@dude49, You would need a field or value that gives you the hire/ start date and then format and eval the value to look for the last 30 days. Something like the below: |eval StartDay=strftime(hire_date, "%d") |eval curDay=strftime(now(),"%d") |eval window =(curDay - StarttDay) |where (window < 30)   Reference:  https://docs.splunk.com/Documentation/SCS/current/SearchReference/DateandTimeFunctions ... View more

Red Hat 8.10 or 9.2 are not support as of yet, however you can try an install based on the older kernel version "4.18.0-477.27.1.el8_8.x86_64" that is supported. I have had some luck before by using the older kernel with an updated system but know that its not supported.  **There may be some bugs that haven't been tested yet by doing this but it will allow you to install. ... View more

Hi nyoung, Many thanks for dealing with my problem so much. I ran the search string you've written: " | metadata type=sources index=sambaresultindex | search source=*GDSNightlyStagingSIT_* " but it didn't retrieve anything. Then I removed the SIT_ suffix to check if installation results files are retrieved. They were also not retrieved. Then I changed index to newsambalogindex and tried again with this search string (to check if installation log files are retrieved): " | metadata type=sources index=newsambalogindex | search source=*GDSNightlyStaging* " This search retrieved all installation log files but the test result files didn't appear again. Then I tried to retrieve only the test result files: " | metadata type=sources index=newsambalogindex | search source=*GDSNightlyStagingSIT_* " and this also didn't retrieve anything - of course. What do I do wrong? ... View more

In my recent case, i just used the simpe evals and took when they entered work to when they left work,so (last - first). |eval time=strftime(_time,"%c"), date=strftime(_time,"%x") |streamstats earliest(_time) as "first" latest(_time) as "last" by date |eval total=(last-first) |eval hours=round(toatl/3600/2 |stats max(hours) by date "Full Name" ... View more