I've got some logs I need to join and put on the same row. I've tried a few different ways and searched the community but I can't seem to get exactly what I need. There's a log every 10 minutes for each host and each drive on said hosts (there are a lot of hosts and drives). Each log has 2 events for the same time and drive letter. One for free MB and one for percent. Basically I need to join together each set of these two separate events based on the time, host and drive letter of the log. Is this possible?    base query: index=perfmon host=host1 Category="PERFORMANCE" collection="WIN_PERF" object="LogicalDisk" counter="% Free Space" OR counter="Free Megabytes"   Drive letter is extracted as "instance" percent and MB are both extracted as "Value"   Returns these logs: "09/02/2021 21:48:49","host1","PERFORMANCE","WIN_PERF","LogicalDisk","Free Megabytes","d:","36092.00" "09/02/2021 21:48:49","host1","PERFORMANCE","WIN_PERF","LogicalDisk","% Free Space","d:","41.47" "09/02/2021 22:08:49","host1","PERFORMANCE","WIN_PERF","LogicalDisk","% Free Space","C:","19.30" "09/02/2021 22:08:49","host1","PERFORMANCE","WIN_PERF","LogicalDisk","Free Megabytes","C:","19767.00"     Desired output:   Time                                                       Host       Drive      FreePercent     FreeGB          09/02/2021 21:48:49                host1          d:                41.47            36092.0  09/02/2021 22:08:49                 host1          C:                19.30            19767.00   Any help would be appreciated.     ... View more