I am new to Splunk. I have the logs in the following format for our servers.  Host, CPU, %USAGE Host, Memory, %Usage Host, Load Average, % USAGE Host, Swapping, %Usage I need to create a query to display the results in the following format.  HOST, CPU Avg Usage, Memory Avg Usage, Load Avg Usage, Swapping Avg Usage My query below is printing the same value for each of fields. Ex: it prints the same cpu value for all the rows. Any suggestions on the query? index = index1 sourcetype=.... source=... | eval cpu_usage = [search index = ... sourcetype=... source=* | search metric_name=CPU_Utilization | stats avg(Usage) as "CPU_Usage" by host_name | return $CPU_Usage ] | eval memory_usage = [search index = ... sourcetype=... source=* | search metric_name=Memory_Utilization | stats avg(Usage) as "Memory_Usage" by host_name | return $Memory_Usage ] | eval load_usage = [search index = ... sourcetype=... source=* | search metric_name=Load_Utilization | stats avg(Usage) as "Load_Usage" by host_name | return $Load_Usage ] | eval swapping_usage = [search index = ... sourcetype=... source=* | search metric_name=Swapping_Utilization | stats avg(Usage) as "Swapping_Usage" by host_name | return $Swapping_Usage ] | stats values(cpu_usage) as "CPU Utilization", values(memory_usage) as "Memory Utilization", values(load_usage) as "Load Utilization", values(swapping_usage) as "Swapping Utilization" by host_name ... View more