Example:

source="D:\filepath\filepath\filepath\filepath\DebugImportHelper_7_25_2017.log"

This log file is created everyday with the current date. I want a search where is runs real time and only returns data from source that contains the current date. My current search looks like this (asterisks do not show, so $ represents where asterisks would be):

source=$"D:\filename\filename$ source=$filename\filename$ source=$clientID$ Start
| eval today=strftime(now(), "%m_%d_%Y") | where source=$today$
| eval time=strftime(round(strptime(full_Time, "%I:%M:%S %P")), "%H:%M:%S")
| eval late=if(time>"15:00:00", 1, 0)

| table Action, full_Date, full_Time, time, late, source

The "eval today=strftime(now(), "%m/%d/%Y") | where source=$today$" part returns the right date format, but the "where" does not work.