https://community.splunk.com/t5/Splunk-Search/Search-Query-Help/m-p/682740#M233241 <P>Try filtering the results on the date_hour field.</P><LI-CODE lang="markup">index=* host=* | where date_hour&gt;=18 AND date_hour&lt;21 | eval pctCPU=if(CPU="all",100-pctIdle,Value) | timechart avg(pctCPU) AS avgCPU BY host</LI-CODE> Tue, 02 Apr 2024 13:05:32 GMT richgalloway 2024-04-02T13:05:32Z https://community.splunk.com/t5/Splunk-Search/Search-Query-Help/m-p/682736#M233238 <P><SPAN><SPAN class="">Hello, I am looking for my search results for only 6pm to 9pm over the last 90 days. How can I achieve this with the below query?</SPAN></SPAN></P> <LI-CODE lang="markup">index=* host=* | eval pctCPU=if(CPU="all",100-pctIdle,Value) | timechart avg(pctCPU) AS avgCPU BY host</LI-CODE> Tue, 02 Apr 2024 14:05:08 GMT https://community.splunk.com/t5/Splunk-Search/Search-Query-Help/m-p/682736#M233238 kc_prane 2024-04-02T14:05:08Z https://community.splunk.com/t5/Splunk-Search/Search-Query-Help/m-p/682740#M233241 <P>Try filtering the results on the date_hour field.</P><LI-CODE lang="markup">index=* host=* | where date_hour&gt;=18 AND date_hour&lt;21 | eval pctCPU=if(CPU="all",100-pctIdle,Value) | timechart avg(pctCPU) AS avgCPU BY host</LI-CODE> Tue, 02 Apr 2024 13:05:32 GMT https://community.splunk.com/t5/Splunk-Search/Search-Query-Help/m-p/682740#M233241 richgalloway 2024-04-02T13:05:32Z