Splunk dashboard: We have a dropdown with 2 possible values, option1 and option2. Based on what user selects, ( option1: "A" or "B" ) gets added to both base-query and query OR  option2: ("X" or "Y") gets added to both base-query and query.  1. If user selects "option1", query is <search id="base_query"> <query>index=logs sourcetype=ci "Shipping Finished" ("A" OR "B") ...</query> <search base="base_query"> <query> | join some_field [ search index=logs sourcetype=ci | search ("A" OR "B") AND "Received complete status" 2. If user selects "option2", query is: <search id="base_query"> <query>index=logs sourcetype=ci "Shipping Finished" ("X" OR "Y") ... </query> <search base="base_query"> <query> | join some_field [ search index=logs sourcetype=ci | search ("X" OR "Y") AND "Received complete status" ... View more