Ideally I'd like to create a dashboard query that searches an inputted time like "2017-08-01 09:29:28". The search then filters to show logs only 1 minute before and after the specified time.
I'm aware I can manually edit the Date & Time Range, but I'm looking to automate this due to frequent use.
How can I do this?
eval-based token command in your XML to create an epoch-based time token and then:
index=YouShouldAlwaysSpecifyAnIndex sourcetype=YourShourctypeHere earliest=$epoch_token$-1m latest=$epoch_token$+1m other stuff here
Look at this run-anywhere example search and pattern your design similarly:
index=_* [|makeresults | eval timetoken=now() - 600 | eval search="earliest=" . (timetoken - 60) . " latest=" . (timetoken + 60) | table search]