@lperini_splunk we tried to use the below option but ticket creation got stopped for the entire kpi and for other hosts too ,then we had to revert it back. So we could not understand what was the mistake made.
Host must be a field from the correlation search right? and do we need to give fqdn of the server as host value or just a server name or ip address is enough?
also please let us know if there are any other option.