Thanks for your reply.

Compliance is the field which has all the values in it like compliant , non-Compliant etc.Here my requirement is to get the alert when compliant is < 95 % .

When use Compliance =Compliant then, it will have total of all the 4 values in Compliance rit .I need for Compliant alone in Compliance field .

Please suggest me way mayurr98.

No, when you write Compliance="Complaint" before the stats command it will have only one value called Compliant in that case you need to set custom trigger condition as

search count<95

If you have 4 values in the Compliance field then you need to set custom trigger condition as

search Compliance="Complaint" AND count<95

HI Thank you.It works

Can you help me with this code ,
index=demo |eval name=lower(name)|fillnull value=Null|search eligibility="" Appliance="" |stats count by Compliance| eventstats sum(count) as perc | eval perc=round(count*100/perc,2)

I get output like below,
Compliance count perc(in %)
False 8 30.77
Missing 5 19.23
True 13 50.00

Here i need to take false if it goes above 50 % OR True if it goes below 50 % in custom alert

Please help me in it mayurr98

so your trigger condition should be

 search (Compliance="False" AND perc>50) OR (Compliance="True" AND perc<50)

I am not getting the alert triggered.I tried with one condition too.

put this at the end of your search

index=demo |eval name=lower(name)|fillnull value=Null|search eligibility="" Appliance="" |stats count by Compliance| eventstats sum(count) as perc | eval perc=round(count*100/perc,2) | search (Compliance="False" AND perc>50) OR (Compliance="True" AND perc<50)

And see if you are getting results.
If yes then save this search as an alert and leave trigger condition as default.