You can use mvexpand to make multiple events from 1 and mvcombine to make 1 event from multiple.

I've used makeresults to be able to check my dashboard. Not exactly what you want but hopefully it wil give you a hint how to solve this.

<dashboard>
<label>Test filesize</label>
<fieldset>
<input type="dropdown" token="size_tk_from" searchWhenChanged="true">
<label>File Size from:</label>
<choice value="50000">50M</choice>
<choice value="200000">200M</choice>
<choice value="500000">500M</choice>
<choice value="1000000">1G</choice>
<choice value="2000000">2G</choice>
<fieldForLabel>size</fieldForLabel>
<fieldForValue>size</fieldForValue>
</input>
<input type="dropdown" token="size_tk_to" searchWhenChanged="true">
<label>File Size to:</label>
<choice value="50000">50M</choice>
<choice value="200000">200M</choice>
<choice value="500000">500M</choice>
<choice value="1000000">1G</choice>
<choice value="2000000">2G</choice>
<fieldForLabel>size</fieldForLabel>
<fieldForValue>size</fieldForValue>
</input>
</fieldset>
<row>
  <panel>
    <table>
      <search>
        <query>
       <![CDATA[
       | makeresults 
       | eval filesize="2G,500M,200M,50M,1G" 
       | eval filesize=replace(filesize,"50M","50000") 
       | eval filesize=replace(filesize,"200M","200000") 
       | eval filesize=replace(filesize,"500M","500000") 
       | eval filesize=replace(filesize,"1G","1000000") 
       | eval filesize=replace(filesize,"2G","2000000") 
       | makemv delim="," filesize 
       | mvexpand filesize
       | where filesize>$size_tk_from$ AND filesize<$size_tk_to$
       | table filesize 
       | sort filesize 
       | eval filesize=replace(filesize,"500000","500M") 
       | eval filesize=replace(filesize,"50000","50M") 
       | eval filesize=replace(filesize,"2000000","2G") 
       | eval filesize=replace(filesize,"200000","200M") 
       | eval filesize=replace(filesize,"1000000","1G") 
       | table filesize
      ]]>
      </query>
     <earliest>-1d@d</earliest>
     <latest>@d</latest>
    </search>
  </table>
  </panel>
</row>
</dashboard>

Thank you for your reply. I tried to use your resolution code but still not able to show the output needed. As per checking, the sizes are shown in 1 row. They are just separated by comma that's why their is "| makemv delim="," filesize" in the search string. I would like to ask if their are ways on how to sort the data from a single row?

I tried to update the search string based on your reply but it could not create search.



<input type="dropdown" token="size_tk" searchWhenChanged="true">
<label>File Size:</label>
<choice value="*">ALL</choice>
<choice value="50M">50M</choice>
<choice value="200M">200M</choice>
<choice value="500M">500M</choice>
<choice value="1G">1G</choice>
<choice value="2G">2G</choice>
<search>
<query>index=tech_filesystem
| makemv delim="," filesize
| where filesize&gt;$size_tok_from$ AND filesize&lt;$size_tok_to$
| stats count by filesize</query>
<earliest>rt-1m</earliest>
<latest>rt</latest>
</search>
<fieldForLabel>size</fieldForLabel>
<fieldForValue>size</fieldForValue>
<default>*</default>
<initialValue>*</initialValue>
</input>

Should I use eval if statement to search the file size having 50M to 199M? I attached the sample file sizes in the table filesize below. 


I want to filter the file base on the sizes available in the dropdown.