We are trying to set an alert for a sub_A to trigger if no data is sent  in 1 hour duration.  The previous splunk expert wrote the search below, and i was under the impression to change the "+24h@h" to "1h@h" and "86400",  to 3600 would change the parameter of the alert.

| where now()>relative_time(LastFileXfer, "+24h@h")
| eval DaysOld=round((now() - round(LastFileXfer, 0))/86400, 2)

Does this need to be changed when saving the alert in menu section of the alert?

-----Thank you-----

------Search------

index=dart_index source=OPS_NIPR_DART_DMZ_IncomingOutgoing status_message="OK" earliest=-48h@h subscription_name IN ("Sub_A")
| eval DeliveryComplete=strptime(delivery_complete, "%Y-%m-%d %H:%M:%S")
| stats values(src_host) as Source, values(dest_host) as Destination, values(login_name) as DataOwner, values(host_name) as DartNode, values(xfer_type) as XferMethod, min(DeliveryComplete) as EarliestFileXfer, max(DeliveryComplete) as LastFileXfer by subscription_name
| where now()>relative_time(LastFileXfer, "+24h@h")
| eval DaysOld=round((now() - round(LastFileXfer, 0))/86400, 2)
| eval EarliestFileXfer=strftime(EarliestFileXfer, "%Y-%m-%d %H:%M:%S")
| eval LastFileXfer=strftime(LastFileXfer, "%Y-%m-%d %H:%M:%S")
| table subscription_name Source Destination DataOwner DartNode XferMethod EarliestFileXfer LastFileXfer DaysOld