Aggregate/evaluate log matches over time period

[calebhailey]

User stories:

• Alert when the count (or total) of regex matches exceeds a threshold during a time period (e.g. if more than 10 aggregate log matches in 15 mins).

• Alert when the count (or total) of regex matches is below a threshold during a time period (e.g. if 10 aggregate log matches are expected in 30 mins and only 5 are observed).

Can we achieve this via a more robust state file (or state db via boltdb)?