@ebs 

Some questions and observations:

• In your example, date has a single value, 2021-05-23, so the 'by date' part of "| stats avg(avg_TPS) as averageTps by date" is redundant as there will be a single result
• You are doing count("TEST.exchange_id") by _time
  • This will just return a count of events that contain that field
    • if you know that all events contain that field, the just count by _time is sufficient
• Try to use the rename part of a stats aggregation - it makes your SPL easier to read, e.g. 
  
  • | eventstats count("TEST.exchangeId") as avg_TPS by _time
  • so you can avoid having to do the subsequent rename
• what is $date$ value - in Splunk, _time variable is an epoch time, not a formatted date string, so your $date$ token would have to be a numeric epoch
• what is your expected results
  • as single value showing average TPS per second for a single day
    • if so, what null values are you trying to fill?

Are you trying to include seconds where there are 0 TPS, in which case you should use timechart instead

| datamodel Test summariesonly=true search
| search "TEST.date"=2021-05-23
| rename "TEST.date" as date
| timechart span=1s count as TPS 
| stats avg(TPS) as averageTps 
| eval averageTps=round(averageTps,3)
| eval date=$date|s$
| fields averageTps date

Note also in your example, where you use eventstats followed by stats

Using eventstats count will end up giving you the wrong result compared to stats count, e.g. if your eventstats count data is

_time, TPS
2021-05-23 08:00:00 5
2021-05-23 08:00:00 5
2021-05-23 08:00:00 5
2021-05-23 08:00:00 5
2021-05-23 08:00:00 5
2021-05-23 08:00:01 2
2021-05-23 08:00:01 2

then stats avg(TPS) will give you 29/7 = 4.143, whereas if you do stats count your data will be

2021-05-23 08:00:00 5
2021-05-23 08:00:01 2

and the stats avg(TPS) will be 3.5

Hope this helps