Hello, I'm creating a dashboard right now that uses a multiselect field to filter the data loaded into a table. The issue I'm having stems from the field I want to compare the multiselect values against. I'm pulling DOMAIN_NAME from the source field in the query, and I want to limit the results of the table to only logs that contain matching DOMAIN_NAMES values. Here is the query I'm using to populate the multiselect: host=hostnameindex="index" "BEA" | rex field=source "(?<LOG_DIRr>[\w\W/]+)/(?<DOMAIN_NAME>[^.]+)/(?<JVM_NAME>[^.]+)/(?<LOG_NAME>[^.]+).*" | dedup DOMAIN_NAME | stats count by DOMAIN_NAME And here is the query I'm using for the table: host=hostname index="index" "BEA" $domain_name_dropdown$ | rex field=source "(?&lt;LOG_DIRr&gt;[\w\W/]+)/(?&lt;DOMAIN_NAME&gt;[^.]+)/(?&lt;JVM_NAME&gt;[^.]+)/(?&lt;LOG_NAME&gt;[^.]+).*" I think this is because the DOMAIN_NAME values that I'm trying to search on haven't been captured yet in the search string.. So it's trying to search for DOMAIN_NAME in the logs (which is only in the source field) before doing the regex to actually pull the domain name out. To combat this I tried using a where clause after the regex. This works beautifully when I only select one value in the multiselect. However, I cannot find a way to use a single where clause with multiple values.. I even tried using the prefix/suffix/delimiter values in the multiselect to build a whole where clause for each value, but that doesn't work. Am I on the right track here or is there a better way to do this? ... View more