Hello,
I have an index with ALPR (license plate) data. I'd like to create a table, that shows unique plates detected within the last 24hrs, that were not previously detected within the last 30 days. I tried using the search below, however, it's not returning the desired results.
I think it's because I have not indicated which field to search on (in this case, it would be Plate).
Any help would be greatly appreciated. Thanks!
index="alpr_logs" source="http:openalpr" Is_Parked=False earliest=-1d latest=now NOT [search index="alpr_logs" source="http:openalpr" Is_Parked=False earliest=-30d latest=-1d] | table Plate Region Color Make Model Year
Your suspicion is correct. The subsearch needs to be more specific about what it returns.
index="alpr_logs" source="http:openalpr" Is_Parked=False earliest=-1d latest=now NOT
[ search index="alpr_logs" source="http:openalpr" Is_Parked=False earliest=-30d latest=-1d | fields Plate | format ]
| table Plate Region Color Make Model Year
Your suspicion is correct. The subsearch needs to be more specific about what it returns.
index="alpr_logs" source="http:openalpr" Is_Parked=False earliest=-1d latest=now NOT
[ search index="alpr_logs" source="http:openalpr" Is_Parked=False earliest=-30d latest=-1d | fields Plate | format ]
| table Plate Region Color Make Model Year
This worked great; thank you!