If you are using the monitoring console or have it as a search peer, try the below:
index=audit action="alertfired" AND host=YOURDMC
| eval severity=case(severity==1,"debug", severity==2, "info", severity==3,"warning", severity==4,"error",severity=5,"severe",severity==6,"fatal")
| rename ssapp as monitoringapp
| table ssname, severity, timestamp, monitoring_app
You can then create a dashbaord from this as well as an email action that has the table above inline.