I have the below working SPLUNK query which is being used to print the timechart. I would like to trigger an email alert on daily basis. I would like to use the same query for email alert on daily basis.

Problem : How can I access the count of each searchmatch in email notification?

I am trying to access the counts like below in Splunk alert:

'$name$' 

Status Value  :  Count

Approved : $result.string.Approved$
Declined   : $result.string.Decline$
Pending    : $result.string.Pending$
Review      : $result.string.Review$
Null            :$result.string.Null_Status$

ALL            :  $result.All$ (Should be sum of all above statues)

But it is not working.

Here is the Query:

index=dotcom sourcetype=dotcom_cc   "and applicationStatus value : *" OR "and applicationStatus value : D" OR "and applicationStatus value : R"  OR "and applicationStatus value : A" OR "and applicationStatus value : P" OR "and applicationStatus value : null"  | eval string=case(searchmatch("and applicationStatus value : D"), "Decline",  searchmatch("and applicationStatus value : R"), "Review",  searchmatch("and applicationStatus value : A"), "Approved",  searchmatch("and applicationStatus value : P"), "Pending",  searchmatch("and applicationStatus value : null"), "Null_Status") | timechart count by string