index=esbsrvprod sourcetype=foldermonitoringError NOT (.log) NOT (.nfs)|eval Instance=case(like(host,"%EU1%"),"EU1", like(host,"%EU3%"),"EU3", like(host,"%EU2P%"),"EU2",like(host,"%AP%"),"AP",like(host,"%AM%"),"AM",like(host,"%CI%"),"CI") | rex field=filePath /(?<folder>.*)/ |  lookup FolderMonitorings.csv Folder as folder, Instance as Instance OUTPUT ThresholdFiles, "Assignment Group" MonType  |  eval folder=replace(folder,"mnt/integration","")  | chart limit=10000 count over Instance by folder