You cannot do it in the alert dialog so do it just like you are in SPL at the end and set your alert trigger to number of results and is greater than zero. This is more clear to the analysts anyway.

Can you write out some example data? I'm having a hard time coming up with a catch all answer for a few different cases I can think of that you might be talking about, and don't want to lead you down the wrong path!

Hi there -

Currently we don't support multiple fields in separate the same condition (e.g. you can do A>0 and A<10 but not A>0 and B>0).

The work around is to create a new single column that represents the underlying logic of the column combination e.g.

From original
index=XXXX sourcetype="XXX"
| where Field in("A")
| stats count avg(time) as A
| where A>2 and count>3 --condition1
| where Field in("B")
|stats count avg(time) as B
| where B>5 and count>10 --condition2

Change base search to something along the lines of:
index=XXXX sourcetype="XXX"
| eval a_or_b=case(Field in("A"), "A", Field in("B"), "B")
| stats count() as myCount, avg(time) as avg_time by a_or_b
| eval alert_a=case(a_or_b="A" AND avg_time>2 AND count>3, 1)
| eval alert_b=case(a_or_b="B" AND avg_time>5 AND count>10, 1)

In the UI....
Condition 1: alert_a = 1 --> actions
Condition 2: alert_b = 1--> actions

Also please feel free to email scs-alerts@splunk.com if you run into any additional trouble!