| makeresults 
| eval _raw="job   job_name  time job_result
abc   abc_job   14:20 Failure
def   def_job   15:30 Failure
ghi   ghi_job   12:22 Failure
annc  annc_job  14:20 Failure
defff defff_job 15:30 Failure
ghhhi ghhhi_job 12:22 Failure
abc   abc_job   14:20 Success
def   def_job   15:30 Failure
ghi   ghi_job   12:22 Failure
annc  annc_job  14:20 Failure
defff defff_job 15:30 Failure
ghhhi ghhhi_job 12:22 Failure"
| multikv forceheader=1 
| table job job_name time job_result
| streamstats reset_on_change=t count(eval(job_result="Failure")) as fail_count by job_result
| eventstats max(fail_count) as alert_count

Hi, @manish_singh_777
this is sample code.

your_search
| table job job_name time job_result
| streamstats reset_on_change=t count(eval(job_result="Failure")) as fail_count by job_result
| eventstats max(fail_count) as alert_count

alert_count > 5, fire alert.