I am trying to pass a time value using a workflow action, and then use init in the dashboard to create a new time range for the search. What happens is the URL is re-written as the dashboard runs with values for my time picker that are wrong.

In the URL, I pass a value "base_time" which is the ending time of the event I'm interested in. I want the dashboard to run its searches 24 hours prior to the base and 4 hours after. So I init the values of the time picker, which is token=field2 as well as make some easy to read versions of tthe time.

 <form>
  <init>
    <eval token="form.field2.earliest">$base_time$ - 86400</eval>
    <eval token="form.field2.latest">$base_time$ + 14400</eval>
    <eval token="base_time_str">strftime($base_time$, "%m/%d/%Y %H:%M:%S")</eval>
    <eval token="earliest_str">strftime($form.field2.earliest$, "%m/%d/%Y %H:%M:%S")</eval>
    <eval token="latest_str">strftime($form.field2.latest$, "%m/%d/%Y %H:%M:%S")</eval>
 </init>

Later in the dashboard is the time picker:

    <input type="time" token="field2">
      <label></label>
  <default>
        <earliest>$form.field2.earliest$</earliest>
        <latest>$form.field2.latest$</latest>
      </default>
    </input>

It doesn't work; what seems to happen is the URL gets re-written with the variable names, not the actual time values.

If this is important, it's being called from a Enterprise Security notable event.