Putting together a query that shows, on an individual alert level, the number of times the alert fired in a day and the average we were expecting.  Below is the query as it stands now, but I am looking for a way to only show records from today/yesterday, instead of for the past 30 days.  

Any help would be appreciated

index=_audit action="alert_fired" earliest=-30d latest=now 
| eval date=strftime(_time, "%Y-%m-%d")
| stats count AS actual_triggered_alerts by ss_name date
| eventstats avg(actual_triggered_alerts) AS average_triggered_alerts by ss_name
| eval average_triggered_alerts = round(average_triggered_alerts,0)
| eval comparison = case(
actual_triggered_alerts = average_triggered_alerts, "Average",
actual_triggered_alerts > average_triggered_alerts, "Above Average",
actual_triggered_alerts < average_triggered_alerts, "Below Average")
| search comparison!="Average"
| table date ss_name actual_triggered_alerts average_triggered_alerts
| rename date as "Date", ss_name as "Alert Name", actual_triggered_alerts as "Actual Triggered Alerts", average_triggered_alerts as "Average Triggered Alerts"