Hello Splunkers,  I started to use splunk uni forwarder in my job and I am kinda new to systems. My dashboard working good with standart ALL option in multiselection but when it comes to select multiple indexes from menu I've got a huge problem. My multiselect search index is: index="myindex" sourcetype="pinginfo" source="C:\\a\\b\\c\\d\\e\\f f\\g\\h\\ı-i-j\\porty*" |table source |dedup source   but when I pass  this token to reports as: $multi_token$ | eval ping_error=case( like(_raw, "%Request Timeout%"), "Request_Timeout", like(_raw, "%Destination Host Unreachable%"), "Destination_Host_Unreachable") | where isnotnull(ping_error) AND NOT like(_raw, "%x.y.z.net%") | stats count as total_errors by _time, source | timechart span=1h sum(total_errors) as total_errors by source    it creates a search string with only single backslashes but double back slashes.. source="C:\a\b\c\d\e\f f\e\g\ı-i-j\porty102" | eval ping_error=case( like(_raw, "%Request Timeout%"), "Request_Timeout", like(_raw, "%Destination Host Unreachable%"), "Destination_Host_Unreachable") | where isnotnull(ping_error) AND NOT like(_raw, "%x.y.z.net%") | stats count as total_errors by _time, source | timechart span=1h sum(total_errors) as total_errors by source   I've tried so many things but couldn't be able to solve it.  Important Note: In multiselect dropdown menu  elements are shown with their whole source adrees such as: C:\a\b\c\d\e\f f\d\e\ı-i-j\porty102 Couldn't be able to show this also. I can't change anything about splunk universal forwarders settings or the source adress because restrictions are so strict in the company. Regards ... View more