Forum Discussion
Solved
Materialize() and time ranges in analytics rules
Hi all, was looking for some clarification around this but wasn't able to find anything online that could confirm one way or another. If I want to use the materialize() function to cache 180d wor...
ReganDangerCarey You are correct in that you *cannot* cache 180days and use it in an Analytic rule. The Analytics rules actually ignore any sort of time reference in the query (i.e. | where TimeGenerated > ago(180d) ) so there is no way to specify you want to look more than 14 days in the past.
ReganDangerCarey You are correct in that you *cannot* cache 180days and use it in an Analytic rule. The Analytics rules actually ignore any sort of time reference in the query (i.e. | where TimeGenerated > ago(180d) ) so there is no way to specify you want to look more than 14 days in the past.
Tiander did a great webcast here: https://youtu.be/G6TIzJK8XBA?t=3152 the workaround for “14days use case” starts at 42min - it works but only if you really really need to use it.