Hello, I installed the application. It seems to suffer the same defect as my query: it returns statistic rows, not events. How can I attach an alert to it?

This works for me. Replace the zero with your desired interval.

| metadata type=hosts index=_internal | where (now()-recentTime)>0 | fieldformat recentTime=strftime(recentTime,"%Y-%m-%d %H:%M:%S") | table host recentTime

@richgalloway I didn't try your query but it seems to not respond to my question. I need a query that returns search events. Yours just return results in a table. Thanks

If you want to create an alert for hosts with too old of a recentTime value, use the query I offered and set the alert to trigger if the number of events is not zero.
If you just want the events themselves then omit the table command.

@richgalloway The query you wrote is very similar to the one I wrote and that led me to open this question. Our query does not return events. It is not possible to attach any alert to it. It return results, not events. Alerts are based on events. The alert you suggest will never trigger. Is it clearer now?

I was able to create an alert using the above query. The key seemed to be setting the trigger to be "Number of Hosts" greater than zero rather than "Number of results".
Notice Splunk uses the term "results" rather than "events" in the trigger definition.

I tried "Number of hosts" with no success