Hi @rahul2gupta,

in the Splunk Monitoring Console you can find the search you're searching for and you need only to choose the threshold you want and to enable it.

You con find it in the Splunk Monitoring Console Alerts.

If you don't find it, this is the search:

| rest splunk_server_group=dmc_group_license_master /services/licenser/pools 
| join type=outer stack_id splunk_server [
     rest splunk_server_group=dmc_group_license_master /services/licenser/groups 
     | search is_active=1 
     | eval stack_id=stack_ids 
     | fields splunk_server stack_id is_active
     ] 
| search is_active=1 
| fields splunk_server, stack_id, used_bytes 
| join type=outer stack_id splunk_server [
     rest splunk_server_group=dmc_group_license_master /services/licenser/stacks 
     | eval stack_id=title 
     | eval stack_quota=quota 
     | fields splunk_server stack_id stack_quota
     ] 
| stats sum(used_bytes) as used_bytes max(stack_quota) as stack_quota by splunk_server 
| eval usedGB=round(used_bytes/1024/1024/1024,3) 
| eval totalGB=round(stack_quota/1024/1024/1024,3) 
| eval percentage=round(usedGB / totalGB, 3)*100 
| fields splunk_server, percentage, usedGB, totalGB 
| where percentage > 90 
| rename splunk_server AS Instance, percentage AS "License quota used (%)", usedGB AS "License quota used (GB)", totalGB as "Total license quota (GB)"

Ciao.

Giuseppe