We have logs from multiple region, but only want to report those between respective regions working hours. Created following query which works fine when putting an absolute number, but doesn't filter by variables.       index=ovpm sourcetype=ovpm_global | search "Service Name" = "WSB EXPRESS" | eval region = case(substr(SYSTEMNAME, 1, 2) == "my", "AP", substr(SYSTEMNAME, 1, 2) == "cz", "EU", substr(SYSTEMNAME, 1, 2) == "us", "AM", true(), "Other") | eval regionStartHour = tonumber(case(substr(SYSTEMNAME, 1, 2) == "my", 0, substr(SYSTEMNAME, 1, 2) == "cz", 8, substr(SYSTEMNAME, 1, 2) == "us", 16, true(), 0)) | eval regionEndHour = tonumber(case(substr(SYSTEMNAME, 1, 2) == "my", 8, substr(SYSTEMNAME, 1, 2) == "cz", 16, substr(SYSTEMNAME, 1, 2) == "us", 24, true(), 0)) | eval hr = strftime(_time, "%H") | search hr>=regionStartHour AND hr<=regionEndHour         ... View more