By putting the trigger criteria in the search
<<your search>>
| where (DCOEtransfercount=1 AND NDNCopycount=1)
is also getting events irrespective of whether the value is 1/2/3 for both the DCOEtransfercount AND NDNCopycount. It seems that the where a condition is not working.

By changing "and" to "AND" in the trigger condition does not work. since I assume the table has multiple rows each for DCOEtransfercount & NDNCopycount. hence it is not working. how do those two conditions together make it work with different rows?

Changing "and" to "AND" is simply a syntactic fix since the logical operator must be uppercase so lowercase "and" would search for the string "and" in your results.

Anyway, your requirement seems a bit vague so it would be best if you shared (anonymized if needed) sample of output of your scheduled search and explained when you would like the alert triggered.

The trigger condition is 

DCOEtransfercount=1 AND NDNCopycount=1

Search query is

...
| append [search index="pd" "successful" "notif/output/"
  | stats count as DtransferCount by _raw 
  | fields DtransferCount 
  | rename _raw as Dtransfer] 
| append [search index="pd" "SBID=nr" "DM" "PAM=sende" "notif/archive/" 
  | stats count as DMCopyCount by _raw 
  | fields DMCopyCount
  | rename _raw as DMCopy]

Results are:

OK. So your options are:

1. Rework your search so that the results are aggregated into single event so that you can compare different fields within a single event or

2. Use something like |stats values in your condition search to "compress" the results and then compare aggregated fields.

Could you provide me with the query using option 2..

Something like

stats  values(*) as * | where DCOEtransfercount=1 AND NDNCopycount=1

as the alert condition.

Might need further tweaking if you expect multiple result rows in your original results.