You can try this search to get last run of that alert before it disabled:
index=_internal sourcetype=scheduler | stats latest(_time) as last_event by savedsearch_name | eval last_run=tostring(now()-last_event,"duration") | eval last_event=strftime(last_event, "%Y-%m-%d %H:%M:%S")
