Hi my code is as follows:

DESCRIPTION="* sump *" OR (DESCRIPTION="* ejector pump *" AND DESCRIPTION="* run/stop *") (VALUE="RUN" OR VALUE="STOP" OR VALUE="TRIP") ASSET_NAME="*TAM/*" | eval TIMEONLY =strptime(CREATEDATETIME ,"%d/%m/%Y %I:%M:%S %p") | eval _time=TIMEONLY
| rex field=VALUE mode=sed "s/TRIP/STOP/g" | rex field=DESCRIPTION mode=sed "s/Trip/Run\/Stop/g" | rex field=ASSET_NAME "^(?<LOCATION>[^/]+)"
| streamstats count(eval(VALUE="STOP")) AS TransactionID BY ASSET_NAME DESCRIPTION
| stats range(_time) AS duration list(VALUE) AS VALUES min(_time) AS _time BY TransactionID ASSET_NAME DESCRIPTION
| eval newfield=if(duration>=1800,1,null)
| sort by ASSET_NAME

part of result i get:

i would like to ask if there is a code which i can write so that under my description it can check that my Pumps are always working in alternating example 

STN DR Sump Pump 01 Run/Stop Status: DR Pump RM 01 

run and stop follow by 

STN DR Sump Pump 02 Run/Stop Status: DR Pump RM 01

then 

STN DR Sump Pump 01 Run/Stop Status: DR Pump RM 01

if there happen that the run/stop did not alternate it will have an alert or flag out abnormally or something