Hi, Splunkers. I need some idea to show "Time Snap result" and "latest status change time by host". Source Data is like this; Host sent OK/NG every 5m/15m depends on OK/NG.(If NG, sent every 5m/ If OK, sent every 15m) time, host, Status 2023/06/13 23:41:09,  A, OK 2023/06/13 23:39:17,  B, NG 2023/06/13 23:43:31,  C, OK 2023/06/13 23:34:17,  B, NG 2023/06/13 23:36:03,  A, NG 2023/06/13 23:29:17,  B, NG 2023/06/13 23:31:10,  A, NG 2023/06/13 23:24:17,  B, OK 2023/06/13 23:28:31,  C, OK 2023/06/13 23:26:49,  A, NG 2023/06/13 23:10:29,  A, OK 2023/06/13 23:09:17,  B, OK 2023/06/13 23:13:31,  C, NG What I want 2 type results like; <result1:Time Snap result> Time, NumbberOfOK, NumberOfNG, NG Host 2023/06/13 23:15, 3, 0,  2023/06/13 23:20, 3, 0, 2023/06/13 23:25, 3, 0, 2023/06/13 23:30, 2, 1, A B 2023/06/13 23:35, 2, 1, A B 2023/06/13 23:40, 2, 1, A B 2023/06/13 23:45, 2, 2, B <result2:latest status change time by host> host, NG_from, lastChangeTo_OK A, 2023/06/13 23:26:49, 2023/06/13 23:41:09 B, 2023/06/13 23:40:17,  C,, I'm trying to get what I need like using "bin" to make time rounded and so on, but I can't handle it for now. Any idea is very helpful. Thank you for your time. ... View more