I'm trying to generate a list of users whose accounts will expire within 30 days of today date.

I'm trying to generate a list of users whose accounts will expire within 30 days of today date. I first download the Active Directory users to a csv lookup table using ldapsearch. Then I turn the `account expires` field into Epoch time, i run the following search commands. I can't accurately get the accounts that expire in 30 days, I tested the epoch time using a epoch time converted which tested fine. Here are the commands I've tested. |inputlookup AGSEC_Users | eval AccountExpiryEpoch=strptime(accountExpires,"%Y-%m-%dT%H:%M:%SZ") | eval DaysLeft = (now() - AccountExpiryEpoch)/86400 | where DaysLeft<=30 | table displayName, sAMAccountName, accountExpires, AccountExpiryEpoch or I've tested this |inputlookup AGSEC_Users | eval AccountExpiryEpoch=strptime(accountExpires,"%Y-%m-%dT%H:%M:%SZ") | where AccountExpiryEpoch < relative_time(now(),"-30d@d") | table displayName, sAMAccountName, accountExpires, AccountExpiryEpoch both return results but not accounts that will expire in within 30 days.