In my dashboard, I am getting the Submit_Date max and min values which are taken from the timepicker. It select the date or time range. However, when it selects last 10 days to now, it's not working. Instead of latest
now(), it's populating only
| where Submit_Date >=$timer1.earliest$ AND Submit_Date <=$timer1.latest$
@vemurisurya, Submit_Date seems to be a date field from event. Does it contain epoch time or string time?
You would need to make sure Submit_Date to epoch time, if not use
strptime() to convert to epoch time. Also, if you are using Time Picker input for earliest and latest tokens you have to make sure it returns epoch time as well?
Refer to the following answer using earliest and latest tokens from Time Picker input as epoch time: https://answers.splunk.com/answers/578984/running-one-of-two-searches-based-on-time-picker-s.html
Assuming you want to use same time range picket that you've in your dashboard, to filter events by different date fields, try like this (assuming your date fields have human-readable timestamp with format
%Y-%m-%d %H:%M:%S. If it's different, update line 2 with that)
your current search | eval filterDateEpoch=strptime('Submit_Date',"%Y-%m-%d %H:%M:%S") | addinfo | where filterDateEpoch>=info_min_time AND Submit_Date <=info_max_time | fields - info_min_time info_max_time info_search_time info_sid filterDateEpoch
The addinfo command add current search's time range (earliest and latest) as field infomintime (i.e. earliest) and infomaxtime (i.e. latest) with value in epoch format to all events. Line two will convert your date field to epoch value so that it can be compared.
Here in the problem, in my panels time fields are different i panel has SubmitDate other one Createdate other has closed_date
_time and the filed dates are different