@michael_valenzuela

You can achieve this using javascript. Check below XML and code. Here you have to write additional search which provides the suspicious Accounts. Check id=suspiciousAccountsSearch in XML. Which will be used for setting up default value of multi select.

XML

<form script="status_dashboard.js">
  <search id="suspiciousAccountsSearch">
    <query>| makeresults count=5 | eval a=2 | accum a | eval user="user".a | table user</query>
    </search>
  <label>Default Multi Select</label>
  <fieldset submitButton="false">
    <input type="multiselect" token="AccountsDropdown" id="AccountsDropdown">
      <label>field1</label>
      <fieldForLabel>user</fieldForLabel>
      <fieldForValue>user</fieldForValue>
      <search>
        <query>| makeresults count=10 | eval a=1 | accum a | eval user="user".a</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <delimiter> </delimiter>
    </input>
  </fieldset>
</form>

Javascript

var deps = [
     "splunkjs/ready!"
 ];
 require(deps, function(mvc) {

     var idSelectIndex = mvc.Components.get('AccountsDropdown');
     var allValues = [];

     var idSearchSelectIndex = mvc.Components.get("suspiciousAccountsSearch");
     var idSearchSelectIndex_results = idSearchSelectIndex.data("preview");
     idSearchSelectIndex_results.on("data", function() {

          $.each(idSearchSelectIndex_results.data().rows, function( index, value ) {
            console.log(index, value)
             allValues.push(value[0]);

         });
         idSelectIndex.settings.set("default",allValues);
         // idSelectIndex.render();
      });
 });

Thanks