Hi,

I am stuck with this from last few days and i really need some help.

M trying to create a gauge for displaying the uptime of an object.

I have this query for checking the current status(last 5 min) of this object whether it is Running or not.(10 for running and 0 for Not). 

| eval Indicator=if(state=="RUNNING", "10", "0")
| timechart span=5min min(Indicator) as "Trend"
| eventstats latest(_time) as current
| where current=_time
| eval SI=if(Trend==0,"Currently Down","UP")

If the value of SI is "Currently Down", then just display that. And if it is "UP" then need to do some calculations for the uptime. I have the query like below.

| eval Indicator=if(state=="RUNNING", "10", "0")
| timechart span=5min min(Indicator) as "Trend"
| eval DownTime=if(Trend==0,_time,null()) ,current_time=now()
| where isnotnull(DownTime)
| eventstats latest(_time) as current
| where current=_time
| eval diff= (current_time-DownTime)
,Days=diff/86400 ,Days=if(match('Days',"^[\d\.]*$"),floor('Days'),'Days')
,mod1 = (diff%86400) ,Hours=mod1/3600 ,Hours=if(match('Hours',"^[\d\.]*$"),floor('Hours'),'Hours')
,mod2 = (diff%3600) , Minutes=mod2/60 ,Minutes=if(match('Minutes',"^[\d\.]*$"),floor('Minutes'),'Minutes')
,Seconds = (diff%60)
| eval UpTime = Days." Days, ".Hours." Hours, ".Minutes." Minutes, ".Seconds." Seconds"
| table UpTime

Can someone please help me to merge these 2 queries to one so that if currently the state is not running it will show as "Currently Down" else it should show the uptime.