Hey guys, I'm new to Splunk and I really need ur help!!!
What I wanna do is to find out the most recent event and see the gap between the time of the event and now. If the gap is greater than 10 minutes, the alert is triggered. So I had a search string like this:

index=palink  
| stats max(_time) as LatestTime 
| eval Gap=(time()-LatestTime)  
| where Gap>600
| convert timeformat="%Y-%m-%d %H:%M:%S" ctime(LatestTime) 
| eval dtime=strftime(Gap,"%M:%S") 
| table LatestTime dtime

It worked well in search so I saved it as alert with following setting:

Title:         palink_alert
Alert type:     Scheduled
Time Range:    Run on Cron Schedule
Earliest:     @d+1h
Latest:     now
Cron Expression:    * /5 * * * *
Trigger condition:    Number of Results
Trigger if number of results:    is Greater than         0

When the gap is greater than 10 minutes, I can see the results if I click Open in Search. However, in the alert page it says "There are no fired events for this alert." How do I fix this problem?

Update:
It shows alerts when I make Alert Type=Real Time. But it shows nothing on search and alerts even it should not be triggered. I set as following:

Title:    pa_test
Alert type:     Real Time
Trigger condition:    Per-Result

So I tried to set as:

Title:    pa_test
Alert type:    Real Time
Trigger condition:    Number of Results
Number of results is:   Greater than    0
in:   1    minute(s)

And then it says "In handler 'savedsearch': windowed real-time per result alerts require field based alert throttling to be enabled." What should I do now?