Try something like this
index=* [search index=* earliest=-5m@m status=transactioncomplete | stats count txnId | fields - count] | transaction txnId startswith="status=transactionstart" endswith="status=transactionend" keepevicted=false | table txnId duration
Setup alert based on the results.
