Hi
I have a table in Splunk dashboard where there is one time input that picks what gets displayed on the panel. Say I select the date 11/12/2019 with times between 7:00 am and 8:00 am. I end up with data starting from 6:00 am and it displays 0s for everything between 6:00 am to 7:00 am for some of my columns. How can I fix my code so that the time input only pulls the data that is entered in the input?

Below are the tokens being used in my source code. And they are referenced in my queries like this: index=XX sourcetype=XX earliest=$earliestTime1$ latest=$latestTime1$ . My guess is the issue is issue is coming from the first 2 tokens? But I need it where the data being displayed is exactly what is being selected from the time input. Please help. If more clarification is needed I will provide.

    <eval token="earliestTime">if(isstr(earliest), relative_time(now(),earliest), earliest)</eval>
    <eval token="latestTime">if(isstr(latest), relative_time(now(),latest), latest)</eval>
    <eval token="earliestTime1">relative_time(earliestTime,"-7d")</eval>
    <eval token="latestTime1">relative_time(latestTime,"-7d")</eval>
    <eval token="earliestTime2">relative_time(earliestTime,"-14d")</eval>
    <eval token="latestTime2">relative_time(latestTime,"-14d")</eval>
    <eval token="earliestTime3">relative_time(earliestTime,"-21d")</eval>
    <eval token="latestTime3">relative_time(latestTime,"-21d")</eval>
    <eval token="earliestTime4">relative_time(earliestTime,"-28d")</eval>
    <eval token="latestTime4">relative_time(latestTime,"-28d")</eval>