Hi All, I was able to resolve the issue by converting the time_submitted to: strptime(time_submitted, "%m/%d/%Y %I:%M:%S %p") then using the earliest and latest value from my date time dropdown token. Afterwards, I converted it back again to a readable format using: strftime(time_submitted, "%m/%d/%Y %I:%M:%S %p"). See below working query: index=aiam_itsm_ticket_ptest_ctest_index * _raw="**" problem_mapping="" system_user="" | fillnull value="Not Defined"|eval time_submitted = strptime(time_submitted, "%m/%d/%Y %I:%M:%S %p") | eval ticket_start_time = $start_tok.earliest$ | eval ticket_end_time = $start_tok.latest$ | where (time_submitted > ticket_start_time AND time_submitted < ticket_end_time) | eval time_submitted = strftime(time_submitted, "%m/%d/%Y %I:%M:%S %p")| search ticket_source="" Tool = "$tok_asset$" Ticket_Type= "$tok_tick_type$" current_ticket_state = "$tok_status$" | table ticket_number, Reported_Date ,problem_abstract, severity, time_submitted, Last_Modified_Date,service_restored_date, owner_name, current_ticket_state, work_queue, asset_id, Tool, ticket_source,Ticket_Type, system_user, Assignee_Site_Country | rename ticket_number as "Incident Number" ,problem_abstract as "Description", time_submitted as "Time Submitted", severity as "Severity", owner_name as "Ticket Assignee", current_ticket_state as "Status", work_queue as "Assignment Queue", asset_id as "Portfolio Group", Tool as "Asset", ticket_source as "Ticket Source", system_user as "Requestor", Assignee_Site_Country as "Assigned Country", service_restored_date as "Resolved date", Last_Modified_Date as "Last Modified Date" ... View more