| makeresults count=2
| streamstats count
| eval _time = if (count==2,relative_time(_time,"-1d@m"), relative_time(_time,"@m"))
| makecontinuous span=1m
| eval per_cpu=random() % 5 + 40
| table _time per_cpu
`comment("this is sample data")`
| streamstats reset_after="per_cpu>40" count
| streamstats count(eval(per_cpu<=40)) as check_count
| eval check = if(per_cpu > 40 ,1,0)
| stats range(eval(if(check==1 AND count > 0,_time , NULL))) as duration  by check_count
| stats sum(duration) as total_duration
| eval total_duration=tostring(total_duration,"duration")

HI, how about it?