has anyone successfully created a query for a certain timeframe (e.g. the last 3 hours, 3 days, ...) using the API?
My first try was to define a query expression like "SELECT sourceIP, startTime from events where sourceIP like '192.168.0.%' and startTime >= 1"
There are at least two issues here:
1. the startTime works with unix time stamps (not the best solution)
2. a dynamic timeframe is not possible, e.g. I'd like to have every API call return events for the last 3 hours
I also tried to use the time parameters for the api_client.create_search(query_expression, id, time_x, time_y) but it didn't work either.
In addition, every API call returned only results for the last 60s - which is the default timeframe for this API call.
Any suggestions or solutions from your side?