This recipe revolved around a simple search that looked for purchase events that included more than 10 items or where the total value of the purchase was greater than $3000. This might be considered abnormal in an environment where typical purchases involve two items and the total value is less than $1000. Simplicity aside, it served to illustrate how a per-result type of alert functions. Essentially, as soon as a matching result is detected, the alert is triggered. The search runs over All time, in real time, just waiting and watching for a matching event to come in. There was no throttling enabled, so if five matching events were to come in, then the alert will be triggered five times. A per-result type of alert would not ...