Hi,

I am using the below query to get the logs of the status of App_State, Node_State & Sync_State:

index=abc host=xyz | rex field=_raw "(?ms)Host\s+Id\s:(?<Host_ID>\d+)" | rex field=_raw "(?ms)Host\s+Name\s:\s(?<Host_Name>\w+)" | rex field=_raw "(?ms)Host\s+Status\s:\s(?<Host_Status>[\w+\s]+)\sNode" | rex field=_raw "(?ms)Node\s+Id\s:(?<Node_ID>\d+)" | rex field=_raw "(?ms)Node\s+Name\s:\s(?<Node_Name>\w+)" | rex field=_raw "(?ms)Node\s+State\s:\s(?<Node_State>[\w\s]+\w)\s+App" | rex field=_raw "(?ms)App\s+Id\s:(?<App_ID>\d+)" | rex field=_raw "(?ms)Label\s+Name\s:\s(?<App_Name>\w+\S+)" | rex field=_raw "(?ms)Synchronization\s:\s(?<Sync_State>[\w\s]+Sync)\sState" | rex field=_raw "(?ms)Sync\sState\s:\s(?<App_State>[\w\s]+\w)\s+Number" | lookup host_lookup.csv "Host_Name"
| eval Result=if(App_State=="Running", "Ok", "NotOk") | eval Result1=if(Node_State=="Running", "Ok", "NotOk") | eval Result2=if(Sync_State=="In Sync", "Ok", "NotOk")

Here, I want to create a single dashboard panel showing the outputs of Result,Result1 & Result2 combined. I am unable to determine which visualization I should be taking to get my desired view.

Please help modify the query to get a single dashboard panel to show the outputs of Result,Result1 & Result2 combined.

Thank you.