My whole search is:

| `host_eventcount(30,2)` | search is_expected=true | `ctime(lastTime)`  | fields + host,lastTime,dayDiff  |rename host AS "Hostname", lastTime AS "Last Time Seen" , dayDiff AS "Days Not Seen" | eval c_time=strftime(log_time,"%m/%d/%y %H:%M:%S") 

Anyway to make this more efficient?