That's a pretty straightforward query in Splunk. However, do you have the equivalent to "ps -ef" logged in Splunk? If not, then the alert won't work.
Another option is to create a scripted input that executes that CLI command and logs the result in Splunk. Then you can alert on it.
If this reply helps you, Karma would be appreciated.