I have a field which gives when a particular event started. Depending on time period selected in dashboard , i want to fetch all records past that time period selected in time picker input of the dashboard.   Problem is if time input is relative like "today" /"Yesterday" choice 1 below works and i get results. When time selected as input is explicit like "10/02/2025"  ,choice 2 works and i get results.  Relative time logic : |where timestamp2 >= relative_time(now(), "$field1.earliest$") Explicit time logic : |where timestamp2 >= tonumber("$field1.earliest$")   How to enhance this ,so that irrespective of input ,will get results. Something like below does not work :   | eval earliest_time=if(isnum("$field1.earliest$"), tonumber("$field1.earliest$"), relative_time(now(), "$field1.earliest$")) | where  timestamp2 >= earliest_time   ... View more

I have a lookup file . It has 2 columns : Service and Entity and 500+ rows. Service has 34 unique values and Entity has 164.  I have a dashboard where for search i want to use values from this lookup as input to search criteria. I have following logic .I get the dropdown values for "service" without any issues but not for "entity" when it's same lookup file ,same logic.   Any ideas ? Snippet : <input type="dropdown" token="Service" searchWhenChanged="true"> <label>Service</label> <search> <query> |inputlookup metadata.csv | dedup service | stats dc(service) by service </query> </search> <choice value="*">*</choice> <default>*</default> <initialValue>*</initialValue> </input> <input type="dropdown" token="Entity" searchWhenChanged="true"> <label>Entity</label> <search> <query> |inputlookup metadata.csv | dedup entity | stats dc(entity) by entity </query> </search> <choice value="*">*</choice> <default>*</default> <initialValue>*</initialValue> </input>   ... View more