index="my_index" sourcetype="version"
| stats count(deviceId) as countDevicesPerVersion by version
| eval PercentagesPerVersion=round((countDevicesPerVersion*100)/1152,2)
| rex field=version "(?<generation>\w\d)"
| table version, PercentagesPerVersion, generation
| eventstats max(PercentagesPerVersion) as max_perc values(generation) as gen by generation
| where gen=generation AND max_perc=PercentagesPerVersion
| eval versionNumber=replace(version,"R", "")
| sort - versionNumber
| fields - versionNumber gen max_perc
| table version PercentagesPerVersion
eventstats is useful.
