Thanks for trying but neither examples work for us. here is the exact query. The idea is to use the multiselect on a dashboard to replace what is currently a static list. The example below highlights one static selection ('host'+ ":"+ 'assetGroup').

| tstats max("CPU.lpar_vp_usage") AS vp_usage max("CPU.cpu_PCT") AS pct_usage values(CPU.assetGroup) AS assetGroup values(CPU.assetAreaName) AS assetAreaName values(CPU.assetName) AS assetName values(CPU.assetColor) AS assetColor values(CPU.nodeType) AS nodeType values(CPU.nodeGroup) AS nodeGroup values(CPU.cluster) AS cluster values(CPU.awsAutoScalingGroupId) AS awsAutoScalingGroupId
from datamodel=NMON_Data_CPU
where (nodename = CPU) (CPU.type="CPU_ALL" OR CPU.type="LPAR") (host="")
by _time, host, CPU.assetGroup, CPU.assetAreaName, CPU.assetName span=1m
| search (assetGroup="prod") (assetAreaName ="") (assetName ="USA") (assetColor = "") (nodeType="") (nodeGroup="") (cluster ="") (awsAutoScalingGroupId="*")
| eval dd1='host'+ ":"+ 'assetGroup'
| stats dedup_splitvals=t max("pct_usage") AS pct_usage by _time, host, assetGroup, assetAreaName, assetName, dd1
| eval usage=if(isnum(vp_usage), vp_usage, pct_usage)
| timechart useother=f limit=0 avg(usage) AS "CPU usage" by dd1

@mschellhouse , can you try this please:

<fieldset submitButton="false">
    <input type="multiselect" token="field1">
      <label>field1</label>
      <choice value="Host">Host</choice>
      <choice value="Environment">Environment</choice>
      <choice value="Node Group">Node Group</choice>
      <delimiter>:</delimiter>
      <valuePrefix>'</valuePrefix>
      <valueSuffix>'</valueSuffix>
    </input>
  </fieldset>

if you use a regex, you might be able to do something. The regex below is saying that the input itself is input=Environment OR input=....

|makeresults|eval input="$token$"|rex field=input mode=sed "s/ OR input=/':'/g"|rex field=input mode=sed "s/input=|$/'/g"