <param name="legend.placement">bottom</param>
-                                    <param name="charting.chart.sliceCollapsingThreshold">0</param>
-                                    <param name="charting.data.count">15</param>
-                                    <module name="JSChart">
-                                        <param name="width">100%</param>
-                                        <param name="height">250px</param>
-                                        <param name="enableResize">False</param>
-                                        <module name="SimpleDrilldown">
-                                            <param name="links">
-                                                <param name="*">
-                                                    threat_detail?form.location=$click.value$
-                                                </param>
-                                            </param>
-                                        </module>
-                                    </module>
-                                </module>
-                            </module>
-                            <module name="HiddenSearch" layoutPanel="panel_row3_col2" autoRun="True">
-                                <param name="search">| `tstats` count(User) from pan_threatDetail where * $threat$ $user$ $application$ $location$ groupby User Bytes|
-                                    eval KB=Bytes/1024 |
-                                    stats sum(KB) as "Transferred (KB)" by User |
-                                    sort -"Transferred (KB)"
-                                </param>
-                                <module name="HiddenChartFormatter">
-                                    <param name="chartTitle">Top Users by KBytes Transferred</param>
-                                    <param name="chart">pie</param>
-                                    <param name="legend.placement">bottom</param>
-                                    <param name="charting.chart.sliceCollapsingThreshold">0</param>
-                                    <param name="charting.data.count">15</param>
-                                    <module name="JSChart">
-                                        <param name="width">100%</param>
-                                        <param name="height">250px</param>
-                                        <param name="enableResize">False</param>
-                                        <module name="SimpleDrilldown">
-                                            <param name="links">
-                                                <param name="*">
-                                                    threat_detail?form.user=$click.value$
-                                                </param>
-                                            </param>
-                                        </module>
-                                    </module>
-                                </module>
-                            </module>
-
-                            <module name="GenericHeader" layoutPanel="panel_row4_col1">
-                                <param name="label">Bytes Transferred and Duration by users</param>
-                            </module>
-                            <module name="HiddenSearch" layoutPanel="panel_row4_col1" autoRun="True">
-                                <param name="search">| `tstats` count(User) from pan_threatDetail where * $threat$ $user$ $application$ $location$ groupby User Bytes Duration Application Location|
-                                    eval KB=Bytes/1024 |
-                                    stats sum(KB) as "Transfer (KB)"
-                                          sum(Duration) as "Total Duration"
-                                       by User Application Location
-                                </param>
-                                <module name="Paginator">
-                                    <param name="entityName">results</param>
-                                    <module name="SimpleResultsTable"/>
-                                </module>
-                            </module>
-
-                            <module name="GenericHeader" layoutPanel="panel_row5_col1">
-                                <param name="label">Threats by Bytes Transferred and Sessions</param>
-                            </module>
-                            <module name="HiddenSearch" layoutPanel="panel_row5_col1" autoRun="True">
-                                <param name="search">| `tstats` count(Session) from pan_threatDetail where * $threat$ $user$ $application$ $location$ groupby Session Bytes Threat|
-                                    eval KB=Bytes/1024 |
-                                    stats sum(KB) as "Transfer (KB)"
-                                    count(Session) as "Total Sessions"
-                                    by Threat
-                                </param>
-                                <module name="Paginator">
-                                    <param name="entityName">results</param>
-                                    <module name="SimpleResultsTable">
-                                        <param name="drilldown">row</param>
-                                        <module name="SimpleDrilldown">
-                                            <param name="links">
-                                                <param name="*">
-                                                    threat_detail?form.threat=$click.value$
-                                                </param>
-                                            </param>
-                                        </module>
-                                    </module>
-                                </module>
-                            </module>
-                        </module>
-                    </module>
-                </module>
-            </module>
-        </module>
-</view>
\ No newline at end of file
+<form>
+  <label>Threat Details</label>
+  <fieldset autoRun="true" submitButton="true">
+    <input type="time" searchWhenChanged="true">
+      <default>
+        <earliestTime>-60m</earliestTime>
+        <latestTime>now</latestTime>
+      </default>
+    </input>
+    <input type="text" token="threat">
+      <label>Threat</label>
+      <default></default>
+      <prefix>Threat="</prefix>
+      <suffix>"</suffix>
+    </input>
+    <input type="text" token="user">
+      <label>User</label>
+      <default></default>
+      <prefix>User="</prefix>
+      <suffix>"</suffix>
+    </input>
+    <input type="text" token="application">
+      <label>Application</label>
+      <default></default>
+      <prefix>Application="</prefix>
+      <suffix>"</suffix>
+    </input>
+    <input type="text" token="location">
+      <label>Location</label>
+      <default></default>
+      <prefix>Location="</prefix>
+      <suffix>"</suffix>
+    </input>
+  </fieldset>
+  <row>
+    <chart>
+      <title>Locations by Kilobytes</title>
+      <searchString>| tstats count(Location) FROM pan_threatDetail WHERE earliest=$earliest$ latest=$latest$ $threat$ $user$ $application$ $location$ groupby Location Bytes| eval KB=Bytes/1024 |
+                                    stats sum(KB) as "Total Bytes (KB)" by Location |
+                                    sort -"Total Bytes (KB)"</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">connect</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">stacked</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisEnd</option>
+      <option name="charting.legend.placement">bottom</option>
+      <option name="wrap">true</option>
+      <option name="displayRowNumbers">false</option>
+      <option name="dataOverlayMode">none</option>
+      <option name="drilldown">cell</option>
+      <option name="count">10</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/threat_detail?form.location=$click.value$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+    <chart>
+      <title>Users by Kilobytes</title>
+      <searchString>| tstats count(User) FROM pan_threatDetail WHERE earliest=$earliest$ latest=$latest$ $threat$ $user$ $application$ $location$ groupby User Bytes|
+                                    eval KB=Bytes/1024 |
+                                    stats sum(KB) as "Transferred (KB)" by User |
+                                    sort -"Transferred (KB)"</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">stacked</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisEnd</option>
+      <option name="charting.legend.placement">bottom</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/threat_detail?form.user=$click.value$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+  </row>
+  <row>
+    <table>
+      <title>Bytes Transferred Duration by Users</title>
+      <searchString>| tstats count(User) FROM pan_threatDetail WHERE earliest=$earliest$ latest=$latest$ $threat$ $user$ $application$ $location$ groupby User Bytes Duration Application Location|
+                                    eval KB=Bytes/1024 |
+                                    stats sum(KB) as "Transfer (KB)"
+                                          sum(Duration) as "Total Duration"
+                                       by User Application Location</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <option name="wrap">true</option>
+      <option name="displayRowNumbers">true</option>
+      <option name="dataOverlayMode">none</option>
+      <option name="drilldown">row</option>
+      <option name="count">10</option>
+    </table>
+  </row>
+  <row>
+    <table>
+      <title>Threats by Bytes Transferred and Sessions</title>
+      <searchString>| tstats count(Session) FROM pan_threatDetail WHERE earliest=$earliest$ latest=$latest$ $threat$ $user$ $application$ $location$ groupby Session Bytes Threat|
+                                    eval KB=Bytes/1024 |
+                                    stats sum(KB) as "Transfer (KB)"
+                                    count(Session) as "Total Sessions"
+                                    by Threat</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <option name="wrap">true</option>
+      <option name="displayRowNumbers">true</option>
+      <option name="dataOverlayMode">none</option>
+      <option name="drilldown">row</option>
+      <option name="count">10</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/threat_detail?form.threat=$click.value$
+	  ]]>
+        </link>
+      </drilldown>
+    </table>
+  </row>
+</form>
diff --git a/default/data/ui/views/threat_overview.xml b/default/data/ui/views/threat_overview.xml
old mode 100755
new mode 100644
index ad4e1e16..b72c1d5c
--- a/default/data/ui/views/threat_overview.xml
+++ b/default/data/ui/views/threat_overview.xml
@@ -1,305 +1,273 @@
-<view template="dashboard.html" stylesheet="threat_overview.css">
-    <label>Threat Dashboard</label>
-    <module name="AccountBar" layoutPanel="appHeader"/>
-    <module name="AppBar" layoutPanel="navigationHeader"/>
-    <module name="Message" layoutPanel="messaging">
-        <param name="filter">*</param>
-        <param name="clearOnJobDispatch">False</param>
-        <param name="maxSize">1</param>
-    </module>
-    <module name="TitleBar" layoutPanel="viewHeader">
-        <param name="actionsMenuFilter">dashboard</param>
-    </module>
-    <module name="GenericHeader" layoutPanel="panel_row1_col1">
-        <param name="label">Threat Dashboard</param>
-    </module>
-    <module name="StaticContentSample" layoutPanel="panel_row1_col1">
-        <param name="text">This dashboard provides visibility into threat activity in your Palo Alto Networks
-            environment. Threats can be filtered by type using the form fields.
-        </param>
-    </module>
-
-        <module name="TimeRangePicker" layoutPanel="panel_row1_col1" autoRun="True">
-            <param name="selected">Last 60 minutes</param>
-            <param name="searchWhenChanged">True</param>
-            <module name="ViewRedirectorLink">
-                <param name="viewTarget">flashtimeline</param>
-                <param name="label">View Full Report</param>
-            </module>
-            <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp1">
-                <param name="label">Source IP:</param>
-                <param name="field">src_ip</param>
-                <param name="replacementMap">
-                    <param name="arg">
-                        <param name="src_ip">
-                            <param name="value"></param>
-                        </param>
-                    </param>
-                </param>
-                <param name="intention">
-                    <param name="name">stringreplace</param>
-                    <param name="arg">
-                        <param name="src_ip">
-                            <param name="prefix">src_ip="</param>
-                            <param name="suffix">"</param>
-                            <param name="fillOnEmpty">False</param>
-                        </param>
-                    </param>
-                </param>
-                <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp1">
-                    <param name="label">Destination IP:</param>
-                    <param name="field">dst_ip</param>
-                    <param name="replacementMap">
-                        <param name="arg">
-                            <param name="dst_ip">
-                                <param name="value"></param>
-                            </param>
-                        </param>
-                    </param>
-                    <param name="intention">
-                        <param name="name">stringreplace</param>
-                        <param name="arg">
-                            <param name="dst_ip">
-                                <param name="prefix">dst_ip="</param>
-                                <param name="suffix">"</param>
-                                <param name="fillOnEmpty">false</param>
-                            </param>
-                        </param>
-                    </param>
-                    <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp1">
-                        <param name="label">Log SubType:</param>
-                        <param name="field">log_subtype</param>
-                        <param name="replacementMap">
-                            <param name="arg">
-                                <param name="log_subtype">
-                                    <param name="value"></param>
-                                </param>
-                            </param>
-                        </param>
-                        <param name="intention">
-                            <param name="name">stringreplace</param>
-                            <param name="arg">
-                                <param name="log_subtype">
-                                    <param name="prefix">log_subtype="</param>
-                                    <param name="suffix">"</param>
-                                    <param name="fillOnEmpty">false</param>
-                                </param>
-                            </param>
-                        </param>
-                        <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp2">
-                            <param name="label">App:</param>
-                            <param name="field">app</param>
-                            <param name="replacementMap">
-                                <param name="arg">
-                                    <param name="app">
-                                        <param name="value"></param>
-                                    </param>
-                                </param>
-                            </param>
-                            <param name="intention">
-                                <param name="name">stringreplace</param>
-                                <param name="arg">
-                                    <param name="app">
-                                        <param name="prefix">app="</param>
-                                        <param name="suffix">"</param>
-                                        <param name="fillOnEmpty">false</param>
-                                    </param>
-                                </param>
-                            </param>
-                            <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp2">
-                                <param name="label">Threat ID:</param>
-                                <param name="field">threat_id</param>
-                                <param name="replacementMap">
-                                    <param name="arg">
-                                        <param name="threat_id">
-                                            <param name="value"></param>
-                                        </param>
-                                    </param>
-                                </param>
-                                <param name="intention">
-                                    <param name="name">stringreplace</param>
-                                    <param name="arg">
-                                        <param name="threat_id">
-                                            <param name="default"></param>
-                                            <param name="prefix">threat_id="</param>
-                                            <param name="suffix">"</param>
-                                            <param name="fillOnEmpty">false</param>
-                                        </param>
-                                    </param>
-                                </param>
-                                <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp2">
-                                    <param name="label">Virtual System:</param>
-                                    <param name="field">vsys</param>
-                                    <param name="replacementMap">
-                                        <param name="arg">
-                                            <param name="vsys">
-                                                <param name="value"></param>
-                                            </param>
-                                        </param>
-                                    </param>
-                                    <param name="intention">
-                                        <param name="name">stringreplace</param>
-                                        <param name="arg">
-                                            <param name="vsys">
-                                                <param name="prefix">vsys="</param>
-                                                <param name="suffix">"</param>
-                                                <param name="fillOnEmpty">false</param>
-                                            </param>
-                                        </param>
-                                    </param>
-                                        <module name="HiddenSearch" layoutPanel="panel_row2_col1">
-                                            <param name="search">| tstats count(log_subtype) AS cls FROM pan_threat where * $src_ip$ $dst_ip$ $log_subtype$ $threat_id$ $vsys$ $app$ groupby _time log_subtype span=5m | timechart values(cls) by log_subtype</param>
-                                            <module name="HiddenChartFormatter">
-                                                <param name="chartTitle">Threats SubTypes</param>
-                                                <param name="chart">column</param>
-                                                <param name="chart.stackMode">stacked</param>
-                                                <param name="legend.placement">bottom</param>
-                                                <module name="JSChart">
-                                                    <param name="width">100%</param>
-                                                    <module name="SimpleDrilldown">
-                                                        <param name="links">
-                                                            <param name="*">
-                                                                threat_overview?earliest=$earliest$&amp;latest=$latest$&amp;form.log_subtype=$click.name2$
-                                                            </param>
-                                                        </param>
-                                                    </module>
-                                                </module>
-                                            </module>
-                                        </module>
-                                        <module name="HiddenSearch" layoutPanel="panel_row2_col2">
-                                            <param name="search">| tstats count(severity) AS cs FROM pan_threat WHERE * $src_ip$ $dst_ip$ $log_subtype$ $threat_id$ $vsys$ $app$ groupby _time severity span=5m | timechart values(cs) by severity </param>
-                                            <module name="HiddenChartFormatter">
-                                                <param name="chartTitle">By Risk Value</param>
-                                                <param name="chart">column</param>
-                                                <param name="chart.stackMode">stacked</param>
-                                                <param name="legend.placement">bottom</param>
-                                                <module name="JSChart">
-                                                    <param name="width">100%</param>
-                                                    <module name="SimpleDrilldown">
-                                                        <param name="links">
-                                                            <param name="*">flashtimeline?q=`pan_threat` severity="$click.name2$" earliest=$click.value$ [| stats count | eval latest = $click.value$ %2b 300 | fields latest]</param>
-                                                        </param>
-                                                    </module>
-                                                </module>
-                                            </module>
-                                        </module>
-                                        <module name="HiddenSearch" layoutPanel="panel_row3_col1">
-                                            <param name="search">| tstats count(threat_id) AS cti FROM pan_threat WHERE * $src_ip$ $dst_ip$ $log_subtype$ $threat_id$ $vsys$ $app$ groupby threat_id</param>
-                                            <module name="HiddenChartFormatter">
-                                                <param name="chartTitle">Top Threat IDs</param>
-                                                <param name="chart">pie</param>
-                                                <param name="legend.placement">bottom</param>
-                                                <module name="JSChart">
-                                                    <param name="width">100%</param>
-                                                    <param name="height">250px</param>
-                                                    <module name="SimpleDrilldown">
-                                                        <param name="links">
-                                                            <param name="*">
-                                                                threat_detail?earliest=$earliest$&amp;latest=$latest$&amp;form.threat=$click.value$
-                                                            </param>
-                                                        </param>
-                                                    </module>
-                                                </module>
-                                            </module>
-                                        </module>
-                                        <module name="HiddenSearch" layoutPanel="panel_row3_col2">
-                                            <param name="search">| tstats count(app) AS ca FROM pan_threat WHERE * $src_ip$ $dst_ip$ $log_subtype$ $threat_id$ $vsys$ $app$ groupby app</param>
-                                            <module name="HiddenChartFormatter">
-                                                <param name="chartTitle">Threats by App</param>
-                                                <param name="chart">pie</param>
-                                                <param name="legend.placement">bottom</param>
-                                                <module name="JSChart">
-                                                    <param name="width">100%</param>
-                                                    <param name="height">250px</param>
-                                                    <module name="SimpleDrilldown">
-                                                        <param name="links">
-                                                            <param name="*">
-                                                                threat_detail?earliest=$earliest$&amp;latest=$latest$&amp;form.application=$click.value$
-                                                            </param>
-                                                        </param>
-                                                    </module>
-                                                </module>
-                                            </module>
-                                        </module>
-                                        <module name="HiddenSearch" layoutPanel="panel_row3_col3">
-                                            <param name="search">| tstats count(dst_user) AS cti FROM pan_threat WHERE * $src_ip$ $dst_ip$ $log_subtype$ $threat_id$ $vsys$ $app$ groupby dst_user </param>
-                                            <module name="HiddenChartFormatter">
-                                                <param name="chartTitle">Threats by User</param>
-                                                <param name="chart">pie</param>
-                                                <param name="legend.placement">bottom</param>
-                                                <module name="JSChart">
-                                                    <param name="width">100%</param>
-                                                    <param name="height">250px</param>
-                                                    <module name="SimpleDrilldown">
-                                                        <param name="links">
-                                                            <param name="*">
-                                                                threat_detail?earliest=$earliest$&amp;latest=$latest$&amp;form.user=$click.value$
-                                                            </param>
-                                                        </param>
-                                                    </module>
-                                                </module>
-                                            </module>
-                                        </module>
-                                        <module name="HiddenSearch" layoutPanel="panel_row4_col1">
-                                            <param name="search">| tstats count(src_ip) AS csrc FROM pan_threat WHERE * $src_ip$ $dst_ip$ $log_subtype$ $threat_id$ $vsys$ $app$ groupby src_ip</param>
-                                            <module name="HiddenChartFormatter">
-                                                <param name="chartTitle">Top Source IP</param>
-                                                <param name="chart">pie</param>
-                                                <param name="legend.placement">bottom</param>
-                                                <module name="JSChart">
-                                                    <param name="width">100%</param>
-                                                    <param name="height">250px</param>
-                                                    <module name="SimpleDrilldown">
-                                                        <param name="links">
-                                                            <param name="*">
-                                                                threat_overview?earliest=$earliest$&amp;latest=$latest$&amp;form.src_ip=$click.value$
-                                                            </param>
-                                                        </param>
-                                                    </module>
-                                                </module>
-                                            </module>
-                                        </module>
-                                        <module name="HiddenSearch" layoutPanel="panel_row4_col2">
-                                            <param name="search">| tstats count(severity) AS cti FROM pan_threat WHERE * $src_ip$ $dst_ip$ $log_subtype$ $threat_id$ $vsys$ $app$ groupby severity</param>
-                                            <module name="HiddenChartFormatter">
-                                                <param name="chartTitle">Threats by Severity</param>
-                                                <param name="chart">pie</param>
-                                                <param name="legend.placement">bottom</param>
-                                                <module name="JSChart">
-                                                    <param name="width">100%</param>
-                                                    <param name="height">250px</param>
-                                                  <module name="SimpleDrilldown">
-                                                    <param name="links">
-                                                      <param name="*">flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_threat` severity="$click.value$"</param>
-                                                    </param>
-                                                  </module>
-                                                </module>
-                                            </module>
-                                        </module>
-                                        <module name="HiddenSearch" layoutPanel="panel_row4_col3">
-                                            <param name="search">| tstats count(dst_ip) AS cti FROM pan_threat WHERE * $src_ip$ $dst_ip$ $log_subtype$ $threat_id$ $vsys$ $app$ groupby dst_ip</param>
-                                            <module name="HiddenChartFormatter">
-                                                <param name="chartTitle">Top Dest IP</param>
-                                                <param name="chart">pie</param>
-                                                <param name="legend.placement">bottom</param>
-                                                <module name="JSChart">
-                                                    <param name="width">100%</param>
-                                                    <param name="height">250px</param>
-                                                    <module name="SimpleDrilldown">
-                                                        <param name="links">
-                                                            <param name="*">
-                                                                threat_overview?earliest=$earliest$&amp;latest=$latest$&amp;form.dst_ip=$click.value$
-                                                            </param>
-                                                        </param>
-                                                    </module>
-                                                </module>
-                                            </module>
-                                        </module>
-                                </module>
-                            </module>
-                        </module>
-                    </module>
-                </module>
-            </module>
-        </module>
-</view>
\ No newline at end of file
+<form>
+  <label>Threat Dashboard</label>
+  <fieldset autoRun="true" submitButton="true">
+    <input type="time" searchWhenChanged="true">
+      <default>
+        <earliestTime>-60m</earliestTime>
+        <latestTime>now</latestTime>
+      </default>
+    </input>
+    <input type="text" token="src_ip">
+      <label>Source IP</label>
+      <default></default>
+      <prefix>src_ip="</prefix>
+      <suffix>"</suffix>
+    </input>
+    <input type="text" token="dst_ip">
+      <label>Destination IP</label>
+      <default></default>
+      <prefix>dst_ip="</prefix>
+      <suffix>"</suffix>
+    </input>
+    <input type="text" token="threat_id">
+      <label>Threat ID</label>
+      <default></default>
+      <prefix>threat_id="</prefix>
+      <suffix>"</suffix>
+    </input>
+    <input type="dropdown" token="log_subtype">
+      <label>Log Subtype</label>
+      <default></default>
+      <prefix>log_subtype="</prefix>
+      <suffix>"</suffix>
+      <choice value="">ANY</choice>
+      <populatingSearch fieldForValue="log_subtype" fieldForLabel="log_subtype_with_count">|tstats count(log_subtype) as count
+        FROM pan_threat WHERE earliest=$earliest$ latest=$latest$ groupby log_subtype
+        | eval log_subtype_with_count = log_subtype . " (" . count . ")"</populatingSearch>
+    </input>
+    <input type="dropdown" token="app">
+      <label>Application</label>
+      <default></default>
+      <prefix>app="</prefix>
+      <suffix>"</suffix>
+      <choice value="">ANY</choice>
+      <populatingSearch fieldForValue="app" fieldForLabel="app_with_count">|tstats count(app) as count
+        FROM pan_threat WHERE earliest=$earliest$ latest=$latest$ groupby app
+        | eval app_with_count = app . " (" . count . ")"</populatingSearch>
+    </input>
+    <input type="dropdown" token="vsys">
+      <label>Virtual System</label>
+      <default></default>
+      <prefix>vsys="</prefix>
+      <suffix>"</suffix>
+      <choice value="">ANY</choice>
+      <populatingSearch fieldForValue="vsys" fieldForLabel="vsys_with_count">|tstats count(vsys) as count
+        FROM pan_threat WHERE earliest=$earliest$ latest=$latest$ groupby vsys
+        | eval vsys_with_count = vsys . " (" . count . ")"</populatingSearch>
+    </input>
+  </fieldset>
+  <row>
+    <chart>
+      <title>Threat Subtypes</title>
+      <searchString>| tstats count(log_subtype) AS cls FROM pan_threat WHERE earliest=$earliest$ latest=$latest$ $src_ip$ $dst_ip$ $log_subtype$ $threat_id$ $vsys$ $app$ groupby _time log_subtype | timechart values(cls) by log_subtype</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">column</option>
+      <option name="charting.chart.nullValueMode">connect</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">stacked</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">bottom</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/threat_overview?form.log_subtype=$click.name2$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+    <chart>
+      <title>By Risk Value</title>
+      <searchString>| tstats count(severity) AS cs FROM pan_threat WHERE earliest=$earliest$ latest=$latest$ $src_ip$ $dst_ip$ $log_subtype$ $threat_id$ $vsys$ $app$ groupby _time severity | timechart values(cs) by severity</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">column</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">stacked</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">bottom</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_threat` severity="$click.name2$" earliest=$click.value$ [| stats count | eval latest = $click.value$ %2b 300 | fields latest]
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+  </row>
+  <row>
+    <chart>
+      <title>Threat IDs</title>
+      <searchString>| tstats count(threat_id) AS cti FROM pan_threat WHERE earliest=$earliest$ latest=$latest$ $src_ip$ $dst_ip$ $log_subtype$ $threat_id$ $vsys$ $app$ groupby threat_id</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/threat_detail?form.$click.name$=$click.value$&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+    <chart>
+      <title>Threats by App</title>
+      <searchString>| tstats count(app) AS ca FROM pan_threat WHERE earliest=$earliest$ latest=$latest$ $src_ip$ $dst_ip$ $log_subtype$ $threat_id$ $vsys$ $app$ groupby app</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/threat_detail?form.$click.name$=$click.value$&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+    <chart>
+      <title>Threats by User</title>
+      <searchString>| tstats count(dst_user) AS cti FROM pan_threat WHERE earliest=$earliest$ latest=$latest$ $src_ip$ $dst_ip$ $log_subtype$ $threat_id$ $vsys$ $app$ groupby dst_user</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/threat_detail?form.$click.name$=$click.value$&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+  </row>
+  <row>
+    <chart>
+      <title>Source IP</title>
+      <searchString>| tstats count(src_ip) AS csrc FROM pan_threat WHERE earliest=$earliest$ latest=$latest$ $src_ip$ $dst_ip$ $log_subtype$ $threat_id$ $vsys$ $app$ groupby src_ip</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_threat` $click.name$="$click.value$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+    <chart>
+      <title>Threats by Severity</title>
+      <searchString>| tstats count(severity) AS cti FROM pan_threat WHERE earliest=$earliest$ latest=$latest$ $src_ip$ $dst_ip$ $log_subtype$ $threat_id$ $vsys$ $app$ groupby severity</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_threat` $click.name$="$click.value$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+    <chart>
+      <title>Destination IP</title>
+      <searchString>| tstats count(dst_ip) AS cti FROM pan_threat WHERE earliest=$earliest$ latest=$latest$ $src_ip$ $dst_ip$ $log_subtype$ $threat_id$ $vsys$ $app$ groupby dst_ip</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_threat` $click.name$="$click.value$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+  </row>
+</form>
diff --git a/default/data/ui/views/traffic_overview.xml b/default/data/ui/views/traffic_overview.xml
old mode 100755
new mode 100644
index 0d469bf2..9e635d93
--- a/default/data/ui/views/traffic_overview.xml
+++ b/default/data/ui/views/traffic_overview.xml
@@ -1,330 +1,316 @@
-<view template="dashboard.html" stylesheet="traffic_overview.css">
-  <label>Traffic Dashboard</label>
-  <module name="AccountBar" layoutPanel="appHeader" />
-  <module name="AppBar" layoutPanel="navigationHeader" />
-  <module name="Message" layoutPanel="messaging">
-    <param name="filter">*</param>
-    <param name="clearOnJobDispatch">False</param>
-    <param name="maxSize">1</param>
-  </module>
-  <module name="TitleBar" layoutPanel="viewHeader">
-    <param name="actionsMenuFilter">dashboard</param>
-  </module>
-  <module name="GenericHeader" layoutPanel="panel_row1_col1">
-    <param name="label">Traffic Dashboard</param>
-  </module>
-  <module name="StaticContentSample" layoutPanel="panel_row1_col1">
-    <param name="text">This dashboard provides visibility into the traffic data in your Palo Alto Networks environment.</param>
-  </module>
-
-  <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp1">
-    <param name="label">Source IP:</param>
-    <param name="field">src_ip</param>
-    <param name="replacementMap">
-      <param name="arg">
-        <param name="src_ip">
-          <param name="value"></param>
-        </param>
-      </param>
-    </param>
-    <param name="intention">
-      <param name="name">stringreplace</param>
-      <param name="arg">
-        <param name="src_ip">
-          <param name="default"></param>
-          <param name="prefix">src_ip="</param>
-          <param name="suffix">"</param>
-          <param name="fillOnEmpty">false</param>
-        </param>
-      </param>
-    </param>
-    <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp1">
-      <param name="label">Destination IP:</param>
-      <param name="field">dst_ip</param>
-      <param name="replacementMap">
-        <param name="arg">
-          <param name="dst_ip">
-            <param name="value"></param>
-          </param>
-        </param>
-      </param>
-      <param name="intention">
-        <param name="name">stringreplace</param>
-        <param name="arg">
-          <param name="dst_ip">
-            <param name="default"></param>
-            <param name="prefix">dst_ip="</param>
-            <param name="suffix">"</param>
-            <param name="fillOnEmpty">false</param>
-          </param>
-        </param>
-      </param>
-      <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp1">
-        <param name="label">Destination Port:</param>
-        <param name="field">dst_port</param>
-        <param name="replacementMap">
-          <param name="arg">
-            <param name="dst_port">
-              <param name="value"></param>
-            </param>
-          </param>
-        </param>
-        <param name="intention">
-          <param name="name">stringreplace</param>
-          <param name="arg">
-            <param name="dst_port">
-              <param name="default"></param>
-              <param name="prefix">dst_port="</param>
-              <param name="suffix">"</param>
-              <param name="fillOnEmpty">false</param>
-            </param>
-          </param>
-        </param>
-        <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp2">
-          <param name="label">Action:</param>
-          <param name="field">action</param>
-          <param name="replacementMap">
-            <param name="arg">
-              <param name="action">
-                <param name="value"></param>
-              </param>
-            </param>
-          </param>
-          <param name="intention">
-            <param name="name">stringreplace</param>
-            <param name="arg">
-              <param name="action">
-                <param name="default"></param>
-                <param name="prefix">action="</param>
-                <param name="suffix">"</param>
-                <param name="fillOnEmpty">false</param>
-              </param>
-            </param>
-          </param>
-          <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp2">
-            <param name="label">Source User:</param>
-            <param name="field">src_user</param>
-            <param name="replacementMap">
-              <param name="arg">
-                <param name="src_user">
-                  <param name="value"></param>
-                </param>
-              </param>
-            </param>
-            <param name="intention">
-              <param name="name">stringreplace</param>
-              <param name="arg">
-                <param name="src_user">
-                  <param name="default"></param>
-                  <param name="prefix">src_user="</param>
-                  <param name="suffix">"</param>
-                  <param name="fillOnEmpty">false</param>
-                </param>
-              </param>
-            </param>
-            <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp2">
-              <param name="label">App:</param>
-              <param name="field">app</param>
-              <param name="replacementMap">
-                <param name="arg">
-                  <param name="app">
-                    <param name="value"></param>
-                  </param>
-                </param>
-              </param>
-              <param name="intention">
-                <param name="name">stringreplace</param>
-                <param name="arg">
-                  <param name="app">
-                    <param name="default"></param>
-                    <param name="prefix">app="</param>
-                    <param name="suffix">"</param>
-                    <param name="fillOnEmpty">false</param>
-                  </param>
-                </param>
-              </param>
-              <module name="TimeRangePicker" layoutPanel="panel_row1_col1" autoRun="True">
-                <param name="selected">Last 60 minutes</param>
-                <param name="searchWhenChanged">True</param>
-                  <module name="HiddenSearch" layoutPanel="panel_row2_col1">
-                    <param name="search">| tstats sum(bytes_sent) AS sumSent sum(bytes_received) AS sumReceived FROM pan_traffic where log_subtype=end $action$ $src_ip$ $dst_ip$ $dst_port$ $src_user$ $app$ groupby _time span=5m | timechart span=5m values("sumReceived") AS "Bytes Received" values("sumSent") AS "Bytes Sent"</param>
-                    <module name="HiddenChartFormatter">
-                      <param name="chartTitle">Bytes Transfered Over Time</param>
-                      <param name="chart">area</param>
-                      <param name="chart.stackMode">stacked</param>
-                      <param name="chart.nullValueMode">connect</param>
-                      <param name="legend.placement">bottom</param>
-                      <module name="JSChart">
-                        <param name="width">100%</param>
-                        <param name="height">250px</param>
-                          <module name="SimpleDrilldown">
-                              <param name="links">
-                                  <param name="*">./flashtimeline?q=`pan_index` [| stats count | eval latest = $click.value$ %2b 300 | fields latest] earliest = $click.value$</param>
-                              </param>
-                          </module>
-                      </module>
-                    </module>
-                  </module>
-                  <module name="HiddenSearch" layoutPanel="panel_row2_col2">
-                    <param name="search">|tstats count(protocol) AS countProtocol FROM pan_traffic where * $action$ $src_ip$ $dst_ip$ $dst_port$ $src_user$ $app$ groupby _time protocol span=5m | timechart span=5m values(countProtocol) AS "Count" by protocol </param>
-                    <module name="HiddenChartFormatter">
-                      <param name="chartTitle">Protocols Over Time</param>
-                      <param name="chart">area</param>
-                      <param name="chart.stackMode">stacked</param>
-                      <param name="chart.nullValueMode">gaps</param>
-                      <param name="legend.placement">bottom</param>
-                      <module name="JSChart">
-                        <param name="width">100%</param>
-                        <param name="height">250px</param>
-                        <module name="SimpleDrilldown">
-                            <param name="links">
-                                <param name="*">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` protocol="$click.name2$"</param>
-                            </param>
-                        </module>
-                      </module>
-                    </module>
-                  </module>
-                  <module name="HiddenSearch" layoutPanel="panel_row3_col1">
-                    <param name="search">|tstats sum(bytes_received) AS sbr sum(bytes_sent) AS sbs FROM pan_traffic where * $action$ $src_ip$ $dst_ip$ $dst_port$ $src_user$ $app$ groupby app | eval sumBytes = sbr + sbs | stats values(sumBytes) AS Bytes by app</param>
-                    <module name="HiddenChartFormatter">
-                      <param name="chartTitle">Top App by Bytes Transfered</param>
-                      <param name="chart">pie</param>
-                      <param name="legend.placement">bottom</param>
-                      <module name="JSChart">
-                        <param name="width">100%</param>
-                        <param name="height">250px</param>
-                        <module name="SimpleDrilldown">
-                            <param name="links">
-                                <param name="*">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` $click.name$="$click.value$"</param>
-                            </param>
-                        </module>
-                      </module>
-                    </module>
-                  </module>
-                  <module name="HiddenSearch" layoutPanel="panel_row3_col2">
-                    <param name="search">|tstats count(app) FROM pan_traffic where * $action$ $src_ip$ $dst_ip$ $dst_port$ $src_user$ $app$ groupby app | stats values(count(app)) AS Application by app</param>
-                    <module name="HiddenChartFormatter">
-                      <param name="chartTitle">Top App by Request</param>
-                      <param name="chart">pie</param>
-                      <param name="legend.placement">bottom</param>
-                      <module name="JSChart">
-                        <param name="width">100%</param>
-                        <param name="height">250px</param>
-                        <module name="SimpleDrilldown">
-                            <param name="links">
-                                <param name="*">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` $click.name$="$click.value$"</param>
-                            </param>
-                        </module>
-                      </module>
-                    </module>
-                  </module>
-                  <module name="HiddenSearch" layoutPanel="panel_row3_col3">
-                    <param name="search">|tstats count(src_ip) FROM pan_traffic where * $action$ $src_ip$ $dst_ip$ $dst_port$ $src_user$ $app$ groupby src_ip</param>
-                    <module name="HiddenChartFormatter">
-                      <param name="chartTitle">Top 20 Source IP's</param>
-                      <param name="chart">pie</param>
-                      <param name="legend.placement">bottom</param>
-                      <module name="JSChart">
-                        <param name="width">100%</param>
-                        <param name="height">250px</param>
-                        <module name="SimpleDrilldown">
-                            <param name="links">
-                                <param name="*">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` $click.name$="$click.value$"</param>
-                            </param>
-                        </module>
-                      </module>
-                    </module>
-                  </module>
-                  <module name="HiddenSearch" layoutPanel="panel_row4_col1">
-                    <param name="search">|tstats count(dst_port) FROM pan_traffic where * $action$ $src_ip$ $dst_ip$ $dst_port$ $src_user$ $app$ groupby dst_port </param>
-                    <module name="HiddenChartFormatter">
-                      <param name="chartTitle">Top Destination Port</param>
-                      <param name="chart">pie</param>
-                      <param name="legend.placement">bottom</param>
-                      <module name="JSChart">
-                        <param name="width">100%</param>
-                        <param name="height">250px</param>
-                        <module name="SimpleDrilldown">
-                            <param name="links">
-                                <param name="*">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` $click.name$="$click.value$"</param>
-                            </param>
-                        </module>
-                      </module>
-                    </module>
-                  </module>
-                  <module name="HiddenSearch" layoutPanel="panel_row4_col2">
-                    <param name="search">|tstats count(dst_ip) FROM pan_traffic where * $action$ $src_ip$ $dst_ip$ $dst_port$ $src_user$ $app$ groupby dst_ip</param>
-                    <module name="HiddenChartFormatter">
-                      <param name="chartTitle">Top Destnation IP</param>
-                      <param name="chart">pie</param>
-                      <param name="legend.placement">bottom</param>
-                      <module name="JSChart">
-                        <param name="width">100%</param>
-                        <param name="height">250px</param>
-                          <module name="SimpleDrilldown">
-                              <param name="links">
-                                  <param name="*">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` $click.name$="$click.value$"</param>
-                              </param>
-                          </module>
-                      </module>
-                    </module>
-                  </module>
-                  <module name="HiddenSearch" layoutPanel="panel_row4_col3">
-                    <param name="search">|tstats count(src_user) FROM pan_traffic where * $action$ $src_ip$ $dst_ip$ $dst_port$ $src_user$ $app$ groupby src_user</param>
-                    <module name="HiddenChartFormatter">
-                      <param name="chartTitle">Top Source User</param>
-                      <param name="chart">pie</param>
-                      <param name="legend.placement">bottom</param>
-                      <module name="JSChart">
-                        <param name="width">100%</param>
-                        <param name="height">250px</param>
-                        <module name="SimpleDrilldown">
-                          <param name="links">
-                            <param name="*">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` $click.name$="$click.value$"</param>
-                          </param>
-                        </module>
-                      </module>
-                    </module>
-                  </module>
-                  <module name="HiddenSearch" layoutPanel="panel_row5_col1">
-                    <param name="search">|tstats sum(bytes) As sb FROM pan_traffic where log_subtype=end $action$ $src_ip$ $dst_ip$ $dst_port$ $src_user$ $app$ groupby egress_interface | eval sumBytes = sb/(1024*1024) | stats values(sumBytes) AS MegaBytes by egress_interface</param>
-                    <module name="HiddenChartFormatter">
-                      <param name="chartTitle">Top Outbound Interface by Bytes Transfered</param>
-                      <param name="chart">bar</param>
-                      <param name="legend.placement">bottom</param>
-                      <module name="JSChart">
-                        <param name="width">100%</param>
-                        <param name="height">250px</param>
-                          <module name="SimpleDrilldown">
-                              <param name="links">
-                                  <param name="*">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` $click.name$="$click.value$"</param>
-                              </param>
-                          </module>
-                      </module>
-                    </module>
-                  </module>
-                  <module name="HiddenSearch" layoutPanel="panel_row5_col2">
-                    <param name="search">|tstats sum(bytes) As sb FROM pan_traffic where log_subtype=end $action$ $src_ip$ $dst_ip$ $dst_port$ $src_user$ $app$ groupby ingress_interface log_subtype| eval sumBytes = sb/(1024*1024) | stats values(sumBytes) AS MegaBytes by ingress_interface</param>
-                    <module name="HiddenChartFormatter">
-                      <param name="chartTitle">Traffic Received by Interface</param>
-                      <param name="chart">bar</param>
-                      <param name="legend.placement">bottom</param>
-                      <module name="JSChart">
-                        <param name="width">100%</param>
-                        <param name="height">250px</param>
-                          <module name="SimpleDrilldown">
-                              <param name="links">
-                                  <param name="*">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` $click.name$="$click.value$"</param>
-                              </param>
-                          </module>
-                      </module>
-                    </module>
-                  </module>
-                </module>
-              </module>
-            </module>
-          </module>
-        </module>
-      </module>
-    </module>
-</view>
+<form>
+  <label>Traffic Dashboard</label>
+  <description/>
+  <fieldset autoRun="true" submitButton="true">
+    <input type="time" searchWhenChanged="true">
+      <default>
+        <earliestTime>-60m</earliestTime>
+        <latestTime>now</latestTime>
+      </default>
+    </input>
+    <input type="text" token="src_ip">
+      <label>Source IP</label>
+      <default></default>
+    </input>
+    <input type="text" token="dst_ip">
+      <label>Destination IP</label>
+      <default></default>
+    </input>
+    <input type="text" token="dst_port">
+      <label>Destination Port</label>
+      <default></default>
+    </input>
+    <input type="text" token="src_user">
+      <label>Source User</label>
+      <default></default>
+    </input>
+    <input type="dropdown" token="app">
+      <label>Application</label>
+      <default></default>
+      <prefix>app="</prefix>
+      <suffix>"</suffix>
+      <choice value="">ANY</choice>
+      <populatingSearch fieldForValue="app" fieldForLabel="app_with_count">|tstats count(app) as count
+        FROM pan_traffic WHERE earliest=$earliest$ latest=$latest$ groupby app
+        | eval app_with_count = app . " (" . count . ")"</populatingSearch>
+    </input>
+    <input type="dropdown" token="action">
+      <label>Action</label>
+      <default></default>
+      <prefix>action="</prefix>
+      <suffix>"</suffix>
+      <choice value="">ANY</choice>
+      <populatingSearch fieldForValue="action" fieldForLabel="action_with_count">|tstats count(action) as count
+        FROM pan_traffic WHERE earliest=$earliest$ latest=$latest$ groupby action
+        | eval action_with_count = action . " (" . count . ")"</populatingSearch>
+    </input>
+  </fieldset>
+  <row>
+    <chart>
+      <title>Bytes Transfered Over Time</title>
+      <searchString>| tstats sum(bytes_sent) AS sumSent sum(bytes_received) AS sumReceived FROM pan_traffic WHERE earliest=$earliest$ latest=$latest$ log_subtype=end $action$ $src_ip$ $dst_ip$ $dst_port$ $src_user$ $app$ groupby _time span=5m | timechart span=5m values("sumReceived") AS "Bytes Received" values("sumSent") AS "Bytes Sent"</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">area</option>
+      <option name="charting.chart.nullValueMode">connect</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">stacked</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">bottom</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_traffic` [| stats count | eval latest = $click.value$ %2b 300 | fields latest] earliest = $click.value$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+    <chart>
+      <title>Protocols Over Time</title>
+      <searchString>| tstats count(protocol) AS countProtocol FROM pan_traffic WHERE earliest=$earliest$ latest=$latest$ $action$ $src_ip$ $dst_ip$ $dst_port$ $src_user$ $app$ groupby _time protocol span=5m | timechart span=5m values(countProtocol) AS "Count" by protocol</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">area</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">stacked</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">bottom</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_traffic` protocol="$click.name2$" [| stats count | eval latest = $click.value$ %2b 300 | fields latest] earliest = $click.value$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+  </row>
+  <row>
+    <chart>
+      <title>Applications by Bytes Transfered</title>
+      <searchString>| tstats sum(bytes_received) AS sbr sum(bytes_sent) AS sbs FROM pan_traffic WHERE earliest=$earliest$ latest=$latest$ $action$ $src_ip$ $dst_ip$ $dst_port$ $src_user$ $app$ groupby app | eval sumBytes = sbr + sbs | stats values(sumBytes) AS Bytes by app</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_traffic` $click.name$="$click.value$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+    <chart>
+      <title>Applications by Request</title>
+      <searchString>| tstats count(app) FROM pan_traffic WHERE earliest=$earliest$ latest=$latest$ $action$ $src_ip$ $dst_ip$ $dst_port$ $src_user$ $app$ groupby app | stats values(count(app)) AS Application by app</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_traffic` $click.name$="$click.value$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+    <chart>
+      <title>Source IP</title>
+      <searchString>| tstats count(src_ip) FROM pan_traffic WHERE earliest=$earliest$ latest=$latest$ $src_ip$ $src_user$ $dst_ip$ $dst_port$ $app$ $action$ groupby src_ip</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_traffic` $click.name$="$click.value$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+  </row>
+  <row>
+    <chart>
+      <title>Destination Port</title>
+      <searchString>| tstats count(dst_port) FROM pan_traffic WHERE earliest=$earliest$ latest=$latest$ $action$ $src_ip$ $dst_ip$ $dst_port$ $src_user$ $app$ groupby dst_port</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_traffic` $click.name$="$click.value$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+    <chart>
+      <title>Destination IP</title>
+      <searchString>| tstats count(dst_ip) FROM pan_traffic WHERE earliest=$earliest$ latest=$latest$ $src_ip$ $src_user$ $dst_ip$ $dst_port$ $app$ $action$ groupby dst_ip | sort -count(dst_ip) | head 999</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_traffic` $click.name$="$click.value$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+    <chart>
+      <title>Source User</title>
+      <searchString>| tstats count(src_user) FROM pan_traffic WHERE earliest=$earliest$ latest=$latest$ $action$ $src_ip$ $dst_ip$ $dst_port$ $src_user$ $app$ groupby src_user</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_traffic` $click.name$="$click.value$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+  </row>
+  <row>
+    <chart>
+      <title>Traffic Transmitted by Interface</title>
+      <searchString>| tstats sum(bytes) As sb FROM pan_traffic WHERE earliest=$earliest$ latest=$latest$ log_subtype=end $action$ $src_ip$ $dst_ip$ $dst_port$ $src_user$ $app$ groupby egress_interface | eval sumBytes = sb/(1024*1024) | stats values(sumBytes) AS MegaBytes by egress_interface</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">bar</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">none</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_traffic` $click.name$="$click.value$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+    <chart>
+      <title>Traffic Received by Interface</title>
+      <searchString>| tstats sum(bytes) As sb FROM pan_traffic WHERE earliest=$earliest$ latest=$latest$ log_subtype=end $action$ $src_ip$ $dst_ip$ $dst_port$ $src_user$ $app$ groupby ingress_interface log_subtype| eval sumBytes = sb/(1024*1024) | stats values(sumBytes) AS MegaBytes by ingress_interface</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">bar</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">none</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_traffic` $click.name$="$click.value$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+  </row>
+</form>
diff --git a/default/data/ui/views/url_filtering.xml b/default/data/ui/views/url_filtering.xml
deleted file mode 100755
index 6a491509..00000000
--- a/default/data/ui/views/url_filtering.xml
+++ /dev/null
@@ -1,240 +0,0 @@
-<view template="dashboard.html" stylesheet="threat_overview.css">
-  <label>URL Filtering Dashboard</label>
-  <module name="AccountBar" layoutPanel="appHeader" />
-  <module name="AppBar" layoutPanel="navigationHeader" />
-  <module name="Message" layoutPanel="messaging">
-    <param name="filter">*</param>
-    <param name="clearOnJobDispatch">False</param>
-    <param name="maxSize">1</param>
-  </module>
-  <module name="TitleBar" layoutPanel="viewHeader">
-    <param name="actionsMenuFilter">dashboard</param>
-  </module>
-  <module name="GenericHeader" layoutPanel="panel_row1_col1">
-    <param name="label">URL Filtering Dashboard</param>
-  </module>
-  <module name="StaticContentSample" layoutPanel="panel_row1_col1">
-    <param name="text">This dashboard provides visibility into the URL Filtering activity in your Palo Alto Networks environment. Content can be filtered by type using the form fields.</param>
-  </module>
-  <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp1">
-    <param name="label">Source IP:</param>
-    <param name="field">src_ip</param>
-    <param name="replacementMap">
-      <param name="arg">
-        <param name="src_ip">
-          <param name="value"></param>
-        </param>
-      </param>
-    </param>
-    <param name="intention">
-      <param name="name">stringreplace</param>
-      <param name="arg">
-        <param name="src_ip">
-          <param name="default"></param>
-          <param name="prefix">src_ip="</param>
-          <param name="suffix">"</param>
-          <param name="fillOnEmpty">false</param>
-        </param>
-      </param>
-    </param>
-    <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp1">
-      <param name="label">Destination IP:</param>
-      <param name="field">dst_ip</param>
-      <param name="replacementMap">
-        <param name="arg">
-          <param name="dst_ip">
-            <param name="value"></param>
-          </param>
-        </param>
-      </param>
-      <param name="intention">
-        <param name="name">stringreplace</param>
-        <param name="arg">
-          <param name="dst_ip">
-            <param name="default"></param>
-            <param name="prefix">dst_ip="</param>
-            <param name="suffix">"</param>
-            <param name="fillOnEmpty">false</param>
-          </param>
-        </param>
-      </param>
-      <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp1">
-        <param name="label">Content Type:</param>
-        <param name="field">content_type</param>
-        <param name="replacementMap">
-          <param name="arg">
-            <param name="content_type">
-              <param name="value"></param>
-            </param>
-          </param>
-        </param>
-        <param name="intention">
-          <param name="name">stringreplace</param>
-          <param name="arg">
-            <param name="content_type">
-              <param name="default"></param>
-              <param name="prefix">content_type="</param>
-              <param name="suffix">"</param>
-              <param name="fillOnEmpty">false</param>
-            </param>
-          </param>
-        </param>
-        <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp2">
-          <param name="label">App:</param>
-          <param name="field">app</param>
-          <param name="replacementMap">
-            <param name="arg">
-              <param name="app">
-                <param name="value"></param>
-              </param>
-            </param>
-          </param>
-          <param name="intention">
-            <param name="name">stringreplace</param>
-            <param name="arg">
-              <param name="app">
-                <param name="default"></param>
-                <param name="prefix">app="</param>
-                <param name="suffix">"</param>
-                <param name="fillOnEmpty">false</param>
-              </param>
-            </param>
-          </param>
-          <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp2">
-            <param name="label">Source User:</param>
-            <param name="field">src_user</param>
-            <param name="replacementMap">
-              <param name="arg">
-                <param name="src_user">
-                  <param name="value"></param>
-                </param>
-              </param>
-            </param>
-            <param name="intention">
-              <param name="name">stringreplace</param>
-              <param name="arg">
-                <param name="src_user">
-                  <param name="default"></param>
-                  <param name="prefix">src_user="</param>
-                  <param name="suffix">"</param>
-                  <param name="fillOnEmpty">false</param>
-                </param>
-              </param>
-            </param><module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp2">
-            <param name="label">Virtual System:</param>
-            <param name="field">vsys</param>
-            <param name="replacementMap">
-              <param name="arg">
-                <param name="vsys">
-                  <param name="value"></param>
-                </param>
-              </param>
-            </param>
-            <param name="intention">
-              <param name="name">stringreplace</param>
-              <param name="arg">
-                <param name="vsys">
-                  <param name="default"></param>
-                  <param name="prefix">vsys="</param>
-                  <param name="suffix">"</param>
-                  <param name="fillOnEmpty">false</param>
-                </param>
-              </param>
-            </param>
-            <module name="TimeRangePicker" layoutPanel="panel_row1_col1" autoRun="True">
-              <param name="selected">Last 60 minutes</param>
-              <param name="searchWhenChanged">True</param>
-              
-                <module name="HiddenSearch" layoutPanel="panel_row2_col1">
-                  <param name="search">|`tstats` count(action) AS ca FROM pan_web WHERE * $src_ip$ $dst_ip$ $app$ $src_user$ $vsys$ $content_type$ groupby _time action span=5m | timechart values(ca) by action </param>
-                  <module name="HiddenChartFormatter">
-                    <param name="chartTitle">Actions Over Time</param>
-                    <param name="chart">area</param>
-                    <param name="chart.stackMode">stacked</param>
-                    <param name="charting.chart.nullValueMode">connect</param>
-                    <param name="legend.placement">bottom</param>
-                    <module name="JSChart">
-                      <param name="width">100%</param>
-                      <module name="SimpleDrilldown">
-                        <param name="links">
-                          <param name="*">./flashtimeline?q=`pan_web_activity` earliest=$click.value$ [| stats count | eval latest = $click.value$ %2b 300 | fields latest]</param>
-                        </param>
-                      </module>
-                    </module>
-                  </module>
-                </module>
-                <!--<module name="HiddenSearch" layoutPanel="panel_row3_col2">
-                  <param name="search">`PAN-Threat-URL-Timechart-RISK`</param>
-                  <module name="HiddenChartFormatter">
-                    <param name="chartTitle">Average Risk Over Time</param>
-                    <param name="chart">line</param>
-                    <param name="charting.secondaryAxis.minimumNumber">1</param>
-                    <param name="charting.secondaryAxis.maximumNumber">5</param>
-                    <param name="legend.placement">bottom</param>
-                    <module name="JSChart">
-                      <param name="width">100%</param>
-                      <module name="ConvertToDrilldownSearch">
-                        <module name="ViewRedirector">
-                          <param name="viewTarget">flashtimeline</param>
-                        </module>
-                      </module>
-                    </module>
-                  </module>
-                </module>-->
-               <module name="HiddenSearch" layoutPanel="panel_row2_col2">
-                  <param name="search">|`tstats` count(app) AS ca FROM pan_web WHERE * $src_ip$ $dst_ip$ $app$ $src_user$ $vsys$ $content_type$ groupby _time app span=5m | timechart values(ca) by app</param>
-                  <module name="HiddenChartFormatter">
-                    <param name="chartTitle">Applications Over Time</param>
-                    <param name="chart">area</param>
-                    <param name="chart.stackMode">stacked</param>
-                    <param name="charting.chart.nullValueMode">connect</param>
-                    <param name="legend.placement">bottom</param>
-                    <module name="JSChart">
-                      <param name="width">100%</param>
-                      <module name="SimpleDrilldown">
-                        <param name="links">
-                          <param name="*">./flashtimeline?q=`pan_web_activity` app="$click.name2$" earliest=$click.value$ [| stats count | eval latest = $click.value$ %2b 300 | fields latest]</param>
-                        </param>
-                      </module>
-                    </module>
-                  </module>
-                </module>
-               <module name="HiddenSearch" layoutPanel="panel_row3_col1" group="Application Users">
-                <param name="search">|`tstats` count(src_user) AS ca FROM pan_web WHERE * $src_ip$ $dst_ip$ $app$ $src_user$ $vsys$ $content_type$ groupby src_user app | stats values(ca) by src_user app</param>
-                <module name="Paginator">
-                  <param name="count">10</param>
-                  <param name="entityName">results</param>
-                  <module name="SimpleResultsTable">
-                    <param name="drilldown">all</param>
-                    <module name="SimpleDrilldown">
-                      <param name="links">
-                        <param name="*">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_web_activity` src_user="$row.src_user$" app="$row.app$"</param>
-                      </param>
-                    </module>
-                  </module>
-                </module>
-              </module>
-              <module name="HiddenSearch" layoutPanel="panel_row3_col2" group="Host Categories">
-                <param name="search">|`tstats` count(dst_hostname) AS cc FROM pan_web WHERE * $src_ip$ $dst_ip$ $app$ $src_user$ $vsys$ $content_type$ groupby dst_hostname category| stats values(cc) by dst_hostname category</param>
-                <module name="Paginator">
-                  <param name="count">10</param>
-                  <param name="entityName">results</param>
-                  <module name="SimpleResultsTable">
-                    <param name="drilldown">all</param>
-                    <module name="SimpleDrilldown">
-                      <param name="links">
-                        <param name="dst_hostname">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_web_activity` dst_hostname="$row.dst_hostname$"</param>
-                        <param name="category">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_web_activity` category="$row.category$"</param>
-                      </param>
-                    </module>
-                  </module>
-                </module>
-              </module>
-              </module>
-            </module>
-          </module>
-        </module>
-      </module>
-    </module>
-</module>
-</view>
diff --git a/default/data/ui/views/url_filtering_overview.xml b/default/data/ui/views/url_filtering_overview.xml
new file mode 100644
index 00000000..ba924cec
--- /dev/null
+++ b/default/data/ui/views/url_filtering_overview.xml
@@ -0,0 +1,188 @@
+<form>
+  <label>URL Filtering Dashboard</label>
+  <description/>
+  <fieldset autoRun="true" submitButton="true">
+    <input type="time" searchWhenChanged="true">
+      <default>
+        <earliestTime>-60m@m</earliestTime>
+        <latestTime>now</latestTime>
+      </default>
+    </input>
+    <input type="text" token="src_ip">
+      <label>Source IP</label>
+      <default></default>
+      <prefix>src_ip="</prefix>
+      <suffix>"</suffix>
+    </input>
+    <input type="text" token="dst_ip">
+      <label>Destination IP</label>
+      <default></default>
+      <prefix>dst_ip="</prefix>
+      <suffix>"</suffix>
+    </input>
+    <input type="text" token="src_user">
+      <label>Source User</label>
+      <default></default>
+      <prefix>src_user="</prefix>
+      <suffix>"</suffix>
+    </input>
+    <input type="text" token="dst_hostname">
+      <label>Destination Hostname</label>
+      <default></default>
+      <prefix>dst_hostname="</prefix>
+      <suffix>"</suffix>
+    </input>
+    <input type="dropdown" token="app">
+      <label>Application</label>
+      <default></default>
+      <prefix>app="</prefix>
+      <suffix>"</suffix>
+      <choice value="">ANY</choice>
+      <populatingSearch fieldForValue="app" fieldForLabel="app_with_count">|tstats count(app) as count
+        FROM pan_web WHERE earliest=$earliest$ latest=$latest$ groupby app
+        | eval app_with_count = app . " (" . count . ")"</populatingSearch>
+    </input>
+    <input type="dropdown" token="vsys">
+      <label>Virtual System</label>
+      <default></default>
+      <prefix>vsys="</prefix>
+      <suffix>"</suffix>
+      <choice value="">ANY</choice>
+      <populatingSearch fieldForValue="vsys" fieldForLabel="vsys_with_count">|tstats count(vsys) as count
+        FROM pan_web WHERE earliest=$earliest$ latest=$latest$ groupby vsys
+        | eval vsys_with_count = vsys . " (" . count . ")"</populatingSearch>
+    </input>
+  </fieldset>
+  <row>
+    <chart>
+      <title>URL Filtering Actions</title>
+      <searchString>| tstats count(action) AS ca FROM pan_web WHERE earliest=$earliest$ latest=$latest$ $src_ip$ $dst_ip$ $app$ $src_user$ $vsys$ $dst_hostname$ groupby _time action | timechart values(ca) by action</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">column</option>
+      <option name="charting.chart.nullValueMode">connect</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">stacked</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">bottom</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_web_activity` earliest=$click.value$ [| stats count | eval latest = $click.value$ %2b 300 | fields latest] earliest = $click.value$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+    <chart>
+      <title>Applications</title>
+      <searchString>| tstats count(app) AS ca FROM pan_web WHERE earliest=$earliest$ latest=$latest$ $src_ip$ $dst_ip$ $app$ $src_user$ $vsys$ $dst_hostname$ groupby _time app | timechart values(ca) as count by app</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">column</option>
+      <option name="charting.chart.nullValueMode">connect</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">stacked</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">bottom</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_web_activity` app="$click.name2$" [| stats count | eval latest = $click.value$ %2b 300 | fields latest] earliest = $click.value$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+  </row>
+  <row>
+    <table>
+      <title>Application Users</title>
+      <searchString>| tstats count(src_user) AS ca FROM pan_web WHERE earliest=$earliest$ latest=$latest$ $src_ip$ $dst_ip$ $app$ $src_user$ $vsys$ $dst_hostname$ groupby src_user app | stats values(ca) as count by src_user app | sort -count</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <option name="list.drilldown">full</option>
+      <option name="list.wrap">1</option>
+      <option name="maxLines">5</option>
+      <option name="raw.drilldown">full</option>
+      <option name="rowNumbers">0</option>
+      <option name="table.drilldown">1</option>
+      <option name="table.sortDirection">asc</option>
+      <option name="table.wrap">1</option>
+      <option name="type">list</option>
+      <option name="wrap">false</option>
+      <option name="displayRowNumbers">true</option>
+      <option name="dataOverlayMode">none</option>
+      <option name="drilldown">row</option>
+      <option name="count">10</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_web_activity` src_user="$row.src_user$" app="$row.app$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </table>
+    <table>
+      <title>Host Categories</title>
+      <searchString>| tstats count(dst_hostname) AS cc FROM pan_web WHERE earliest=$earliest$ latest=$latest$ $src_ip$ $dst_ip$ $app$ $src_user$ $vsys$ $dst_hostname$ groupby dst_hostname category | stats values(cc) as count by dst_hostname category | sort -count</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <option name="wrap">false</option>
+      <option name="displayRowNumbers">true</option>
+      <option name="dataOverlayMode">none</option>
+      <option name="drilldown">row</option>
+      <option name="count">10</option>
+      <drilldown>
+        <link field="dst_hostname">
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_web_activity` dst_hostname="$row.dst_hostname$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+        <link field="category">
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_web_activity` category="$row.category$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </table>
+  </row>
+</form>
diff --git a/default/data/ui/views/web_usage_report.xml b/default/data/ui/views/web_usage_report.xml
old mode 100755
new mode 100644
index 0dc218e7..8be899cb
--- a/default/data/ui/views/web_usage_report.xml
+++ b/default/data/ui/views/web_usage_report.xml
@@ -1,186 +1,167 @@
-<view template="dashboard.html" stylesheet="web_activity.css" isSticky="False">
+<form>
   <label>Web Activity Report</label>
-  <module name="AccountBar" layoutPanel="appHeader" />
-  <module name="AppBar" layoutPanel="navigationHeader" />
-  <module name="Message" layoutPanel="messaging">
-    <param name="filter">*</param>
-    <param name="clearOnJobDispatch">False</param>
-    <param name="maxSize">2</param>
-  </module>
-  <module name="TitleBar" layoutPanel="viewHeader">
-    <param name="actionsMenuFilter">dashboard</param>
-  </module>
-  <module name="GenericHeader" layoutPanel="panel_row1_col1">
-    <param name="label">Web Activity Report</param>
-  </module>
-  <module name="StaticContentSample" layoutPanel="panel_row1_col1">
-    <param name="text">Detailed web acitivity report by user.</param>
-  </module>
-  <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp1">
-    <param name="label">Source IP:</param>
-    <param name="field">src_ip</param>
-    <param name="replacementMap">
-      <param name="arg">
-        <param name="src_ip">
-          <param name="value"></param>
-        </param>
-      </param>
-    </param>
-    <param name="intention">
-      <param name="name">stringreplace</param>
-      <param name="arg">
-        <param name="src_ip">
-          <param name="default"></param>
-          <param name="prefix">src_ip="</param>
-          <param name="suffix">"</param>
-          <param name="fillOnEmpty">false</param>
-        </param>
-      </param>
-    </param>
-    <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp1">
-      <param name="label">Source User:</param>
-      <param name="field">src_user</param>
-      <param name="replacementMap">
-        <param name="arg">
-          <param name="src_user">
-            <param name="value"></param>
-          </param>
-        </param>
-      </param>
-      <param name="intention">
-        <param name="name">stringreplace</param>
-        <param name="arg">
-          <param name="src_user">
-            <param name="default"></param>
-            <param name="prefix">src_user="</param>
-            <param name="suffix">"</param>
-            <param name="fillOnEmpty">false</param>
-          </param>
-        </param>
-      </param>
-      <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp2">
-        <param name="label">Destination Hostname:</param>
-        <param name="field">dst_hostname</param>
-        <param name="replacementMap">
-          <param name="arg">
-            <param name="dst_hostname">
-              <param name="value"></param>
-            </param>
-          </param>
-        </param>
-        <param name="intention">
-          <param name="name">stringreplace</param>
-          <param name="arg">
-            <param name="dst_hostname">
-              <param name="default"></param>
-              <param name="prefix">dst_hostname="</param>
-              <param name="suffix">"</param>
-              <param name="fillOnEmpty">false</param>
-            </param>
-          </param>
-        </param>
-        <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp2">
-        <param name="label">Virtual System:</param>
-        <param name="field">vsys</param>
-        <param name="replacementMap">
-          <param name="arg">
-            <param name="vsys">
-              <param name="value"></param>
-            </param>
-          </param>
-        </param>
-        <param name="intention">
-          <param name="name">stringreplace</param>
-          <param name="arg">
-            <param name="vsys">
-              <param name="default"></param>
-              <param name="prefix">vsys="</param>
-              <param name="suffix">"</param>
-              <param name="fillOnEmpty">false</param>
-            </param>
-          </param>
-        </param>
-        <module name="TimeRangePicker" layoutPanel="panel_row1_col1" autoRun="True">
-          <param name="selected">Last 60 minutes</param>
-          <param name="searchWhenChanged">True</param>
-  
-              <module name="HiddenSearch" layoutPanel="panel_row2_col1" group="Web Hits">
-                <param name="search">|tstats count(dst_hostname) AS cdh FROM pan_web WHERE * $vsys$ $src_ip$ $dst_hostname$ $src_user$  groupby dst_hostname | stats values(cdh) AS Count by dst_hostname | rename dst_hostname AS Hostname</param>
-                <module name="Paginator">
-                  <param name="count">10</param>
-                  <param name="entityName">results</param>
-                  <module name="SimpleResultsTable">
-                    <param name="drilldown">row</param>
-                    <module name="SimpleDrilldown">
-                      <param name="links">
-                        <param name="*">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` dst_hostname="$click.value$"</param>
-                      </param>
-                    </module>
-                  </module>
-                </module>
-              </module>
-              <module name="HiddenSearch" layoutPanel="panel_row2_col2">
-                <param name="search">|tstats count(category) AS cc FROM pan_web WHERE * $vsys$ $src_ip$ $dst_hostname$ $src_user$ groupby category </param>
-                <module name="HiddenChartFormatter">
-                  <param name="chartTitle">Top Category</param>
-                  <param name="legend.placement">bottom</param>
-                  <param name="chart">pie</param>
-                  <module name="JSChart">
-                    <param name="width">100%</param>
-                    <param name="height">250px</param>
-                    <module name="SimpleDrilldown">
-                      <param name="links">
-                        <param name="*">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` $click.name$="$click.value$"</param>
-                      </param>
-                    </module>
-                  </module>
-                </module>
-              </module>
-              <module name="HiddenSearch" layoutPanel="panel_row2_col3">
-                <param name="search">|tstats count(app) FROM pan_web WHERE * $vsys$ $src_ip$ $dst_hostname$ $src_user$ groupby app </param>
-                <module name="HiddenChartFormatter">
-                  <param name="chartTitle">Top App</param>
-                  <param name="legend.placement">bottom</param>
-                  <param name="chart">pie</param>
-                  <module name="JSChart">
-                    <param name="width">100%</param>
-                    <param name="height">250px</param>
-                    <module name="SimpleDrilldown">
-                      <param name="links">
-                        <param name="*">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` $click.name$="$click.value$"</param>
-                      </param>
-                    </module>
-                  </module>
-                </module>
-              </module>
-              <module name="HiddenSearch" layoutPanel="panel_row3_col1" group="Web Activity Summary">
-                <param name="search">|tstats count(action) AS Count FROM pan_web WHERE * $vsys$ $src_ip$ $dst_hostname$ $src_user$ groupby action category dst_hostname | rename action AS Action | rename category AS Category | rename dst_hostname AS Hostname</param>
-                <param name="groupLabel">Web Activity Summary</param>
-                <module name="ViewRedirectorLink">
-                  <param name="label">Print Report</param>
-                  <param name="popup">True</param>
-                  <param name="dispatchBeforeRedirect">True</param>
-                  <param name="viewTarget">web_usage_report_print</param>
-                </module>
-                <module name="Paginator">
-                  <param name="count">20</param>
-                  <param name="entityName">results</param>
-                  <module name="SimpleResultsTable">
-                    <param name="allowTransformedFieldSelect">True</param>
-                    <param name="drilldown">all</param>
-                    <module name="SimpleDrilldown">
-                      <param name="links">
-                        <param name="Action">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_web_activity` action="$row.Action$" category="$row.Category$" dst_hostname="$row.Hostname$"</param>
-                        <param name="Category">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_web_activity` category="$row.Category$"</param>
-                        <param name="Hostname">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_web_activity` dst_hostname="$row.Hostname$"</param>
-                      </param>
-                    </module>
-                  </module>
-                </module>
-              </module>
-            </module>
-          </module>
-        </module>
-      </module>
-    </module>
-</view>
+  <fieldset autoRun="true" submitButton="true">
+    <input type="time" searchWhenChanged="true">
+      <default>
+        <earliestTime>-60m</earliestTime>
+        <latestTime>now</latestTime>
+      </default>
+    </input>
+    <input type="text" token="src_ip">
+      <label>Source IP</label>
+      <default></default>
+      <prefix>src_ip="</prefix>
+      <suffix>"</suffix>
+    </input>
+    <input type="text" token="dst_hostname">
+      <label>Destination Hostname</label>
+      <default></default>
+      <prefix>dst_hostname="</prefix>
+      <suffix>"</suffix>
+    </input>
+    <input type="text" token="src_user">
+      <label>Source User</label>
+      <default></default>
+      <prefix>src_user="</prefix>
+      <suffix>"</suffix>
+    </input>
+    <input type="dropdown" token="vsys">
+      <label>Virtual System</label>
+      <default></default>
+      <prefix>vsys="</prefix>
+      <suffix>"</suffix>
+      <choice value="">ANY</choice>
+      <populatingSearch fieldForValue="vsys" fieldForLabel="vsys_with_count">|tstats count(vsys) as count
+        FROM pan_web WHERE earliest=$earliest$ latest=$latest$ groupby vsys
+        | eval vsys_with_count = vsys . " (" . count . ")"</populatingSearch>
+    </input>
+  </fieldset>
+  <row>
+    <table>
+      <title>Web Hits</title>
+      <searchString>| tstats count(dst_hostname) AS cdh FROM pan_web WHERE earliest=$earliest$ latest=$latest$ $vsys$ $src_ip$ $dst_hostname$ $src_user$  groupby dst_hostname | stats values(cdh) AS Count by dst_hostname | sort -Count | rename dst_hostname AS Hostname</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <option name="wrap">false</option>
+      <option name="displayRowNumbers">true</option>
+      <option name="dataOverlayMode">none</option>
+      <option name="drilldown">row</option>
+      <option name="count">10</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` dst_hostname="$click.value$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </table>
+    <chart>
+      <title>Categories</title>
+      <searchString>| tstats count(category) AS cc FROM pan_web WHERE earliest=$earliest$ latest=$latest$ $vsys$ $src_ip$ $dst_hostname$ $src_user$ groupby category</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` $click.name$="$click.value$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+    <chart>
+      <title>Applications</title>
+      <searchString>| tstats count(app) FROM pan_web WHERE earliest=$earliest$ latest=$latest$ $vsys$ $src_ip$ $dst_hostname$ $src_user$ groupby app</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` $click.name$="$click.value$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+  </row>
+  <row>
+    <table>
+      <title>Web Activity Summary</title>
+      <searchString>| tstats count(action) AS Count FROM pan_web WHERE earliest=$earliest$ latest=$latest$ $vsys$ $src_ip$ $dst_hostname$ $src_user$ groupby action category dst_hostname | sort -Count | rename action AS Action | rename category AS Category | rename dst_hostname AS Hostname</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <option name="wrap">false</option>
+      <option name="displayRowNumbers">true</option>
+      <option name="dataOverlayMode">none</option>
+      <option name="drilldown">row</option>
+      <option name="count">10</option>
+      <drilldown>
+        <link field="Action">
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_web_activity` action="$row.Action$" category="$row.Category$" dst_hostname="$row.Hostname$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+        <link field="Category">
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_web_activity` category="$row.Category$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+        <link field="Hostname">
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_web_activity` dst_hostname="$row.Hostname$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </table>
+  </row>
+</form>
diff --git a/default/data/ui/views/web_usage_report_print.xml b/default/data/ui/views/web_usage_report_print.xml
deleted file mode 100755
index 898cddb5..00000000
--- a/default/data/ui/views/web_usage_report_print.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<view template="dashboard.html" stylesheet="web_activity.css" isSticky="False">
-  <label>Web Activty Report Print</label>
-  <module name="HiddenSearch" layoutPanel="panel_row1_col1" autoRun="True">
-    <param name="search">nothing</param>
-    <module name="HiddenPostProcess" layoutPanel="panel_row1_col1" group="Web Activity Summary">
-      <param name="search">`PAN-Threat-Web-Activty-Web-Summary`</param>
-      <param name="groupLabel">Web Activity Summary</param>
-      <module name="JobProgressIndicator"></module>
-      <module name="SimpleResultsTable">
-        <param name="count">10000</param>
-        <param name="entityName">results</param>
-      </module>
-    </module>
-  </module>
-</view>
diff --git a/default/data/ui/views/wildfire_overview.xml b/default/data/ui/views/wildfire_overview.xml
old mode 100755
new mode 100644
index 80cf8f0a..657c708d
--- a/default/data/ui/views/wildfire_overview.xml
+++ b/default/data/ui/views/wildfire_overview.xml
@@ -1,363 +1,347 @@
-<view template="dashboard.html" stylesheet="wildfire_overview.css">
-    <label>WildFire Dashboard</label>
-    <module name="AccountBar" layoutPanel="appHeader"/>
-    <module name="AppBar" layoutPanel="navigationHeader"/>
-    <module name="Message" layoutPanel="messaging">
-        <param name="filter">*</param>
-        <param name="clearOnJobDispatch">False</param>
-        <param name="maxSize">1</param>
-    </module>
-    <module name="TitleBar" layoutPanel="viewHeader">
-        <param name="actionsMenuFilter">dashboard</param>
-    </module>
-    <module name="GenericHeader" layoutPanel="panel_row1_col1">
-        <param name="label">WildFire Dashboard</param>
-    </module>
-    <module name="StaticContentSample" layoutPanel="panel_row1_col1">
-        <param name="text">This dashboard provides visibility into WildFire activity in your Palo Alto Networks
-            environment. WildFire data is collected from the firewall logs and the WildFire Cloud.  Data can be filtered by type using the form fields.  Note:  This dashboard shows statistics for malicious WildFire events only.
-        </param>
-    </module>
-
-        <module name="TimeRangePicker" layoutPanel="panel_row1_col1" autoRun="True">
-            <param name="selected">Last 60 minutes</param>
-            <param name="searchWhenChanged">True</param>
-            <module name="ViewRedirectorLink">
-                <param name="viewTarget">flashtimeline</param>
-                <param name="label">View Full Report</param>
-            </module>
-            <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp1">
-                <param name="label">Source IP:</param>
-                <param name="field">src_ip</param>
-                <param name="replacementMap">
-                    <param name="arg">
-                        <param name="src_ip">
-                            <param name="value"></param>
-                        </param>
-                    </param>
-                </param>
-                <param name="intention">
-                    <param name="name">stringreplace</param>
-                    <param name="arg">
-                        <param name="src_ip">
-                            <param name="prefix">src_ip="</param>
-                            <param name="suffix">"</param>
-                            <param name="fillOnEmpty">False</param>
-                        </param>
-                    </param>
-                </param>
-                <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp1">
-                    <param name="label">Destination IP:</param>
-                    <param name="field">dst_ip</param>
-                    <param name="replacementMap">
-                        <param name="arg">
-                            <param name="dst_ip">
-                                <param name="value"></param>
-                            </param>
-                        </param>
-                    </param>
-                    <param name="intention">
-                        <param name="name">stringreplace</param>
-                        <param name="arg">
-                            <param name="dst_ip">
-                                <param name="prefix">dst_ip="</param>
-                                <param name="suffix">"</param>
-                                <param name="fillOnEmpty">false</param>
-                            </param>
-                        </param>
-                    </param>
-                    <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp1">
-                        <param name="label">User:</param>
-                        <param name="field">dst_user</param>
-                        <param name="replacementMap">
-                            <param name="arg">
-                                <param name="dst_user">
-                                    <param name="value"></param>
-                                </param>
-                                <param name="src_user">
-                                    <param name="value"></param>
-                                </param>
-                            </param>
-                        </param>
-                        <param name="intention">
-                            <param name="name">stringreplace</param>
-                            <param name="arg">
-                                <param name="dst_user">
-                                    <param name="prefix">dst_user="</param>
-                                    <param name="suffix">"</param>
-                                    <param name="fillOnEmpty">false</param>
-                                </param>
-                                <param name="src_user">
-                                    <param name="prefix">src_user="</param>
-                                    <param name="suffix">"</param>
-                                    <param name="fillOnEmpty">false</param>
-                                </param>
-                            </param>
-                        </param>
-                        <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp2">
-                            <param name="label">App:</param>
-                            <param name="field">app</param>
-                            <param name="replacementMap">
-                                <param name="arg">
-                                    <param name="app">
-                                        <param name="value"></param>
-                                    </param>
-                                </param>
-                            </param>
-                            <param name="intention">
-                                <param name="name">stringreplace</param>
-                                <param name="arg">
-                                    <param name="app">
-                                        <param name="prefix">app="</param>
-                                        <param name="suffix">"</param>
-                                        <param name="fillOnEmpty">false</param>
-                                    </param>
-                                </param>
-                            </param>
-                            <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp2">
-                                <param name="label">Filename:</param>
-                                <param name="field">misc</param>
-                                <param name="replacementMap">
-                                    <param name="arg">
-                                        <param name="misc">
-                                            <param name="value"></param>
-                                        </param>
-                                    </param>
-                                </param>
-                                <param name="intention">
-                                    <param name="name">stringreplace</param>
-                                    <param name="arg">
-                                        <param name="misc">
-                                            <param name="default"></param>
-                                            <param name="prefix">misc="</param>
-                                            <param name="suffix">"</param>
-                                            <param name="fillOnEmpty">false</param>
-                                        </param>
-                                    </param>
-                                </param>
-                                <module name="ExtendedFieldSearch" layoutPanel="panel_row1_col2_grp2">
-                                    <param name="label">Virtual System:</param>
-                                    <param name="field">vsys</param>
-                                    <param name="replacementMap">
-                                        <param name="arg">
-                                            <param name="vsys">
-                                                <param name="value"></param>
-                                            </param>
-                                        </param>
-                                    </param>
-                                    <param name="intention">
-                                        <param name="name">stringreplace</param>
-                                        <param name="arg">
-                                            <param name="vsys">
-                                                <param name="prefix">vsys="</param>
-                                                <param name="suffix">"</param>
-                                                <param name="fillOnEmpty">false</param>
-                                            </param>
-                                        </param>
-                                    </param>
-                                        <module name="HiddenSearch" layoutPanel="panel_row2_col1">
-                                            <param name="search">| tstats count(category) AS ccat FROM pan_wildfire WHERE * $src_ip$ $dst_ip$ $dst_user$ $misc$ $vsys$ $app$ groupby _time category span=5m | timechart values(ccat) by category</param>
-                                            <module name="HiddenChartFormatter">
-                                                <param name="chartTitle">All WildFire Events by Category</param>
-                                                <param name="chart">column</param>
-                                                <param name="chart.stackMode">stacked</param>
-                                                <param name="legend.placement">bottom</param>
-                                                <module name="JSChart">
-                                                    <param name="width">100%</param>
-                                                    <module name="SimpleDrilldown">
-                                                        <param name="links">
-                                                            <param name="*">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_wildfire` category="$click.name2$" earliest=$click.value$ [| stats count | eval latest = $click.value$ %2b 300 | fields latest]</param>
-                                                        </param>
-                                                    </module>
-                                                </module>
-                                            </module>
-                                          <module name="StaticContentSample" layoutPanel="panel_row2_col1">
-                                            <param name="text">This chart shows all WildFire events including benign events.  Other charts on this dashboard only show malicious WildFire events.
-                                            </param>
-                                          </module>
-                                        </module>
-                                        <module name="HiddenSearch" layoutPanel="panel_row2_col2" group="Recent Malware Download Attempts">
-                                          <param name="search">|`tstats` count(dst_user) AS ca FROM pan_wildfire WHERE * category="malicious" $src_ip$ $dst_ip$ $dst_user$ $misc$ $vsys$ $app$ groupby _time dst_ip misc dst_user | table _time dst_ip dst_user misc |
-                                            rename dst_user AS "Destination User" |
-                                            rename dst_ip AS "Destination IP" |
-                                            rename action AS Action |
-                                            rename misc AS Filename</param>
-                                            <module name="Paginator">
-                                                <param name="count">7</param>
-                                                <param name="entityName">results</param>
-                                                <module name="SimpleResultsTable">
-                                                  <param name="allowTransformedFieldSelect">True</param>
-                                                  <param name="drilldown">all</param>
-                                                  <module name="SimpleDrilldown">
-                                                    <param name="links">
-                                                      <param name="*">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` dst_user="$row.Destination User$" dst_ip="$row.Destination IP$" misc="$row.Filename$"</param>
-                                                    </param>
-                                                  </module>
-                                                </module>
-                                            </module>
-                                        </module>
-                                        <module name="HiddenSearch" layoutPanel="panel_row4_col1">
-                                            <param name="search">| tstats count(misc) AS cti FROM pan_wildfire WHERE * category="malicious" $src_ip$ $dst_ip$ $dst_user$ $misc$ $vsys$ $app$ groupby misc</param>
-                                            <module name="HiddenChartFormatter">
-                                                <param name="chartTitle">Top Malware</param>
-                                                <param name="chart">pie</param>
-                                                <param name="legend.placement">bottom</param>
-                                                <module name="JSChart">
-                                                    <param name="width">100%</param>
-                                                    <param name="height">250px</param>
-                                                    <module name="SimpleDrilldown">
-                                                        <param name="links">
-                                                            <param name="*">
-                                                                wildfire_overview?earliest=$earliest$&amp;latest=$latest$&amp;form.misc=$click.value$
-                                                            </param>
-                                                        </param>
-                                                    </module>
-                                                </module>
-                                            </module>
-                                        </module>
-                                        <module name="HiddenSearch" layoutPanel="panel_row4_col2">
-                                            <param name="search">| tstats count(app) AS ca FROM pan_wildfire WHERE * category="malicious" $src_ip$ $dst_ip$ $dst_user$ $misc$ $vsys$ $app$ groupby app</param>
-                                            <module name="HiddenChartFormatter">
-                                                <param name="chartTitle">Malware Downloads by App</param>
-                                                <param name="chart">pie</param>
-                                                <param name="legend.placement">bottom</param>
-                                                <module name="JSChart">
-                                                    <param name="width">100%</param>
-                                                    <param name="height">250px</param>
-                                                    <module name="SimpleDrilldown">
-                                                        <param name="links">
-                                                            <param name="*">
-                                                                wildfire_overview?earliest=$earliest$&amp;latest=$latest$&amp;form.application=$click.value$
-                                                            </param>
-                                                        </param>
-                                                    </module>
-                                                </module>
-                                            </module>
-                                        </module>
-                                        <module name="HiddenSearch" layoutPanel="panel_row4_col3">
-                                            <param name="search">| tstats count(dst_user) AS cti FROM pan_wildfire WHERE * category="malicious" $src_ip$ $dst_ip$ $dst_user$ $misc$ $vsys$ $app$ $dst_user$ groupby dst_user </param>
-                                            <module name="HiddenChartFormatter">
-                                                <param name="chartTitle">Malware Downloaders by User</param>
-                                                <param name="chart">pie</param>
-                                                <param name="legend.placement">bottom</param>
-                                                <module name="JSChart">
-                                                    <param name="width">100%</param>
-                                                    <param name="height">250px</param>
-                                                    <module name="SimpleDrilldown">
-                                                        <param name="links">
-                                                            <param name="*">
-                                                                wildfire_overview?earliest=$earliest$&amp;latest=$latest$&amp;form.dst_user=$click.value$
-                                                            </param>
-                                                        </param>
-                                                    </module>
-                                                </module>
-                                            </module>
-                                        </module>
-                                        <module name="HiddenSearch" layoutPanel="panel_row5_col1">
-                                            <param name="search">| tstats count(src_ip) AS csrc FROM pan_wildfire WHERE * category="malicious" $src_ip$ $dst_ip$ $dst_user$ $misc$ $vsys$ $app$ groupby src_ip</param>
-                                            <module name="HiddenChartFormatter">
-                                                <param name="chartTitle">Top Malware Sources</param>
-                                                <param name="chart">pie</param>
-                                                <param name="legend.placement">bottom</param>
-                                                <module name="JSChart">
-                                                    <param name="width">100%</param>
-                                                    <param name="height">250px</param>
-                                                    <module name="SimpleDrilldown">
-                                                        <param name="links">
-                                                            <param name="*">
-                                                                wildfire_overview?earliest=$earliest$&amp;latest=$latest$&amp;form.src_ip=$click.value$
-                                                            </param>
-                                                        </param>
-                                                    </module>
-                                                </module>
-                                            </module>
-                                        </module>
-                                        <module name="HiddenSearch" layoutPanel="panel_row5_col2">
-                                          <param name="search">|`tstats` count(action) AS cact FROM pan_wildfire WHERE * category="malicious" (action=wildfire-upload-success OR action=wildfire-upload-skip) $src_ip$ $dst_ip$ $dst_user$ $misc$ $vsys$ $app$ groupby action |
-                                            replace wildfire-upload-success with "New Malware" in action |
-                                            replace alert with "Known Malware" in action |
-                                            replace wildfire-upload-skip with "Known Malware" in action |
-                                            stats sum(cact) by action
-                                            </param>
-                                            <module name="HiddenChartFormatter">
-                                                <param name="chartTitle">Previously Analyzed Malware</param>
-                                                <param name="chart">pie</param>
-                                                <param name="legend.placement">bottom</param>
-                                                <module name="JSChart">
-                                                    <param name="width">100%</param>
-                                                    <param name="height">250px</param>
-                                                  <module name="SimpleDrilldown">
-                                                    <param name="links">
-                                                      <param name="*">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` action="$click.value$"
-                                                      </param>
-                                                    </param>
-                                                  </module>
-                                                </module>
-                                            </module>
-                                        </module>
-                                        <module name="HiddenSearch" layoutPanel="panel_row5_col3">
-                                            <param name="search">| tstats count(dst_ip) AS cti FROM pan_wildfire WHERE * category="malicious" $src_ip$ $dst_ip$ $dst_user$ $misc$ $vsys$ $app$ groupby dst_ip</param>
-                                            <module name="HiddenChartFormatter">
-                                                <param name="chartTitle">Top Malware Downloaders by IP</param>
-                                                <param name="chart">pie</param>
-                                                <param name="legend.placement">bottom</param>
-                                                <module name="JSChart">
-                                                    <param name="width">100%</param>
-                                                    <param name="height">250px</param>
-                                                    <module name="SimpleDrilldown">
-                                                        <param name="links">
-                                                            <param name="*">
-                                                                wildfire_overview?earliest=$earliest$&amp;latest=$latest$&amp;form.dst_ip=$click.value$
-                                                            </param>
-                                                        </param>
-                                                    </module>
-                                                </module>
-                                            </module>
-                                        </module>
-                                        <module name="HiddenSearch" layoutPanel="panel_row3_col1" group="Possible Malware Traffic">
-                                          <param name="search"> |`tstats` count(dst_ip) AS cdip FROM pan_wildfire_report_malware_traffic WHERE * NOT (protocol=udp AND dst_port=53) groupby dst_ip dst_port report_id protocol | table report_id dst_ip dst_port protocol |
-                                            join protocol dst_ip dst_port [ |`tstats` count(src_ip) FROM pan_traffic WHERE * (NOT (protocol=udp AND dst_port=53)) $src_ip$ $dst_ip$ $src_user$ $vsys$ $app$ groupby _time src_ip dst_ip dst_port protocol app src_user | dedup 1 src_ip dst_ip dst_port protocol app src_user | table _time src_ip src_user dst_port dst_ip protocol app | rename _time AS traffic_time ] |
-                                            rename src_user AS "User" | rename src_ip AS "Source IP" |
-                                            eval "Traffic Link" = "View Traffic Logs" | eval "WildFire Link" = "View Wildfire Report" |
-                                            table traffic_time "Source IP" "User" dst_ip dst_port protocol app report_id "Traffic Link" "WildFire Link" |
-                                            rename traffic_time AS _time |
-                                            rename dst_ip AS "Dst_IP" |
-                                            rename dst_port AS "Dst_Port" |
-                                            rename protocol AS "Protocol" |
-                                            rename app AS "Application" |
-                                            rename report_id AS "WildFire Report ID"</param>
-                                            <module name="Paginator">
-                                                <param name="count">10</param>
-                                                <param name="entityName">results</param>
-                                                <module name="SimpleResultsTable">
-                                                  <param name="allowTransformedFieldSelect">True</param>
-                                                  <param name="drilldown">all</param>
-                                                  <param name="displayMenu">true</param>
-                                                  <module name="SimpleDrilldown">
-                                                    <param name="links">
-                                                      <param name="*">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` src_ip="$row.Source IP$" dst_ip="$row.Dst_IP$" dst_port="$row.Dst_Port$" protocol="$row.Protocol$"</param>
-                                                      <param name="Source IP">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` $row.Source IP$</param>
-                                                      <param name="User">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` $row.User$</param>
-                                                      <param name="Dst_IP">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` $row.Dst_IP$</param>
-                                                      <param name="Dst_Port">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` $row.Dst_Port$</param>
-                                                      <param name="Protocol">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` $row.Protocol$</param>
-                                                      <param name="Application">./flashtimeline?earliest=$earliest$&amp;latest=$latest$&amp;q=`pan_index` $row.Application$</param>
-                                                      <param name="WildFire Report ID">./flashtimeline?earliest=0&amp;q=`pan_index` $row.WildFire Report ID$</param>
-                                                      <param name="WildFire Link">./flashtimeline?earliest=0&amp;q=`pan_index` (sourcetype="pan_wildfire_report" wildfire.report.id="$row.WildFire Report ID$") OR (sourcetype="pan_threat" log_subtype="wildfire" threat_id="$row.WildFire Report ID$($row.WildFire Report ID$)")</param>
-                                                    </param>
-                                                  </module>
-                                                </module>
-                                            </module>
-                                          <module name="StaticContentSample" layoutPanel="panel_row3_col1">
-                                            <param name="text">This table shows hosts that may be compromised because they show network behavior consistent with an analyzed malware sample. This data is based on a correlation of traffic logs and malware network behavior from WildFire Cloud analysis reports.  (Note: To download WildFire reports, this correlation requires a <![CDATA[<a href="/manager/SplunkforPaloAltoNetworks/apps/local/SplunkforPaloAltoNetworks/setup?action=edit">WildFire API Key</a>]]>)
-                                            </param>
-                                          </module>
-                                        </module>
-                                </module>
-                            </module>
-                        </module>
-                    </module>
-                </module>
-            </module>
-        </module>
-</view>
+<form>
+  <label>WildFire Dashboard</label>
+  <fieldset autoRun="true" submitButton="true">
+    <input type="time" searchWhenChanged="true">
+      <default>
+        <earliestTime>-60m</earliestTime>
+        <latestTime>now</latestTime>
+      </default>
+    </input>
+    <input type="text" token="src_ip">
+      <label>Source IP</label>
+      <default></default>
+      <prefix>src_ip="</prefix>
+      <suffix>"</suffix>
+    </input>
+    <input type="text" token="dst_ip">
+      <label>Destination IP</label>
+      <default></default>
+      <prefix>dst_ip="</prefix>
+      <suffix>"</suffix>
+    </input>
+    <input type="text" token="misc">
+      <label>Filename</label>
+      <default></default>
+      <prefix>misc="</prefix>
+      <suffix>"</suffix>
+    </input>
+    <input type="text" token="dst_user">
+      <label>User</label>
+      <default></default>
+      <prefix>dst_user="</prefix>
+      <suffix>"</suffix>
+    </input>
+    <input type="dropdown" token="app">
+      <label>Application</label>
+      <default></default>
+      <prefix>app="</prefix>
+      <suffix>"</suffix>
+      <choice value="">ANY</choice>
+      <populatingSearch fieldForValue="app" fieldForLabel="app_with_count">|tstats count(app) as count
+        FROM pan_wildfire WHERE earliest=$earliest$ latest=$latest$ groupby app
+        | eval app_with_count = app . " (" . count . ")"</populatingSearch>
+    </input>
+    <input type="dropdown" token="vsys">
+      <label>Virtual System</label>
+      <default></default>
+      <prefix>vsys="</prefix>
+      <suffix>"</suffix>
+      <choice value="">ANY</choice>
+      <populatingSearch fieldForValue="vsys" fieldForLabel="vsys_with_count">|tstats count(vsys) as count
+        FROM pan_wildfire WHERE earliest=$earliest$ latest=$latest$ groupby vsys
+        | eval vsys_with_count = vsys . " (" . count . ")"</populatingSearch>
+    </input>
+  </fieldset>
+  <row>
+    <chart>
+      <title>All WildFire Events by Category</title>
+      <searchString>| tstats count(category) AS ccat FROM pan_wildfire WHERE earliest=$earliest$ latest=$latest$ $src_ip$ $dst_ip$ $dst_user$ $misc$ $vsys$ $app$ groupby _time category | timechart values(ccat) by category</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">column</option>
+      <option name="charting.chart.nullValueMode">connect</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">stacked</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">bottom</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_wildfire` category="$click.name2$" earliest=$click.value$ [| stats count | eval latest = $click.value$ %2b 300 | fields latest]
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+    <table>
+      <title>Recent Malware Download Attempts</title>
+      <searchString>| tstats count(dst_user) AS ca FROM pan_wildfire WHERE earliest=$earliest$ latest=$latest$ category="malicious" $src_ip$ $dst_ip$ $dst_user$ $misc$ $vsys$ $app$ groupby _time dst_ip misc dst_user | table _time dst_ip dst_user misc | sort -_time | rename dst_user AS "Destination User" | rename dst_ip AS "Destination IP" | rename action AS Action | rename misc AS Filename</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">area</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">stacked</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">bottom</option>
+      <option name="wrap">false</option>
+      <option name="displayRowNumbers">true</option>
+      <option name="dataOverlayMode">none</option>
+      <option name="drilldown">row</option>
+      <option name="count">7</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` dst_ip="$row.Destination IP$" misc="$row.Filename$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </table>
+  </row>
+  <row>
+    <table>
+      <title>Possible Malware Traffic</title>
+      <searchString>| tstats count(dst_ip) AS cdip FROM pan_wildfire_report_malware_traffic WHERE earliest=$earliest$ latest=$latest$ NOT (protocol=udp AND dst_port=53) groupby dst_ip dst_port report_id protocol | table report_id dst_ip dst_port protocol | join protocol dst_ip dst_port [ | tstats count(src_ip) FROM pan_traffic WHERE earliest=$earliest$ latest=$latest$ (NOT (protocol=udp AND dst_port=53)) $src_ip$ $dst_ip$ $vsys$ $app$ groupby _time src_ip dst_ip dst_port protocol app src_user | dedup 1 src_ip dst_ip dst_port protocol app src_user | table _time src_ip src_user dst_port dst_ip protocol app | rename _time AS traffic_time ] | rename src_user AS "User" | rename src_ip AS "Source IP" | eval "Traffic Link" = "View Traffic Logs" | eval "WildFire Link" = "View Wildfire Report" | table traffic_time "Source IP" "User" dst_ip dst_port protocol app report_id "Traffic Link" "WildFire Link" | rename traffic_time AS _time | rename dst_ip AS "Dst_IP" | rename dst_port AS "Dst_Port" | rename protocol AS "Protocol" | rename app AS "Application" | rename report_id AS "WildFire Report ID" | sort -_time</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">bar</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">bottom</option>
+      <option name="wrap">false</option>
+      <option name="displayRowNumbers">true</option>
+      <option name="dataOverlayMode">none</option>
+      <option name="drilldown">cell</option>
+      <option name="count">10</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` src_ip="$row.Source IP$" dst_ip="$row.Dst_IP$" dst_port="$row.Dst_Port$" protocol="$row.Protocol$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+        <link field="Source IP">
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` $row.Source IP$&earliest=$earliest$&latest=$latest$
+          ]]>
+        </link>
+        <link field="User">
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` $row.User$&earliest=$earliest$&latest=$latest$
+          ]]>
+        </link>
+        <link field="Dst_IP">
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` $row.Dst_IP$&earliest=$earliest$&latest=$latest$
+          ]]>
+        </link>
+        <link field="Dst_Port">
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` $row.Dst_Port$&earliest=$earliest$&latest=$latest$
+          ]]>
+        </link>
+        <link field="Protocol">
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` $row.Protocol$&earliest=$earliest$&latest=$latest$
+          ]]>
+        </link>
+        <link field="Application">
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` $row.Application$&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+        <link field="WildFire Report ID">
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` $row.WildFire Report ID$
+	  ]]>
+        </link>
+        <link field="WildFire Link">
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_index` (sourcetype="pan_wildfire_report" wildfire.report.id="$row.WildFire Report ID$") OR (sourcetype="pan_threat" log_subtype="wildfire" threat_id="$row.WildFire Report ID$($row.WildFire Report ID$)")&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </table>
+  </row>
+  <row>
+    <chart>
+      <title>Top Malware</title>
+      <searchString>| tstats count(misc) AS cti FROM pan_wildfire WHERE earliest=$earliest$ latest=$latest$ category="malicious" $src_ip$ $dst_ip$ $dst_user$ $misc$ $vsys$ $app$ groupby misc</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/wildfire_overview?form.$click.name$=$click.value$&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+    <chart>
+      <title>Malware Downloads by Application</title>
+      <searchString>| tstats count(app) AS ca FROM pan_wildfire WHERE earliest=$earliest$ latest=$latest$ category="malicious" $src_ip$ $dst_ip$ $dst_user$ $misc$ $vsys$ $app$ groupby app</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/wildfire_overview?form.$click.name$=$click.value$&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+    <chart>
+      <title>Malware Downloaders by User</title>
+      <searchString>| tstats count(dst_user) AS cti FROM pan_wildfire WHERE earliest=$earliest$ latest=$latest$ category="malicious" $src_ip$ $dst_ip$ $dst_user$ $misc$ $vsys$ $app$ $dst_user$ groupby dst_user</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/wildfire_overview?form.user=$click.value$&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+  </row>
+  <row>
+    <chart>
+      <title>Malware Sources</title>
+      <searchString>| tstats count(src_ip) AS csrc FROM pan_wildfire WHERE earliest=$earliest$ latest=$latest$ category="malicious" $src_ip$ $dst_ip$ $dst_user$ $misc$ $vsys$ $app$ groupby src_ip</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/wildfire_overview?form.$click.name$=$click.value$&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+    <chart>
+      <title>Previously Analyzed Malware</title>
+      <searchString>| tstats count(action) AS cact FROM pan_wildfire WHERE earliest=$earliest$ latest=$latest$ category="malicious" groupby action | replace alert with wildfire-upload-skip in action | replace wildfire-upload-success with "New Malware" in action | replace alert with "Known Malware" in action | replace wildfire-upload-skip with "Known Malware" in action | stats sum(cact) by action</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/search?q=`pan_wildfire` action="$click.value$"&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+    <chart>
+      <title>Malware Downloaders by IP</title>
+      <searchString>| tstats count(dst_ip) AS cti FROM pan_wildfire WHERE earliest=$earliest$ latest=$latest$ category="malicious" $src_ip$ $dst_ip$ $dst_user$ $misc$ $vsys$ $app$ groupby dst_ip</searchString>
+      <earliestTime>$earliest$</earliestTime>
+      <latestTime>$latest$</latestTime>
+      <option name="charting.axisTitleX.visibility">visible</option>
+      <option name="charting.axisTitleY.visibility">visible</option>
+      <option name="charting.axisX.scale">linear</option>
+      <option name="charting.axisY.scale">linear</option>
+      <option name="charting.chart">pie</option>
+      <option name="charting.chart.nullValueMode">gaps</option>
+      <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
+      <option name="charting.chart.stackMode">default</option>
+      <option name="charting.chart.style">shiny</option>
+      <option name="charting.drilldown">all</option>
+      <option name="charting.layout.splitSeries">0</option>
+      <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
+      <option name="charting.legend.placement">right</option>
+      <drilldown>
+        <link>
+          <![CDATA[
+            /app/SplunkforPaloAltoNetworks/wildfire_overview?form.$click.name$=$click.value$&earliest=$earliest$&latest=$latest$
+	  ]]>
+        </link>
+      </drilldown>
+    </chart>
+  </row>
+</form>
diff --git a/default/macros.conf b/default/macros.conf
index 1cb3c624..ba638649 100755
--- a/default/macros.conf
+++ b/default/macros.conf
@@ -7,10 +7,10 @@
 definition = index=pan_logs
 
 [pan_threat]
-definition = `pan_index` (sourcetype="pan_threat" OR sourcetype="pan_threat-2050") NOT "THREAT,url"
+definition = `pan_index` sourcetype="pan_threat" (log_subtype!="file" AND log_subtype!="url" AND log_subtype!="data" AND log_subtype!="wildfire")
 
 [pan_threat_all]
-definition = `pan_index` (sourcetype="pan_threat" OR sourcetype="pan_threat-2050")
+definition = `pan_index` sourcetype="pan_threat"
 
 [pan_traffic]
 definition = `pan_index` sourcetype="pan_traffic"
@@ -22,19 +22,25 @@ definition = `pan_index` sourcetype="pan_system"
 definition = `pan_index` sourcetype="pan_config"
 
 [pan_web_activity]
-definition = `pan_index` "THREAT,url" (sourcetype="pan_threat" OR sourcetype="pan_threat-2050") 
+definition = `pan_index` log_subtype="url" sourcetype="pan_threat"
 
 [pan_url]
-definition = `pan_index` "THREAT,url" (sourcetype="pan_threat" OR sourcetype="pan_threat-2050") 
+definition = `pan_index` log_subtype="url" sourcetype="pan_threat"
 
 [pan_data_filtering]
-definition = `pan_index` "THREAT,data" (sourcetype="pan_threat" OR sourcetype="pan_threat-2050") 
+definition = `pan_index` log_subtype="data" sourcetype="pan_threat"
 
 [pan_data]
-definition = `pan_index` "THREAT,data" (sourcetype="pan_threat" OR sourcetype="pan_threat-2050") 
+definition = `pan_index` log_subtype="data" sourcetype="pan_threat"
+
+[pan_file_blocking]
+definition = `pan_index` log_subtype="file" sourcetype="pan_threat"
+
+[pan_file]
+definition = `pan_index` log_subtype="file" sourcetype="pan_threat"
 
 [pan_wildfire]
-definition = `pan_index` "THREAT,wildfire" (sourcetype="pan_threat" OR sourcetype="pan_threat-2050")
+definition = `pan_index` log_subtype="wildfire" sourcetype="pan_threat"
 
 [pan_wildfire_report]
 definition = `pan_index` sourcetype="pan_wildfire_report"
diff --git a/default/props.conf b/default/props.conf
index 3765bfaa..fb18fd97 100755
--- a/default/props.conf
+++ b/default/props.conf
@@ -1,7 +1,7 @@
 LOOKUP-vendor_info_for_pan_config = pan_vendor_info_lookup sourcetype OUTPUT vendor,product
 
 [pan_log]
-TRANSFORMS-sourcetype = pan_threat, pan_traffic, pan_system, pan_config, pan_threat-2050
+TRANSFORMS-sourcetype = pan_threat, pan_traffic, pan_system, pan_config
 SHOULD_LINEMERGE = false
 MAX_TIMESTAMP_LOOKAHEAD = 44
 pulldown_type = true
@@ -23,23 +23,6 @@ FIELDALIAS-dest_for_pan_threat = dst_ip as dest
 FIELDALIAS-dest-port_for_pan_threat = dst_port as dest_port
 FIELDALIAS-rule_name_for_pan_threat = rule_name as rule
 
-
-[pan_threat-2050]
-REPORT-search = extract_threat-2050
-REPORT-threatid = extract_threatid
-REPORT-urlhost = extract_urlhost
-SHOULD_LINEMERGE = false
-lookup_table = threat_lookup threat_id
-lookup_table = app_lookup app
-FIELDALIAS = "application" AS "app" "virtual_system" AS "vsys"
-# Field Aliases to map palo alto fields to the Splunk Common Information Model
-FIELDALIAS-dvc_for_pan_threat = host as dvc
-FIELDALIAS-transport_for_pan_threat = protocol as transport
-FIELDALIAS-src_for_pan_threat = src_ip as src
-FIELDALIAS-dest_for_pan_threat = dst_ip as dest
-FIELDALIAS-dest-port_for_pan_threat = dst_port as dest_port
-FIELDALIAS-rule_name_for_pan_threat = rule_name as rule
-
 [pan_traffic]
 REPORT-search = extract_traffic
 SHOULD_LINEMERGE = false
@@ -53,7 +36,6 @@ FIELDALIAS-dest_for_pan_traffic = dst_ip as dest
 FIELDALIAS-dest-port_for_pan_traffic = dst_port as dest_port
 FIELDALIAS-rule_name_for_pan_traffic = rule_name as rule
 
-
 [pan_system]
 REPORT-search = extract_system
 SHOULD_LINEMERGE = false
diff --git a/default/savedsearches.conf b/default/savedsearches.conf
index ac244444..3cf6c3e4 100755
--- a/default/savedsearches.conf
+++ b/default/savedsearches.conf
@@ -69,7 +69,7 @@ displayview = flashtimeline
 enableSched = 1
 realtime_schedule = 0
 request.ui_dispatch_view = flashtimeline
-search = `pan_wildfire` | rex field=threat_id "\((?<report_id>\d+)\)" | table _time report_id dst_user dst_location src_ip dst_ip category app threat_id action vsys misc | tscollect namespace=pan_wildfire
+search = `pan_wildfire` | rex field=threat_id "\((?<report_id>\d+)\)" | table _time report_id dst_user dst_location src_ip dst_ip category app threat_id action vsys misc | fillnull value="" dst_user | tscollect namespace=pan_wildfire
 disabled = 0
 
 [PAN - WildFire Reports - Retrieve]
@@ -109,7 +109,7 @@ displayview = flashtimeline
 enableSched = 1
 realtime_schedule = 0
 request.ui_dispatch_view = flashtimeline
-search = `pan_config` | table _time vsys host admin client cmd configuration_path result serial_number log_subtype| tscollect namespace=pan_config
+search = `pan_config` | table _time vsys host admin client cmd configuration_path result serial_number log_subtype | fillnull value="" configuration_path | tscollect namespace=pan_config
 disabled = 0
 
 [PAN - Traffic - Applications]
@@ -120,4 +120,4 @@ dispatch.earliest_time = rt-5m
 dispatch.latest_time = rt
 displayview = flashtimeline
 request.ui_dispatch_view = flashtimeline
-search = `pan_index` sourcetype=pan_traffic  | stats sparkline sum(bytes) AS sbytes by app vsys src_zone | sort -sbytes | head 5 | eval Application=upper(app) | eval "Volume in MB"=round(sbytes/1024/1024) |rename sparkline AS Distribution | rename vsys AS VSYS| rename src_zone AS "Source Zone" | table Application VSYS "Source Zone" "Volume in MB" Distribution
+search = `pan_index` sourcetype=pan_traffic  | stats sparkline sum(bytes) AS sbytes by app vsys src_zone | sort -sbytes | head 8 | eval Application=upper(app) | eval "Vol in MB"=round(sbytes/1024/1024) |rename sparkline AS Distribution | rename vsys AS VSYS| rename src_zone AS "Src Zone" | table Application VSYS "Src Zone" "Vol in MB" Distribution
diff --git a/default/searchbnf.conf b/default/searchbnf.conf
index 3cfd5f4d..88373c09 100644
--- a/default/searchbnf.conf
+++ b/default/searchbnf.conf
@@ -16,7 +16,7 @@ tags = pan
 [panupdate-command]
 syntax = panupdate device=<Panorama IP> devicegroup=<group to be updated>
 shortdesc = Adds Dynamic Address objects and maps users to those objects
-description = The command take user-id and IP addresses and inputs the Panorama and individual firewall configurations with those IP addresses. The command expects two fields, addrip and addruser. Use the rename command if your userid and ip fields have different labels.  It may take up to a minute for the changes to take effect in the Panorama and PAN devices.  The credentials for Panorama must be set using the Splunk for PaloAlto Network app's setup page.  The devicegroup must exist in the Panorama prior to execution of the command Debugging and other output is here: $SPLUNK_HOME/var/log/splunk/python.log
+description = The command takes user-id and IP addresses and inputs the Panorama and individual firewall configurations with those IP addresses. The command expects two fields, addrip and addruser. Use the rename command if your userid and ip fields have different labels.  It may take up to a minute for the changes to take effect in the Panorama and PAN devices.  The credentials for Panorama must be set using the Splunk for PaloAlto Network app's setup page.  The devicegroup must exist in the Panorama prior to execution of the command Debugging and other output is here: $SPLUNK_HOME/var/log/splunk/python.log
 example1 = index=main sourcetype=radius | panupdate device="192.168.4.211" devicegroup="homedev" 
 comment1 = Search for all RADIUS logs and update the Panorama's homedev devicegroup with the user-id and IP's. 
 example2 = index=main sourcetype=authlog | rename user AS addruser | rename src_ip AS addrip | panupdate device="192.168.4.211" devicegroup="hotel-lobby"
diff --git a/default/transforms.conf b/default/transforms.conf
index c0192b12..ce819214 100755
--- a/default/transforms.conf
+++ b/default/transforms.conf
@@ -8,11 +8,6 @@ DEST_KEY = MetaData:Sourcetype
 REGEX = ([^,]+,[^,]+,[^,]+,THREAT,)
 FORMAT = sourcetype::pan_threat
 
-[pan_threat-2050]
-DEST_KEY = MetaData:Sourcetype
-REGEX = (^[a-zA-Z]+\s+[\w\s\d:.]+,[\w]+,THREAT,)
-FORMAT = sourcetype::pan_threat-2050
-
 [pan_traffic]
 DEST_KEY = MetaData:Sourcetype
 REGEX = ([^,]+,[^,]+,[^,]+,TRAFFIC,)
@@ -44,7 +39,7 @@ FIELDS = "future_use1","receive_time","serial_number","type","log_subtype","futu
 
 [extract_config] 
 DELIMS = ","
-FIELDS = "future_use1","receive_time","serial_number","type","log_subtype","future_use2","future_use3","host","virtual_system","command","admin","client","result","configuration_path","sequence_number","action_flags" 
+FIELDS = "future_use1","receive_time","serial_number","type","log_subtype","future_use2","future_use3","client_ip","virtual_system","command","admin","client_type","result","configuration_path","sequence_number","action_flags" 
 
 [extract_system] 
 DELIMS = ","
diff --git a/static/appIcon.png b/static/appIcon.png
new file mode 100644
index 00000000..e6a02ca2
Binary files /dev/null and b/static/appIcon.png differ
diff --git a/static/appIconAlt.png b/static/appIconAlt.png
new file mode 100644
index 00000000..667e68ec
Binary files /dev/null and b/static/appIconAlt.png differ
diff --git a/static/appIconAlt_2x.png b/static/appIconAlt_2x.png
new file mode 100644
index 00000000..680fbb29
Binary files /dev/null and b/static/appIconAlt_2x.png differ
diff --git a/static/appIcon_2x.png b/static/appIcon_2x.png
new file mode 100644
index 00000000..eb94442c
Binary files /dev/null and b/static/appIcon_2x.png differ
diff --git a/static/appLogo.png b/static/appLogo.png
new file mode 100644
index 00000000..51d8fab6
Binary files /dev/null and b/static/appLogo.png differ
diff --git a/static/appLogo_2x.png b/static/appLogo_2x.png
new file mode 100644
index 00000000..14b73f49
Binary files /dev/null and b/static/appLogo_2x.png differ