Hello, 

I want to simply set a Dashboard Timepicker token with milliseconds granularity with a Drilldown Search. The Result should look like: 

<query>| makeresults 
`comment("Grundzeit als String")`
| eval _time="2020-12-03T23:59:51.500"
</query>
... Drilldown
<condition field="_time">
   <eval token="form.test.earliest">strptime($row._time$,"%Y-%m-%dT%H:%M:%S.%3N") - 0.100</eval>
   <eval token="form.test.latest">strptime($row._time$,"%Y-%m-%dT%H:%M:%S.%3N") + 0.100</eval>
</condition>

This gets me 1607036390.900 - 1607036391.1 (23:59:50.900 - 23:59:51.100)

With this approach, the resulting times being set are always (000 - 100 = X.900, and 000 + 100 (X.100). The milliseconds are ignored or rather being considered 000, despite being .500 in the makeresults. 

I am fully aware that I can workaround when making the calculations in the query. What fully work is: 

<query>| makeresults 
| eval _time="2020-12-03T23:59:51.500"
| eval mytime2=strptime(_time,"%Y-%m-%dT%H:%M:%S.%3N")
| table reset, _time, mytime2
</query>
... Drilldown 
<eval token="form.test.earliest">$row.mytime2$ - 0.100</eval>
<eval token="form.test.latest">$row.mytime2$ + 0.100</eval>

This gets me 1607036391.400 - 1607036391.600 (23:59:51.400 - 23:59:51.600) which is correct. This code itself is identical. The only difference is, that strptime now is being used in the eval token instead of the query.

I've tried a lot of different things here - such as using testtime="2020-12-03T23:59:51.500" instead of _time for formatting reasons. Using %3N instead of %Q and many other things. Nothing works. It seems that strptime behaves buggy in a dashboard eval token context.

For me, this looks like a weird bug. Can anyone confirm this or help me?

Best regards,