Relative time in query

Hello 

I have a few scheduled API calls that feed into my SIEM, At the moment mostly daily. 

To avoid feeding in duplicate date each day I have been trying to figure out how to filter the query results relative to the time the query is run. 

The goal is to run something similar to this:

WHERE unix_time >= now() - 1day
 or  
WHERE epoch >= now() - 1day

I've tried following a few different examples I've found online but whenever I try using any of the date/time functions (DATEDIFF, DATEADD, DATESUB, etc) or try converting now() to an epoch (CAST, CONVERT, etc) I get:
"Get result failed error code: 400, message: Failed to get QueryResults Bad Request"

Anyone have any ideas? 

Parents Reply Children
No Data