thank you very much again

I will test and let you know ASAP.

One question(confirmation) before:
The second condition does not have a "match" (alias condition), because is the last on list ?
and if the first fires - it logically does not count ?

best regards
Altin

The second condition fires if the first one doesn't. Also, please respond in the comments of the answer (I moved your first response and now I am moving this one). Don't post your response as an answer.

thank you very much for the quick answer Rjthibod

meanwhile it took me some time to try, but I couldn't make it work.
I have an empty new tab (about:blank) in both case database drop-down is selected or * by default value.

I am inserting below the Database drop-down code:

<input type="dropdown" token="field_db_name">
      <label>Database</label>
      <prefix>"</prefix>
      <suffix>"</suffix>
      <default>*</default>
      <fieldForLabel>DB_NAME</fieldForLabel>
      <fieldForValue>DB_NAME</fieldForValue>
      <search>
        <query>`mc_vln` | DEDUP DB_NAME | FIELDS DB_NAME</query>
        <earliest>0</earliest>
        <latest></latest>
      </search>
      <change>
        <set token="db_name_no_quotes">$value$</set>
        <unset token="form.field_scan_run_id"></unset>
      </change>
    </input>

And also my dashboard - as I did apply the match function solution:

<panel>
      <title>Health by Severity</title>
      <chart>
        <search>
          <query>`mc_vln` 
| search DB_NAME=$field_db_name$ 
| stats
earliest(_time) as SCAN_DT_START
count(eval(SEVERITY_ID=1 AND CTRL_FIND_ID=0)) as High_Correct,
count(eval(SEVERITY_ID=1 AND CTRL_FIND_ID=1)) as High_Finding,
count(eval(SEVERITY_ID=2 AND CTRL_FIND_ID=0)) as Medium_Correct,
count(eval(SEVERITY_ID=2 AND CTRL_FIND_ID=1)) as Medium_Finding,
count(eval(SEVERITY_ID=3 AND CTRL_FIND_ID=0)) as Low_Correct,
count(eval(SEVERITY_ID=3 AND CTRL_FIND_ID=1)) as Low_Finding
by SCAN_ID
| eval HRT_High   = round(100 * High_Correct / (High_Correct+High_Finding), 2) 
| eval HRT_Medium = round(100 * Medium_Correct / (Medium_Correct+Medium_Finding), 2) 
| eval HRT_Low    = round(100 * Low_Correct / (Low_Correct+Low_Finding), 2) 
| table SCAN_DT_START SCAN_ID HRT_High HRT_Medium HRT_Low
| sort SCAN_DT_START 
| fields - SCAN_DT_START
| rename SCAN_ID as "Scan Id" HRT_High as High HRT_Medium as Medium HRT_Low as Low</query>
          <earliest>$field1.earliest$</earliest>
          <latest>$field1.latest$</latest>
        </search>
        <option name="charting.axisTitleX.visibility">collapsed</option>
        <option name="charting.chart">line</option>
        <option name="charting.legend.labels">["High","Medium","Low"]</option>
        <option name="charting.legend.placement">right</option>
        <option name="charting.seriesColors">[0xFA4343,0xFFA042,0x00579F]</option>
        <option name="charting.legend.masterLegend"></option>

              <drilldown target="blank">

               <condition match="isnull('field_db_name')">
                 <link>scan_data?form.field_db_name=$db_name_no_quotes$&amp;form.field_scan_id=$row.Scan Id$&amp;form.field_severity_name=$click.name2$</link>
               </condition>

               <condition match="isnotnull('field_db_name')">
                 <link>
                   <link>scan_compare_02?form.field_db_name=$db_name_no_quotes$&amp;form.field_scan_run_id=$row.Scan Id$</link>
                 </link>
               </condition>

             </drilldown>

      </chart>
    </panel>

If I renounce conditioning - ie. use only drill-down to scan_data form whenever the database is selected or not - everything is OK. I do reach the scan_data form with correct variables in the URL.

Clarification
the db_name_no_quotes token is used and set inside the field_db_name declaration to have it without quotes in the drill URL

May be I have missed something from your idea during my setup ?

thank you very much
best regards
Altin

I am sorry, but I misunderstood what you needed based on your original post. Try this instead.

<drilldown target="blank">
  <condition match="&quot;'field_db_name'&quot; == &quot;*&quot;">
    <link>
      <![CDATA[
        scan_data?form.field_db_name=*&form.field_scan_id=$row.Scan Id$&form.field_severity_name=$click.name2$
      ]]>
    </link>
  </condition>
  <condition>
    <link>
      <![CDATA[
        scan_compare_02?form.field_db_name=$db_name_no_quotes$&form.field_scan_run_id=$row.Scan Id$
      ]]>
    </link>
  </condition>
</drilldown>

I tested,

but it always gets to the second condition whenever input field_db_name is set or no.

can you help?

thanks and regards
Altin

Sorry, missed something. Try this.

 <drilldown target="blank">
   <condition match="'field_db_name' == &quot;*&quot;">
     <link>
       <![CDATA[
         scan_data?form.field_db_name=*&form.field_scan_id=$row.Scan Id$&form.field_severity_name=$click.name2$
       ]]>
     </link>
   </condition>
   <condition>
     <link>
       <![CDATA[
         scan_compare_02?form.field_db_name=$db_name_no_quotes$&form.field_scan_run_id=$row.Scan Id$
       ]]>
     </link>
   </condition>
 </drilldown>

sorry, but it still goes only to the second choice scan_compare_02.

I can paste the whole code if you need. or at least until this dashboard.

thank you very much
Altin

I did fixed it by replacing the field_db_name input with the un-quoted one:

<condition match="'db_name_no_quotes' == &quot;*&quot;">

this made the switching of forms!

I would be curious to see how this would work with the original input token - field_db_name

thank you very much for your help,
best regards
Altin