You notice that some Slack Securlet policies with a single rule can only look for matches within a one Slack message, whereas some compound policies can match on multiple message. For instance, if you have a data identifier policy with keyword validator, both the keyword and the DI has to be found with in a single message to trigger the DLP incident. However, if you create a policy with a keyword rule AND a data identifer rule, it can then trigger when the keyword and the DI are found in multiple consecutive messages.
This is because each slack message is an considered an independent attachment/component. Multiple Slack messages can be batched together as a single DLP request to scan their content inspection, but when the policy is set to look for matches of the same component, it will only look for matches within each message/component. Please see the techdoc Configuring compound rules for more detail. However, if you have a policy that has multiple rules (compound rules), the policy can match across different components (see cross-component matching for more detail). For Data identifiers with a validator, such as keywords, it is implied that the keywords must exist in the same component to match the policy.
If you want your policy to be able to trigger when the keyword and the DI are found in multiple messages sent within a short timeframe, then instead of using validator keyword, you should consider break the rule into a keyword rule and a DI rule and set the component to ANY. For messages that are not sent to DLP in one request, for example, the messages are sent some time aprart from each, they will not be scanned by DLP in batches.