Performance Note: Smaller time windows are significantly faster to query. A
"PT1H" query scans far less data than a "P30D" query. Use the smallest window that effectively catches the pattern you’re looking for.
Time functions extract temporal components from the transaction’s timestamp field. They enable rules based on the time of day, day of the week, or other calendar-based patterns.
hour_of_day()
Signature: hour_of_day(<timestamp_field>)
Return Value: An integer from 0 to 23 representing the hour in UTC.
Description: Extracts the hour component from a timestamp. The primary use case is detecting transactions outside of normal business hours.
Example:
day_of_week()
Signature: day_of_week(<timestamp_field>)
Return Value: An integer from 0 (Sunday) to 6 (Saturday).
Description: Extracts the day of the week. Useful for detecting weekend activity on business accounts, or activity on holidays.
Special Feature: Also supports in with string day names: ("Sunday", "Saturday").
Example:
Complete Time Function Reference
The previous_transaction() Function
This is a powerful function for checking whether specific patterns exist in a user’s recent transaction history.
Signature:
Return Value: Boolean —
true if at least one matching previous transaction exists within the time window, false otherwise.
Description: Queries the transaction database for historical records that satisfy ALL of the match conditions within the specified within time window. This enables powerful sequential pattern detection: “block this transaction IF a previous transaction from the same source failed within the last hour.”
How $current.<field> works inside match: The string "$current.source" is resolved at runtime to the source field of the current transaction being evaluated. This allows you to find previous transactions from the same user, account, or device.
Example: Block After Previous Failure
true..png?fit=max&auto=format&n=0JF6z69u57hmqsWm&q=85&s=531373acedba0eb783b669f6d558dfd8)