Hello I am trying to create a search query like so:
search for specific terms (searchterm#1 AND NOT completed successfully) in a list of sources over the last 4 hours (earliest=-4h). For each source that's returned, complete a metadata search to find if the lastTime (most recent event update) for any source is more than a set threshold (say 300 seconds) and return the result as an array of "source:lastUpdate"
Is the above possible? (I think I can get each one individually, by not together)
Thanks in advance !
... View more