Thank you, as we are using Splunk web i am not sure that option could work. the query is. index=Index sourcetype=WinHostMon source="service" host="*" DisplayName="Bits*"
| rename DisplayName AS ServiceName
| rename State AS Status
| eval host = lower(host)
| lookup ourhosts_env host OUTPUTNEW Environment
| rename host as Host
| eval Time = strftime(_time, "%Y-%d-%m %H:%M:%S")
| fields - _time
| eval CurrentStatus = case(StartMode == "Disabled" AND Status == "Stopped", "Disabled", StartMode == "Auto" AND Status == "Running", "Success", StartMode == "Auto" AND Status == "Stopped", "Failure", StartMode == "Auto" AND Status == "Stopped", "Failure")
| stats latest(Time) as Time latest(Status) as Status latest(StartMode) as StartMode by Host ServiceName Environment CurrentStatus
| table Time Environment Host Status StartMode CurrentStatus When i run the search, or the report the colored cells show red, yellow, green. The email just has plain table no color.
... View more