I have a question.
Can I use splunk's time picker in a calculation?

Now he always searches for 30 days
|eval minPercentage=round((duration/2592000)*100,1)

I would like to replace 2592000.1 with month to date and 1 with last month.

index=onboarding sourcetype="ping:output"
| xmlkv
| search succeed_count=* description=""
| transaction ip_adress startswith=succeed_count=1
|search eventcount!=1
| eval Notification=case(duration>=14400,"Not available for more than 4 hours",1=1,"Sign up")
|search Notification!= "Sign up"
|eval duration=duration-14400
| append [| makeresults |eval duration="0" ]
|stats sum(duration) as duration
|eval minPercentage=round((duration/2592000*)*100,1)
|eval percentage=100-minPercentage
|fields percentage