HI I have a problem.

I have a NAS that have a mail folder to store Devices' configuration file.
Each device will have a separate directory to its configuration.
A configuration commit in the device will automatically save a new copy in own folder and each day a copy will automatically generate at specific time, for example, 12:00am.

I want to use splunk to figure out change of the configuration

I could use diff and head to pull out last 5 configuration and diff on it.
but boss want to add an additional comparison whcih compare to the last file one day ago.

sourcetype="deviceconfig" host="switch1" latest_time=now | head 5 | diff position1=1 position2=2 
| append [ search sourcetype="deviceconfig" host="switch1" latest_time=now | head 5 | diff position1=2 position2=3 ] 
| append [ search sourcetype="deviceconfig" host="switch1" latest_time=now | head 5 | diff position1=3 position2=4 ] 
| append [ search sourcetype="deviceconfig" host="switch1" latest_time=now | head 5 | diff position1=4 position2=5 ] 
| rex  "@@\s*(?<para1> [+-]?\d*,\d*\s*[+-]?\d*,\d*)\s*@@" max_match=50 | rex max_match=100 "(?<para2>\n[+-][ a-zA-Z0-9].*)" | rex "hostname\s*(?<host_name>\w*)" 
| eval count=mvcount(para1)|table _time host count para2 

Do anyone know how I could check against the configuration file one day ago ?
Or I should say How I can find the last event one day ago?