I'm looking for a SimpleXML form input that allows the user to pick a point in time rather than a time range (like the default time range picker does)?
Example use case: Determining who was given an IP address given DHCP lease events. For this kind of data, the event itself represents a "time range" (start/end times of the IP address lease) and I simply want to know who (which MAC address) was assigned that IP address at a specific point in time.
For efficiency, I'll want to use the users' time selection to drive the Splunk search timeframe (probably +/- 6 hours) from the time selected. And then within the search, only keep events where where the time in question (user's input) is between the least start and end time.
Try something like this. Run anywhere sample. It basically a separate input(dropdown) for each timestamp part and the main query selects records +- 6 hours of the selected time. It also provides the selected time in epoch which you can use for further calculation, for your filter based on between start and end time
This isn't a complete answer but here are some initial thoughts:
Check out the "Dropdown Form Input Element" example in the Dashboard Examples app. It discusses populating an input dynamically based on your events. If you have some kind of time field in your events, I believe you could use it to populate choices in the input: https://splunkbase.splunk.com/app/1603/