Hi Giuseppe
thank you for help!

May I ask one more question?
This part of the query usually returns 6 columns (  host, check_id, status, info, region, msg)

index="..." exec_mode="..." 

 then I use 

| stats dc(status) AS status_count Values(status) AS status BY check_id 
| eval status=if(status_count=1 AND status="Passed","Passed","Failed")
| table check_id status

the table has values 
after it I'd like count statuses by host_name  | stats count(status) BY host_name
however I get 'No results found.'

What am I doing wrong?
Thank you