Hello @ITWhisperer ,

   I would like to pass based search to panels in dashboard

<search id="base_search_1">
<query>
index=$siteid$ sourcetype=log*  values IN (Ax01, Ms09)
.....
| table *
</query>
<earliest>$time_token.earliest$</earliest>
<latest>$time_token.latest$</latest>
</search>
<search id="base_search_2">
<query>
index=$siteid$ sourcetype=log* Values IN (*)
.....
| table *
</query>
<earliest>$time_token.earliest$</earliest>

I need to pass base_search_1 when a inut drodpown is selected with "All", when other values are selected in the input dropdown, it need to pass base_search_2 to the panel in dashboard.

thanks!
<latest>$time_token.latest$</latest>
</search>

the reason why i choose this is, Actually we are having a input dropdown field which may be empty at some time also we are filtering only head 10000 records as per need, So when the input dropdown field is selected with "All" values, we don't have any issues either the field can be with values or can be empty but when the inputdropdown field is having spome field values to be filtered then empty field should not be giving proper results, so instead of head 10000, we need to filter non empty values of 10k, rather than head 10k, also please suggest other possible efiicient way to do this.

thanks!

Hello @ITWhisperer ,

    Hope i have added more information, please let me know if i need to add any other info.


Actual need is, I'm having a field where sometimes i will get empty value, When i'm selecting All in input drodown the values can be anything, it can be empty as well but when we choose any specific value in input drodown, we don't need to consider empty values, so I planned to create 2 base searches, one is when we choose all in input drodown, other is when we choose any values apart from All in input drodown, Since when we are choosing any other values in input drodown,  we can use

| where isnotnull(field_name)
| head 10000

which is not needed when we are selecting all in inputdrodown, since the data volume is huge .

thanks!

thanks!