**I want to preface with the fact that I am a total noob at Splunk, so please bear with me.**

I am trying to make a dashboard that shows the on-call for each organization/team. It lists their name, contact info, the start of when they are on call, and the end of when they are on call.

**Ex of what it should look like:**
(Select org(s): abc )

| org       | team       | username | OnCallStart                                 | OnCallEnd                                     |
| -------- | -------- ---| ------------- | ------------------------------------ | ------------------------------------ |
| abc      | aa-team | bob2           | 2023-05-01T08:00:00-7:00 | 2023-05-02T08:00:00-7:00 |

**The issue is (other than me not being able to figure out how to get their respective teams listed currently) is that it looks more like this:** *(ignore the dates being the exact same, just giving an idea of the format)*

| org      | team   | username | OnCallStart                                 | OnCallEnd |
| -------- | --------- | -------- ---- | -------- ----------------------------| ------------------------------------ |
| abc      |                | bob2          | 2023-05-01T08:00:00-7:00 | 2023-05-02T08:00:00-7:00 |
| 123      |               |                     | 2023-05-01T08:00:00-7:00 | 2023-05-01T08:00:00-7:00 |
|               |                |                     | 2023-05-01T08:00:00-7:00 | 2023-05-01T08:00:00-7:00 |
|               |                |                     | 2023-05-01T08:00:00-7:00 | 2023-05-01T08:00:00-7:00 |
|               |                |                     | 2023-05-01T08:00:00-7:00 | 2023-05-01T08:00:00-7:00 |
|               |                |                     | 2023-05-01T08:00:00-7:00 | 2023-05-01T08:00:00-7:00 |
|               |                |                     | 2023-05-01T08:00:00-7:00 | 2023-05-01T08:00:00-7:00 |
|               |                |                     | 2023-05-01T08:00:00-7:00 | 2023-05-01T08:00:00-7:00 |

I have a multiselect option with a submit button so that I can filter by orgs, however if for example I filtered by "abc" org, it would show bob2 but have both "abc" and "123" orgs listed.

How can I control the orgs shown when a user is a part of multiple orgs?
How can I limit the number of oncallstart and oncallend times listed to a single line that correlates to the particular org that it matches with?

I tried seeing if I could use something like | head 1
But that doesn't seem to be what I want based on this: https://docs.splunk.com/Documentation/SCS/current/SearchReference/HeadCommandOverview#How_the_head_c...

I don't know where to locate props.conf to use something like TRUNCATE, not even sure if that's what should be used in this instance or not.
https://community.splunk.com/t5/Getting-Data-In/Size-limit-for-an-event/m-p/16410

I considered limiting in the source code by using something like <option name ="count">1</option> but that just limits it to show one user per page, still listing the multiple orgs (despite filtering for a particular one) and the multiple start and end times.

Would it be some kind of query parameter?
https://docs.splunk.com/Documentation/DashApp/0.9.0/DashApp/dsOpt