The easiest and most efficient way to do this is with the Machine Learning Toolkit app. you would select "Detect Numeric Outliers" and then you would write your base search simply as:
sourcetype=xxx (src_port > 49000 AND src_port < 65535), and then select the fields you would like to conduct outlier detection on.
See the screenshot below. You can write normal Splunk alerts from there on the results. That would definitely be the easiest and most efficient. It has all your needed functionality built-in.
... View more