Hi @to4kawa. Thank you. Sorry, I'm not explaining myself clearly. This query is part of a dashboard panel that relies on user inputs from a drop down menu with three choices. Either "2019" , "2020" or both with choice "Rolling 2019-2020".

The token used for the drop down menu input is $date$. If the user selects the "Rolling 2019-2020" choice, then the token $date$ will be "2019-Present". Based on the choice of the user as seen in the XML listed below, I need to do an eval, if "2019-Present" is the value of $date$ then date_tok will return, in this exact format, the value of '"/2019","/2020"' . I get no results from this. I'm having trouble passing through '"/2019","/2020"' to the |search OpenedOn IN(date_tok) to filter the results.

======================================================================================
Here is the xml of the input Date input:

  <input type="dropdown" token="date" searchWhenChanged="true">
    <label>Year</label>
    <choice value="2019-Present">Rolling 2019-2020</choice>
    <choice value="2019">2019</choice>
    <choice value="2020">2020</choice>
  </input>

=====================================================================================
Dashboard Panel query

...base search

| eval date=$date$
| eval date_tok=case(date=2019-Present,'"/2019","/2020"' ,date=2019,"/2019" ,date=2020,"/2020")
| eval OpenedOn=date_tok

| search "Change Type" IN("$form.changerequesttype$") OpenedOn IN(date_tok)
| bin span=1mon OpenedOn
| chart count(sys_id) as count over OpenedOn_2 by "Business Service" limit=0 | addtotals

======================================================================================

Thank you.

I see.

<form hideEdit="false">
  <label>Input dropdown test</label>
  <fieldset autoRun="true" submitButton="false">
    <input type="dropdown" token="date" searchWhenChanged="true">
      <label>Year</label>
      <choice value="2019-Present">Rolling 2019-2020</choice>
      <choice value="2019">2019</choice>
      <choice value="2020">2020</choice>
      <change>
        <condition value="2019-Present">
          <set token="tok_text_1">/2019 OR /2020</set>
        </condition>
        <condition value="2019">
          <set token="tok_text_1">2019</set>
        </condition>
        <condition>
          <set token="tok_text_1">2020</set>
        </condition>
      </change>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>Token 1: $date$ | Token 2: $tok_text_1$</title>
      <html/>
    </panel>
  </row>
</form>

this is sample dashboard. try this.
Splunk dashboard can send two tokens at same time.

I don't know whole your query. you can create dashboard.

This works beautifully! Thank you so much @to4kawa!!

Thank you for your quick response. I tried this query and it doesn't work. My issue is I need OpenedOn to equal "/2019" and "/2020" in this format ' "/2019","/2020" ' then use | search OpenedOn IN(dtok) to filter the results for all values that were created in 2019 and 2020.

...base search

| eval date=2019
| eval dtok=case(date="2019-Present", "(/2019|/2020)", date="2019", "/2019", date="2020", "/2020")
| where match(OpenedOn, dtok)
| bin span=1mon OpenedOn
| chart count(sys_id) as count over OpenedOn_2 by "Business Service" limit=0 | addtotals