Hi Chaps,

Need some help to understand why the alert is not getting triggered. This alerts query, when executed over 7 days period gives nonzero counts of 6 i.e. greater than 5(Our condition is trigger alert when nonzero counts exceeds 5). I see that alert is not getting even though we have nonzero count is 6.When we checked scheduler log Email action is blank.i have pasted the screen shot for reference.Please help me in this regards.

Below is the query

sourcetype="*" LOG_MESSAGE="Retry*" "Collections.NCS" NOT LOG_MESSAGE="Retry #1 *" | timechart span=10m count | autoregress count p=1-5 | eval nonzero=if(count > 0, if(count_p1 > 0, if(count_p2 > 0, if(count_p3 > 0, if(count_p4 > 0, if(count_p5 > 0, 6, 5), 4), 3), 2), 1), 0) | fields _time, nonzero

i see the nonzero counts which exceeds  5.in below screen shot 

search query when we ran for over7 days of period

below is the scheduler log.i see alert_action is blank.

10-31-2020 08:10:07.566 +0000 INFO SavedSplunker - savedsearch_id="XXX;search; alert", search_type="", user="XXX", app="search", savedsearch_name="XXXX alert", priority=default, status=success, digest_mode=1, scheduled_time=1604131800, window_time=0, dispatch_time=1604131805, run_time=1.785, result_count=1015, alert_actions="", sid="scheduler__smadan__search__RMD5ab6a869ca92dbacc_at_1604131800_63960_638683B3-25D9-4D2A-AF2E-4E43362FDBFA", suppressed=0, thread_id="AlertNotifierWorker-0", workload_pool=""

Please find the alert condition: