I have this search:
notable | where urgency="critical" | table _time source src dest user urgency | eval computer=coalesce(src,dest)

I want create alert to send email in each once appear new result, means I want send email in each once appear (new event) urgency=critical in incident review

please help me and support;

Tahnks