hmmm...
High level approach:
I would create a script-field (https://www.elastic.co/guide/en/kibana/current/scripted-fields.html) that concatenates the service-hostname-lost fields in a single value. That will create an entity that "changes" if the service and/or lost field changes.
The definition of that field would be something like:
doc['servicel'].value + '| ' + doc['host'].value + '|' + doc['lost'].value
(ymmv, didn't test this syntax on real-data).
Then, do a term-aggregation on this script-field, and use top-hits to keep values of the "first" document (you're not interested in later documents if the "lost" field doesn't change).
To create that table, in the "Data-table" visualization in Kibana
- select that new "script field" with the concatenation as your term in in the Bucket-configuration (split rows > Terms). That's the "pivot" of your entity.
- Then, for "Metrics" , create a top-hits metric for each of the "time", "service", "hostname", "received", "recovered", and "lost" fields.