Hi Splunkers,  I have a 2 hosts i.e server1 & server2. Each host running with multiple processes. Lets say the processes are process1 & process2. I want to create a dashboard to show the latest processes status whether it is Running or Not Running in each host   index=os host IN (server1 server2)  ARGS=*process1* OR ARGS=*process2* | eval process1_status=if(like(ARGS,"%process1%"),"Running","Not Running") | eval process2_status=if(like(ARGS,"%process2%"),"Running","Not Running") | stats latest(process1_status)  latest(process2_status)  by host | fillnull value=NULL But this query is not giving correct results. Each event will have either ARGS field as process1 or ARGS field as process2.     ... View more