Hello,

Is it possible to populate drop down in Dashboard with eval values. I have a query as given below which returns me a string.

index=test sourcetype="testabc"
| rename sre_job_id as JOB_ID
| stats earliest(_time) AS Earliest by JOB_ID
| eval FirstEvent=strftime(Earliest,"%b %d, %Y %H:%M:%S")
| eval JOB_ID_STR=tostring(JOB_ID)
| eval JOB-ID-WITH-TIME=JOB_ID + "-" + FirstEvent
| table JOB-ID-WITH-TIME
| dedup JOB-ID-WITH-TIME
| sort JOB-ID-WITH-TIME

When I run this search with time as "Last 7 days", I get 3 records back.

But when I use the same query in my drop-down in dashboard, I do not see any data. Below is the xml for the same:

<input type="dropdown" token="jobIDII" searchWhenChanged="true">
<label>JOB ID II</label>
<fieldForLabel>sre_job_id</fieldForLabel>
<fieldForValue>sre_job_id</fieldForValue>
<search>
<query>index=test sourcetype="testabc"
| rename sre_job_id as JOB_ID
| stats earliest(_time) AS Earliest by JOB_ID
| eval FirstEvent=strftime(Earliest,"%b %d, %Y %H:%M:%S")
| eval JOB_ID_STR=tostring(JOB_ID)
| eval JOB-ID-WITH-TIME=JOB_ID + "-" + FirstEvent
| table JOB-ID-WITH-TIME
| dedup JOB-ID-WITH-TIME
| sort JOB-ID-WITH-TIME</query>
<earliest>$timeToken.earliest$</earliest>
<latest>$timeToken.latest$</latest>
</search>
</input>

NOTE: timeToken is the token for DURATION.

I also have a time input to filter the data for the above query in my dashboard. Please see the picture below:

screenshot

If you see above, JOB ID II is not populating any data and I cannot select anything from here.

Thanks for your time in advance.