Unique events from last 24hrs, that have not occured within the last 30days

Hello, I have an index with ALPR (license plate) data. I'd like to create a table, that shows unique plates detected within the last 24hrs, that were not previously detected within the last 30 days. I tried using the search below, however its not returning the desired results. I think its because I have not indicated which field to search on (in this case, it would be Plate). Any help would be greatly appreciated. Thanks! index="alpr_logs" source="http:openalpr" Is_Parked=False earliest=-1d latest=now NOT [search index="alpr_logs" source="http:openalpr" Is_Parked=False earliest=-30d latest=-1d] | table Plate Region Color Make Model Year