The way to filter time the way you’re describing is by putting it directly in your SPL instead of using the time picker using earliest and latest
For example:
index=ndx sourcetype=srctp ((earliest=-24d latest=-20d) OR (earliest=-10d latest=-6d)
| <rest of SPL>
from User warren – Stack Overflow https://stackoverflow.com/questions/70258679/splunk-enterprise-exclude-certain-time-ranges-for-a-bigger-time-range/70260840#70260840
via IFTTT