Thanks for your immediate reply.................

in $filter they are using conditions like itime>= and itime<=......

select distinct split_part(split_part(cp.msg, 'src=',1),',',1),split_part(split_part(cp.msg, 'user=''',2),',',1) as user ,am.itime,am.dtime,am.url from "FGT60B3908669009-wlog-1380091698" am join "SYSLOG-C0A80A41-glog-1380347892" cp on cast(am.src...

Hi Friends,

replace('$filter', 'itime', 'am.itime')

Can any one help with replace command?

This statement is not getting replaced.

Thanks

Shobana