Hi, 

I have onboarded data via DBConnect through Rising Column for which we have configured the Risinig Column value as RS_LAST_MAINTENANCE_TIMESTAMP which is the default Time field. But in the dashboard we have filtering the month wise apps count based on APPLICATION_CRT_DT which has no timestamp. Issue is if we search data for last 7 days, Jan month data is also populating as that particular app is created on Jan month and updating values in last 7 days.

so, written "where" condition like below which is not working in all cases(working only when searching since "date",applying epoc time for the below where condition and getting accurate results, but when searching for last 7 days or 24 hrs or all time, that parameter is passing as -7d@d and getting error as invalid). Kindly help on this

<input type="time" token="datefield"

<default>

<earliest>0</earliest>

<latest>now</latest>

<row>

<table>

<search>

<query>index=* source=tablename
|eval Total_Apps=if(match('Type',"NTB"),"1","0")

|eval Date=strptime(APPLICATION_CRT_DT,"%Y-%m-%d %H:%M:%S")

|where Date&gt;=$datefield.earliest$ OR Date&tl;=$datefield.latest$
|eval Mon-Year=strftime(strptime(APPLICATION_CRT_DT,"%Y-%m-%d %H:%M:%S"),%b-%Y)

|stats sum(Total_Apps) as "Total Apps" by Mon-Year