Firstly, small technical remark - if you post a search, include it as a code block or a preformatted paragraph - it's easier to read.

But to the point.

There are some things that shouldn't be happening here 😉

index=... 
| table _time EXECUTION_NAME STATUS EXECUTION_ID Stage Environment source
| dedup EXECUTION_ID
| chart count(EXECUTION_ID) as Workflows_Triggered by Environment,STATUS

1. Don't table too early. Table is a transforming command which means that it will move the processing pipeline to search-heads. It's nice to have it at the end of your search for presentation of the results but in the middle of your search you most probably get better results with fields command which is a distributable streamming commands. (if you want to get rid of _raw, just do "| fields - _raw").

2. Your thinking is wrong here. You do a dedup EXECUTION_ID which means that you'll get only the first encountered event with given EXECUTION_ID regardless of other fields. If your events always contain the same Environment and STATUS fields, it could be OK, but otherwise out of every possible combination of Environment and STATUS values you'll only count your EXECUTION_ID into on of those groups. That's most probably not what you meant.

You only get your EXECUTION_ID counted for a single _first encountered_ (which does not have to be the earliest! typically search results are given in reverse chronological order) combination of Environment STATUS (and other fields as well). So if you resort your data, you might pick another event from deduping.

A run-anywhere example to show what I mean

| makeresults count=60
| streamstats count
| eval _time=_time-count 
| eval field1=count % 5
| eval field2=count % 4
| eval field3=count % 3
| fields - count
| sort - _time
| dedup field1

If you cut the search before the dedup, you'll see that you have every possible combination of (0-4), (0-3) and (0-2) ranges. But if you dedup it on one of the fields you'll only get some combinations in results.