Thanks @jacobpevans! Being a rookie at this I'm not sure how this would be applied to the alert search so that it actually fires. Would the "eval" act as the conditional statement that once met would then trigger the actions when true?
index=x |eval eval Matched_Conditions = "",
Matched_Conditions = if ( condition1...etc
| fields source, eventID, eventTime, Matched_Conditions
etc?
... View more