UPTIME,server,server,Linux,4,4,2023-08-02 16:17:28,300,1440,"16:17:28 up 90 days; 11:34; 0 users; load average: 0.04; 0.18; 0.17" --- the raw data The alert used: index=nmon host=* eventtype=uptime source=perfdata uptime=* | fields _time host uptime | eval host=upper(host) | where uptime <= 600 | sort uptime | dedup host | lookup hostscope.csv host OUTPUTNEW Application as application PLATFORM as platform Environment | search platform!=ONPREM | eval urgency=case(Environment="PROD" OR Environment="PREP", "high", isnotnull(Environment), "medium") | table host uptime application platform Environment urgency
... View more