Hi,
im currently trying to create a rule that checks if a match was also matched in the previous days to detect anomalies but I haven't been able to define two different timeframes in which to run the rule yet.
Example: the rule runs on the last 5 days, the only events that must generate the final match are those that in the days from -5 to -1 had never happened and from -1 to now have happened. so I will exclude the events that happened both today ( -1 to now ) and in the past days ( -5 to -1 ).
Thanks in advance.
Daniele.
