Splunk dashboard: We have a dropdown with 2 possible values, option1 and option2.
Based on what user selects, (
option1: "A" or "B" ) gets added to both base-query and query OR 
option2: ("X" or "Y") gets added to both base-query and query. 

1. If user selects "option1", query is

<search id="base_query">

<query>index=logs sourcetype=ci "Shipping Finished" ("A" OR "B") ...</query>

<search base="base_query">

<query> | join some_field [ search index=logs sourcetype=ci | search ("A" OR "B") AND "Received complete status"

2. If user selects "option2", query is:

<search id="base_query">

<query>index=logs sourcetype=ci "Shipping Finished" ("X" OR "Y") ... </query>

<search base="base_query">

<query> | join some_field [ search index=logs sourcetype=ci | search ("X" OR "Y") AND "Received complete status"