Hi,

I am having an issue when using multiple time range tokens in the search string.

I have built a dashboard that lets the user select a publisher and the date range over which documents were published.

I have used another time range picker so the user can see the 'Views' of those documents over a selected time period.

Everything works fine unless 'All time' is selected. I get the following error.

"Error in 'search' command: Unable to parse the search: Comparator '=' has an invalid term on the left hand side."

The search string is below.

  <query>index=userdoc 
| search cs_username="INT*" [| search earliest=$pubtime1.earliest$ latest=$pubtime1.latest$ index=userpubdoc | search cs_username=$Pub1token$ publicationId=$PubID1$ | fields publicationId] 
| fillnull value="0" 
| stats sum(count) AS "Client Views" dc(cs_username) AS "Client Users" by publicationId
| fillnull value="0" "Client Views" "Client Users"
| lookup PubDocs2.csv publicationId OUTPUTNEW DocTitle DocType
| table publicationId DocTitle DocType "Client Views" "Client Users"
| eval DocTitle=urldecode(DocTitle)
| eval DocType=urldecode(DocType)</query>
<earliest>$viewtime1.earliest$</earliest>
<latest>$viewtime1.latest$</latest>

Is it possible to use time range tokens this way?

The error occurs when the first time range picker is set to "All Time"

earliest=$pubtime1.earliest$ latest=$pubtime1.latest$

After looking at the job inspector the search string is populated with the below when 'All Time' is selected.

earliest=0 latest=

Is there any way around this?

Hope you can help!

Dan