Looking for a bit of advice on how to pull this one off.

What i'm trying to do is take some data, that also has a flag evaled into every event and work out the median only where that condition is true.

Short of a sub query, which I'm avoiding venturing into I'm pretty stuck on ideas.
Example data:

_time       Reconnections       CSW     SpeedUpperLimit     MedianDSRate        SpeedLowerLimit     PSW     ddDLMReconnection   
2018-01-01  2   2   14904   14404   13404   100.00 %    1
2018-01-02  2   2   14904   14404   13404   100.00 %    1
2018-01-03  2   2   14904   14404   13404   100.00 %    0
2018-01-04  6   5   14904   14404   13404   83.33 % 0 

This is based on the following query:

| search PACKET_TYPE=ACCESS-ACCEPT OR PACKET_TYPE=STOP | reverse |streamstats current=f Last(_time) as Last_Time |reverse | eval TimeBetweenSession = abs(_time-Last_Time) | bucket span=1d _time |  eval ReconnectionType = if(TimeBetweenSession >= $dlmsecmin$ AND TimeBetweenSession <= $dlmsecmax$, "DLM Related Resync", ReconnectionType) | eventstats median(DSL_DSRATE) AS M by _time | eval FixedLogicFlag=if(M<15000, 1, 0) |eval ReportError = if(isnull(DSL_DSRATE) OR DSL_DSRATE="", "True", "False") | eval SRU = if(FixedLogicFlag == 1,M + 500,M *1.03) | eval SRL = if(FixedLogicFlag == 1,M -1000,M *0.92)  | stats first(ReportError) AS ReportError first(FixedLogicFlag) AS FixedLogicFlag count(DSL_DSRATE) AS Reconnections count(eval( ReconnectionType == "DLM Related Resync")) AS ddDLMReconnection first(SRU) as SpeedUpperLimit median(DSL_DSRATE) AS MedianDSRate  first(SRL) as SpeedLowerLimit  count(eval(DSL_DSRATE>=SRL AND DSL_DSRATE<= SRU)) AS CSW  by  _time | eval PSW = (CSW/Reconnections) * 100 |eval Logic Outcome = if(ReportError == "True", "Inconclusive (Reporting Error)", if(Reconnections>=10,if(PSW>82, "Inconclusive", "Truckroll"),"Inconclusive(Low Reauths)")) | table _time Reconnections  CSW SpeedUpperLimit MedianDSRate SpeedLowerLimit PSW   "Logic Outcome" ddDLMReconnection