Hello,

In the below given search, I want to show data by "host", so please could anybody suggest me how to do this?

index=sc-perfmon sourcetype="Perfmon*" counter="Free Megabytes" OR "User Time" OR "Available MBytes" | stats sparkline, latest(_time) as latest_event by sourcetype | eval "time since latest event"=((now() -latest_event)/60)| sort "time since latest event" | fieldformat latest_event = strftime(latest_event, "%F %T")

Thanks
Ankit