The answer provided by aweitzman worked perfectly:


index=batch [| gentimes start=-1 | eval newField=... | table newField]


(If you want to post the answer I can mark it as solved)

So I figured it out. I didn't have the token linked to a fieldset element!

Does the query works if you change the value in the input dropdown? Also, can you try by adding autoRun=True in the

I know the token is received in my dashboard because it is visible via http GET (?form.cn=2015-Feb). I do not have a submitButton, however I do have a input dropdown that has searchWhenChanged=true. Is it maybe the fact that I use the token within a for my chart?

Did you verify if the token $cn$ is receiving values? Also, if your panels have autoRun=true or you have a Submit button? The message 'Waiting for input' does suggest that the tokens are not resolved.

Doesn't seem to change anything, no 😞

Does putting quotes around it help?

...(strptime("$cn$"+"01",...

I manage to make this work when I have a hard coded value in the strptime function. However it does not work when I try and do the following :

index=batch AND [ search index=batch | eval partName=lower(strftime(strptime($cn$+"01","%Y-%b%d"),"regular"+"%b%y")) | table partName]

$cn$ being the value sent from another dashboard. The dashboard hangs on "Waiting for Input"

This syntax does work fine. (Try below runanywhere sample)

|gentimes start=-1 |  eval newField = lower(strftime(strptime("2014-oct" + "01","%Y-%b%d"),"regular"+"%b%y")) | table newField

I guess the problem is with "search newField". This is like searching for string 'newField' in raw events and raw events doesn't have this field so no rows are returned. You should change this to "search newField=*" OR "where isnotnull(newField)"