I'm planning to write a detection rule to monitor a log source. I want to be notified when the log feed stops and no logs are being received

!--scriptorstartfragment-->

  events:

    $e.metadata.vendor_name = string

    $e.metadata.event_timestamp = int

  condition:

    not any $e where

      $e.metadata.vendor_name == "Crowdstrike" and

      $e.metadata.event_timestamp > now() - 1800

!--scriptorendfragment-->

}


Here getting errors on the - not any $e where