The part you left out (marked base query ) is needed to give you good advice.

Presumably, you are using a timechart to calculate the response_time for each unit of time. that would look perhaps like this

source=my_perf AND (host=A OR host=B OR host=C OR host=D OR host=E)
| fields host response_time
| timechart span=1m avg(response_time) by host

The trick to remember here is that after timechart, the variables are named after the hosts. In this case the records will each look like they came out of this command...

| table _time A B C D E 

...so now, to add a trend for host named A, you need a command like this...

| trendline sma4(A) as A_trend

... and if you want one for each, then you need to repeat that line for each host name in the query.

However, if you want the trend of the average, then we need to do some other magic.

On the one hand, you could use an untable command after the timechart and before the trendline, then calculate the average for each _time, then use xyseries to put them back together. However esoteric and cool that method might be, it seems a bit clumsy. Do that only if you need the average of the host response time averages, rather than an average of all transactions without regard to which host they were processed on.

What I'd do instead, is go back BEFORE the timechart, and duplicate each record with a host name of "Average". That way, the timechart will create a field that calculates the average response time for all transactions across all the hosts.

source=my_perf AND (host=A OR host=B OR host=C OR host=D OR host=E)
| fields host response_time
| eval myfan=mvrange(0,2)
| mvexpand myfan
| eval host=if(myfan=0,host,"Average")
| timechart span=1m avg(response_time) by host
| trendline sma4(Average) as Average_trend