Please Help !!!! I am trying to create an SPL query to count events for the past 45 days from the start date the 15th of each month, so for instance, January 15 through the past 45 days. index=okta earliest=-45d@d latest="1/15/2019:24:00:00" | stats min(_time) as lt max(_time) as ft dc(targets{}.login) as unique_user_count | convert ctime(lt) as start_time | convert ctime(ft) as end_time | table start_time,end_time,unique_user_count | append [ search index=okta earliest=-45d@d latest="12/15/2018:24:00:00" | stats min(_time) as lt max(_time) as ft dc(targets{}.login) as unique_user_count | convert ctime(lt) as start_time | convert ctime(ft) as end_time | table start_time,end_time,unique_user_count ] I'm trying to avoid hardcode latest time. earliest=-45d@d does not calculate the correct date from latest="1/15/2019:24:00:00". it's showing Dec7 instead of Dec2 start_time duplicated data from first row ... View more

Is there a way to display in table format Cron Schedule (interval), disabled status of all mi_input(s) in $SPLUNK_HOME\etc\apps\splunk_app_db_connect\local\inputs.conf ? ... View more