Hello Folks, I am new to splunk and try to create a search that displays me all Emails that was send 6 Weeks after a specific Date. At the moment I am lacking the knowledge how to filter the events by comparing to timestamps without losing necessary fields for the following aggregation. In pseudo SQL I would do something like that: select ROUND(COUNT(*) / 6WEEKS) FROM MAIL as mail JOIN Event as event ON event.ID = mail.ID where event.createdAt + 6WEEKS <= mail.createdAt; Basically I am interested in the number of Mails that reaches me per day 6 Weeks after an specific Meetup took place. Somebody has an idea? ... View more