SIEM & SOC fundamentals help

Continuing the discussion from SIEM & SOC fundamentals help:

User performing the action User added Group modified Action perrmed Action performed on @timestamp per week Count of records
Administrator S-1-5-21-1518138621-4282902758-752445584-1111 Administrators added-member-to-group PKI.eagle.local 2023-03-06 1

when i use this date, i have a wrong result.help me

Hello sir
Did you find this answer?

Does anyone have any answers for this question?

timestamp won’t work, you need to use the event.created filter and change the custom time range to 1 day, I think at least. Very unclear question.