I have a dashboard for all SSL certifications. I'd like to setup few alerts for renewal reminds from Splunk. My current query is as shown below:

Index=epic_ehr source=C:\\logs\certs\\results.json

|Search validdays<60 |table hostname,validddays,issuer,commonName

My custom trigger condition is: search validdays="*" AND count<273

When I run this I am seeing results but no alert is triggered nor do I receive any email. please assist