Assuming M is 4 times (M represents the number of times the user accesses, assuming that the same account is accessed multiple times per day), N is 6 days (i.e. the period, assuming the data starts from the 1st, outputs a result on the 6th day, outputs a result on the 7th day, and so on), if the user accesses the same account for 5 consecutive days, it is counted as 5 times. Sliding is 6N+1N until the end.

So, what would your expected output look like in this instance?

The expected output is: Assuming the start time is from January 1st, 2025 to January 6th, 2025, output: The earliest access time and latest access end time of the user, the username, department, and the number of times the account has been accessed So the second output from January 2, 2025 to January 7, 2025: The earliest access time and latest access end time of the user, the username, department, and the number of times the account has been accessed The following results follow this pattern...

OK, let's suppose M is 4 and N is 10, so a user could have two periods of continuous access of 4 days each within the 10 day period. What would the output look like then?

Or is it that M*2 > N is always true?

Assuming the data starts from January 10, 2025 to January 22, N is 10, M is 4 times If a user has accessed the same account every day in the first 4 days within the past 10 days, the following will be returned: So the latest alarm output will be on January 15th: The start time is January 6th, the end time is January 15th, and the access account is: xxxxxx01 , The number of visits is 5 The start time is January 7th, the end time is January 16th, and the access account is: xxxxxx01 , The number of visits is 5 The start time is January 8th, the end time is January 17th, and the access account is: xxxxxx01 , The number of visits is 5 The start time is January 9th, the end time is January 18th, and the access account is: xxxxxx01 , The number of visits is 5 The start time is January 10th, the end time is January 10th, and the access account is: xxxxxx01 , The number of visits is 5 Why didn't it sound an alarm afterwards? Because if the condition of M greater than 4 is not met on January 11th, it will be filtered directly and no records will be generated The start time is January 11th, the end time is January 10th, and the access account is: xxxxxx01 , The number of visits is 4

Please explain why the number of visits is 5 when the user has only accessed the account for the first 4 days (presumably 10th, 11th, 12th and 13th)?

Because your condition is that M is 4, I will sound an alarm when the user accesses the same account more than 4 times in a row

OK so the number of "visits" is because the 10 day periods 6-15, 7-16, 8-17, 9-18 and 10-19 all contain the same period of 4 consecutive visits (10, 11, 12 and 13)?

Yes, what I want to achieve is to count the alarm results for every first 7 days plus 1 day

OK so what would you get if there were two periods of 4 consecutive days (10, 11, 12 and 13, and 16, 17, 18 and 19)?

If the same person and department access the same account for 2 consecutive 4-day periods, they will receive:
Start time: 5, End time: 14, Name, Department, Account, Number of occurrences: 4
Start time: 6, end time: 15, name, department, account number: 4
Start time: 7, end time: 16, name, department, account number: 5
Start time: 8, end time: 17, name, department, account number: 6
Start time: 9, end time: 18, name, department, account number: 7
Start time: 10, end time: 19, name, department, account number: 8
Start time: 11, end time: 20, name, department, account number: 7
Start time: 12, end time: 21, name, department, account number: 6
Starting time: 13, ending time: 22, name, department, account number: 5
Starting time: 14, ending time: 22, name, department, account number: 4
Start time: 15, end time: 23, name, department, account number: 4
Start time: 16, end time: 24, name, department, account number: 4
Because our data is collected today and yesterday, according to what you said, 10 is the cycle (N) and 4 is the number of days (M) (also the number of times, because the same person or department accessing one account on the same day is recorded as 1 day)

Why is 

Start time: 7, end time: 16, name, department, account number: 5

when you don't know on the 16th that this is the start of another set of 4 consecutive accesses?

What would you get if it was accessed on 10, 11, 12, 13, 16, 18, 19, 20, 21?

If we follow the cycle of 10 as you said (N) and 4 as the number of days (M) (which is also the number of times, because the same person or department accessing an account on the same day is recorded as 1 day) Assuming that in the first 10 days of today, the same person and department accessed an account on the same day, and the number of visits per day is counted as 1, and the final value is greater than 4. To achieve this, if I enlarge the time interval, I will append the results of each 10 day period separately.

		14/01/2025	15/01/2025	16/01/2025	17/01/2025	18/01/2025	19/01/2025	20/01/2025	21/01/2025	22/01/2025
05/01/2025
06/01/2025
07/01/2025
08/01/2025
09/01/2025
10/01/2025	x
11/01/2025	x
12/01/2025	x
13/01/2025	x
14/01/2025
15/01/2025
16/01/2025	x
17/01/2025
18/01/2025	x
19/01/2025	x
20/01/2025	x
21/01/2025	x
22/01/2025

Here is a simple table with dates and whether the user as accessed the account (marked with an 'x')

Across the top are the date of when the report is run looking back 10 days including the day the report is run.

What do you expect the count to be for each of those days?

Do you expect a single count at the end for the whole period?

What does that count represent and why?

Please fill in all the detail.