I know this seems obvious I'm searching 5 minutes back and alerting on the results every 1 minute so there is 4 minutes of over lap on each search.  But due to some internal issues the logs are not always indexed right on time so I can't to a 1 minute search for a 1 minute alert or I would for sure miss stuff. The alert is throttled to to suppress triggering for 5 minutes but this is missing alerts too.  Is there any way for the alert to be aware of a previous alert result and make a dynamic allow list? ... View more