https://community.splunk.com/t5/Splunk-Search/Search-query-to-retrive-host-upon-selection/m-p/257156#M76996 <P>If you are able to search events like <CODE>index=yourIndex sourcetype=yourScourcetype "11.2" (host=host1 OR host=host2)</CODE> to return all events of version 11.2 for hosts host1 or host2 then follow the below approach and ensure you have following points covered: </P> <OL> <LI>Take a note of the token for your dropdown, I will call it <CODE>tok_dropdown_version</CODE></LI> <LI>Take a note of the token for your multiselect, I will call it <CODE>myToken</CODE></LI> <LI><A href="https://answers.splunk.com/answers/482462/multi-select-parameter-on-a-dashboard.html#answer-482465">Take a note of this answer on multiselect</A> which tells you how to form a query of type (field1=value1 OR field1=value2) which in your case will be <CODE>host=host1 OR host=host2 and so on</CODE> (however many values will be selected from multiselect).</LI> </OL> <P>With these three as arsenal then your final query shall be like</P> <PRE><CODE>index=yourIndex sourcetype=yourSourcetype $tok_dropdown_version$ ($myToken$) </CODE></PRE> Mon, 30 Jan 2017 06:44:44 GMT gokadroid 2017-01-30T06:44:44Z https://community.splunk.com/t5/Splunk-Search/Search-query-to-retrive-host-upon-selection/m-p/257155#M76995 <P>Hi,</P> <P>I have 2 versions with multiple hosts containing dev and stg environment<BR /> version1 is 7.2 with host1, host2,... host10(5 dev &amp; 5 stg hosts)<BR /> version2 is 8.1 with host1, host2,....host10(3 dev &amp; 7 stg hosts)</P> <P>I have created dropdown for version(11.2,12.1) and multiselect for enviornment(dev,stg) .<BR /> What will be the search query to retrieve host based on selection (for ex :- version1 and stg env )</P> Sun, 29 Jan 2017 22:17:40 GMT https://community.splunk.com/t5/Splunk-Search/Search-query-to-retrive-host-upon-selection/m-p/257155#M76995 imthesplunker 2017-01-29T22:17:40Z https://community.splunk.com/t5/Splunk-Search/Search-query-to-retrive-host-upon-selection/m-p/257156#M76996 <P>If you are able to search events like <CODE>index=yourIndex sourcetype=yourScourcetype "11.2" (host=host1 OR host=host2)</CODE> to return all events of version 11.2 for hosts host1 or host2 then follow the below approach and ensure you have following points covered: </P> <OL> <LI>Take a note of the token for your dropdown, I will call it <CODE>tok_dropdown_version</CODE></LI> <LI>Take a note of the token for your multiselect, I will call it <CODE>myToken</CODE></LI> <LI><A href="https://answers.splunk.com/answers/482462/multi-select-parameter-on-a-dashboard.html#answer-482465">Take a note of this answer on multiselect</A> which tells you how to form a query of type (field1=value1 OR field1=value2) which in your case will be <CODE>host=host1 OR host=host2 and so on</CODE> (however many values will be selected from multiselect).</LI> </OL> <P>With these three as arsenal then your final query shall be like</P> <PRE><CODE>index=yourIndex sourcetype=yourSourcetype $tok_dropdown_version$ ($myToken$) </CODE></PRE> Mon, 30 Jan 2017 06:44:44 GMT https://community.splunk.com/t5/Splunk-Search/Search-query-to-retrive-host-upon-selection/m-p/257156#M76996 gokadroid 2017-01-30T06:44:44Z https://community.splunk.com/t5/Splunk-Search/Search-query-to-retrive-host-upon-selection/m-p/257157#M76997 <P>This helped me .thanks</P> Mon, 30 Jan 2017 19:28:28 GMT https://community.splunk.com/t5/Splunk-Search/Search-query-to-retrive-host-upon-selection/m-p/257157#M76997 imthesplunker 2017-01-30T19:28:28Z