I think I have been asking this question wrong. I have a need to generate an alert and send an e-mail if a new entry hits the database. I am finding this to be difficult for me as I am a novice to Splunk. I can tell you I have tried "earliest=-1h latest=now" but that only seems to go by the Splunk time stamp and that won't work for me, I need it to work with the "create_date" column in the DB. Or is there a better way of doing this?