Try something like this:
1) Alert when there are 50+ jobs running
| rest /services/search/jobs|stats count |eval triggerer=(if( count>50,"ok","no"))|where triggerer="ok"|table triggerer
2) alert if a job is running more than an hour
| rest /services/search/jobs |where runDuration>1600
3) See searches per hour by user (i'm not yet able to let you see searches per hour )
| rest /services/search/jobs|chart values(custom.search) by author
SGF
