Try like this

your base search ran with time-range for last two days (yesterday and day before yesterday) earliest=-2d@d latest=@d| eval day=strftime(_time,"%m/%d/%Y") | stats values(day) as days by user | where mvcount(days)=1  AND days=strftime(relative_time(now(),"-1d@d"),"%m/%d/%Y")