So I have search and I would like to exclude all of those results from some future searches. Aside from specifying some by NOT, which given the length of the first search would be questionable at best. Is there a way to make this exclusion in the backgrounmd not in search?
Here is the search:
search terms | eval TimeInHour=_time%3600
| rex mode=sed "s/ \d{4}-\d{1,2}-\d{1,2} \d{1,2}:\d{1,2}:\d{1,2}//g"
| stats first(_raw) by punct,TimeInHour,_raw,_time
| stats count by _raw,TimeInHour,punct
| addinfo| eval hours = round((info_max_time - info_min_time)/3600,0)
| where count > hours-1