I have a graph that displays an average value per day over a week as columns. When clicking a specific column a line chart displays how this value averaged over that day. The value passed from the per day-average chart is the date that is clicked and it is then input as a token (in this case "Aug 10, 2015") in the following query:

...  date_mday=[ search index=os | eval theDay=substr("Aug 10, 2015", 4, 3) | return $theDay ] date_month=[search index=os | eval theMonth=case(substr("Aug 10, 2015", 1, 3) LIKE "%Jan%", "january", substr("Aug 10, 2015", 1, 3) LIKE "%Feb%", "febuary", substr("Aug 10, 2015", 1, 3) LIKE "%Mar%", "march", substr("Aug 10, 2015", 1, 3) LIKE "%Apr%", "april", substr("Aug 10, 2015", 1, 3) LIKE "%May%", "may", substr("Aug 10, 2015", 1, 3) LIKE "%Jun%", "june", substr("Aug 10, 2015", 1, 3) LIKE "%Jul%", "july", substr("Aug 10, 2015", 1, 3) LIKE "%Aug%", "august", substr("Aug 10, 2015", 1, 3) LIKE "%Sep%", "september", substr("Aug 10, 2015", 1, 3) LIKE "%Oct%", "october", substr("Aug 10, 2015", 1, 3) LIKE "%Nov%", "november", substr("Aug 10, 2015", 1, 3) LIKE "%Dec%", "december") | return $theMonth ] date_year=[ search index=os | eval theYear=substr("Aug 10, 2015", 8, 5) | return $theYear ] ...

As you can see the query evaluates the day and "converts" it to date numbers that are possible to use the search with. This works but of takes A LOT of time to execute, using a subsearch as an excuse to evaluate a "local" token is ugly and of course very time consuming. Is there any other way of doing this, either by adjusting the query or using a completely different method?

I should mention that installing any additional apps etcetera is for various reasons not an option, the solution needs to applicable with a vanilla Splunk instance. I also do not want to change the dateformat as I want to keep it as "human readable" as possible (lol).

Tricky!