How can i evaluate values in a result table from a query against the searches timerange?
Example:
UserID, FirstDay, LastDay, ...
xyz, 20120901, , ...
abc, 20100101, 20121031, ...
I would like to compare the timestamp in FirstDay against "earliest" and LastDay against "latest" from the search parameters.
Add |addinfo to your search and use info_min_time and info_max_time.
thanks, with that i have the epoch times, i also use
eval myfieldepoch=strptime(myfield,"%Y%m%d") and have the epoch time, when i then use
| addinfo | search myfieldepoch>=info_min_time i get no results so i am making something wrong.