Dear Splunkers, I have a flow of events and need to perform alarm when some value, e.g. metricValue is greater than threshold and set state level and last level fields to be calculated following way: first event or value is less than threshold = stateLevel=0 => value greater than threshold state level = lastLevel+1 and till max level (custom value provided by Client)  => value less than threshold > stateLevel = lastLevel -1.
with my current search lastLevel is always not greater than 1, stateLevel is not greater than 2.   

I have a question on what's wrong with my eval command:
maxLevel = 3
| streamstats current=f window=1 last(dl_dmax) as lastDmax, last(stateLevel) as lastStateLevel by _time
| eval stateLevel = if(isnull(lastStateLevel), 0, lastStateLevel)
| eval lastLevel = if(lastDmax>threshold, case(stateLevel<maxLevel, stateLevel+1, stateLevel==maxLevel, maxLevel), case(stateLevel!=0, stateLevel-1, stateLevel=0, 0))
| eval stateLevel = if(metricValue>threshold, case(lastLevel<maxLevel, lastLevel+1, lastLevel==maxLevel, maxLevel), case(lastLevel!=0, lastLevel-1, lastLevel=0, 0))
| table  threshold, metricValue, maxLevel, alertLevel, clearLevel, lastLevel, stateLevel