But changing Simple XML is perhaps the least complex solution, if there is an alternative one.  In fact, after reexamine your description, dashboard B probably does not need conditional token setting.  Instead, you need to separate panels to handle the two conditions, because your base search, i.e.,     index=S score>=7.0 | lookup A.csv IP Address as ip OUTPUTNEW Squad | lookup B.csv IP as ip OUTPUTNEW PIC, Email | lookup C.csv ip as ip OUTPUTNEW host_name     generally returns some events matching host_name="$hostnameToken$", some not.  (If this is not true, you can go back to setting dynamic panels.)  You need two panels in order to show all conditions. Consider this emulated dashboard:     <dashboard> <label>Search based on token</label> <description>https://community.splunk.com/t5/Splunk-Search/Condition-Function-for-seach-based-on-Token/</description> <init> <!-- set token="hostnameToken">host1</set --> </init> <row> <panel> <title>hostnameToken=$hostnameToken$</title> <html> <head> <style> table, th, td { border: 1px solid black; } </style> </head> <body> <p>Base search <pre> index=S score&gt;=7.0 | lookup A.csv IP Address as ip OUTPUTNEW Squad | lookup B.csv IP as ip OUTPUTNEW PIC, Email | lookup C.csv ip as ip OUTPUTNEW host_name </pre> </p> <p> Emulated output from (no filter) </p> <table> <tr> <th>Email</th> <th>PIC</th> <th>Squad</th> <th>host_name</th> <th>ip</th> <th>plugin</th> <th>solution</th> </tr> <tr> <td>email1@fake.com</td> <td>somePIC</td> <td>Squad1</td> <td>host1</td> <td>192.168.1.11</td> <td>PluginA</td> <td>somesolutionB</td> </tr> <tr> <td>email2@fake.com</td> <td>somePIC</td> <td>Squad1</td> <td>host2</td> <td>192.168.1.12</td> <td>PluginA</td> <td>somesolution2</td> </tr> <tr> <td>email3@fake.com</td> <td>somePIC2</td> <td>SquadB</td> <td>host1</td> <td>192.168.1.11</td> <td>PluginB</td> <td>someslutionB</td> </tr> </table> </body> </html> </panel> </row> <row> <panel> <title>search host_name = $hostnameToken$</title> <html> <pre> index=S score&gt;=7.0 | lookup A.csv IP Address as ip OUTPUTNEW Squad | lookup B.csv IP as ip OUTPUTNEW PIC, Email | lookup C.csv ip as ip OUTPUTNEW host_name | search host_name = &#36;hostnameToken&#36; | stats values(plugin) as Plugin values(solution) as Solution values(PIC) as pic values(Email) as email values(Squad) as squad by ip </pre> <p>renders into</p> <pre> index=S score&gt;=7.0 | lookup A.csv IP Address as ip OUTPUTNEW Squad | lookup B.csv IP as ip OUTPUTNEW PIC, Email | lookup C.csv ip as ip OUTPUTNEW host_name | search host_name = $hostnameToken$ | stats values(plugin) as Plugin values(solution) as Solution values(PIC) as pic values(Email) as email values(Squad) as squad by ip </pre> <p>Emulated output:</p> </html> <table> <search> <query>| makeresults | eval _raw = "dummy,host_name,ip,plugin,solution,PIC,Email,Squad ,host1,192.168.1.11,PluginA,somesolutionB,somePIC,email1@fake.com,Squad1 ,host2,192.168.1.12,PluginA,somesolution2,somePIC,email2@fake.com,Squad1 ,host1,192.168.1.11,PluginB,someslutionB,somePIC2,email3@fake.com,SquadB" | multikv forceheader=1 ``` the above emulates index=S score&gt;=7.0 | lookup A.csv IP Address as ip OUTPUTNEW Squad | lookup B.csv IP as ip OUTPUTNEW PIC, Email | lookup C.csv ip as ip OUTPUTNEW host_name ``` | search host_name="$hostnameToken$" | stats values(plugin) as Plugin values(solution) as Solution values(PIC) as pic values(Email) as email values(Squad) as squad by ip</query> <earliest>-24h@h</earliest> <latest>now</latest> </search> <option name="drilldown">none</option> </table> </panel> <panel> <title>search host_name != $hostnameToken$</title> <html> <p>Run your second search here. For example,</p> <pre> index=S score>=7.0 | lookup A.csv IP Address as ip OUTPUTNEW Squad | lookup B.csv IP as ip OUTPUTNEW PIC, Email | lookup C.csv ip as ip OUTPUTNEW host_name | search host_name="&#36;hostnameToken&#36;" OR | search host_name="" | eval hostToken="&#36;hostnameToken&#36;" | lookup CortexHostIp2.csv host_name as hostToken OUTPUTNEW ip | search ip=ip ``` what is the use of alway-true search? ``` | stats values(plugin) as Plugin values(solution) as Solution values(PIC) as pic values(Email) as emailvalues(Squad) as squad by ip </pre> <p> which renders into </p> <pre> index=S score>=7.0 | lookup A.csv IP Address as ip OUTPUTNEW Squad | lookup B.csv IP as ip OUTPUTNEW PIC, Email | lookup C.csv ip as ip OUTPUTNEW host_name | search host_name="$hostnameToken$" OR | search host_name="" | eval hostToken="$hostnameToken$" | lookup CortexHostIp2.csv host_name as hostToken OUTPUTNEW ip | search ip=ip ``` what is the use of alway-true search? ``` | stats values(plugin) as Plugin values(solution) as Solution values(PIC) as pic values(Email) as emailvalues(Squad) as squad by ip </pre> </html> </panel> </row> </dashboard>      If you query http://localhost:8000/en-US/app/search/search_based_on_token?hostnameToken=host1, the left-hand panel (IF host_name="$hostnameToken$") shows ip Plugin Solution pic email squad 192.168.1.11 PluginA PluginB someslutionB somesolutionB somePIC somePIC2 email1@fake.com email3@fake.com Squad1 SquadB But if you query http://localhost:8000/en-US/app/search/search_based_on_token?hostnameToken=host2, it shows ip Plugin Solution pic email squad 192.168.1.12 PluginA somesolution2 somePIC email2@fake.com Squad1   Then, http://localhost:8000/en-US/app/search/search_based_on_token?hostnameToken=host3 has no return in the left-hand side panel.  If you want to not run the search and hide the panel when this happens, you can set and unset conditional tokens and follow Show or hide content. ... View more