Something like the following should work:
index=ndx sourcetype=srctp ip=*
| stats min(_time) as early by ip
| where early>strptime("10/01/2022","%m/%d/%Y")
from User warren – Stack Overflow https://stackoverflow.com/questions/74533136/splunk-find-new-values-that-only-appear-after-a-certain-date/74535545#74535545
via IFTTT