Hi,

I am trying to change the EPOCH value in search having where clause in datamodel using variable but not working  so please help as i have tried different options but didn't work.

from datamodel=Qualys_prod_ext.Qualys_prod where (nodename = Qualys_prod) Qualys_prod.QID=* Qualys_prod.IP=* Qualys_prod.owner="SRE-DIS-ECO-FEA" Qualys_prod.managed=* Qualys_prod.sev="*" Qualys_prod.LAST_FOUND_DATETIME_EPOCH <1600411282 AND Qualys_prod.LAST_FOUND_DATETIME_EPOCH > 1596808800 groupby Qualys_prod.IP, Qualys_prod.signature, Qualys_prod.owner, Qualys_prod.QID, Qualys_prod.CVSS_CUSTOM, Qualys_prod.FIRST_FOUND_DATETIME|search Qualys_prod.STATUS=* NOT Qualys_prod.STATUS=FIXED

so want to change from Qualys_prod.LAST_FOUND_DATETIME_EPOCH < 1600411282 to Qualys_prod.LAST_FOUND_DATETIME_EPOCH < epochtime variable but having where clause error. I have defined the variable like

| eval epochtime=now()

but didn't help