Hi, I have some single string log statements looking like the following:   INFO ControllerNameHere f1d46561-b382-4685-9d7a-ebd76f40c355 EXT | <action> | Time 80   I want to make a query that groups the <action> types and then calculates the min, max and avg of the Time part of the string. So far i have had success with average:   index=my_index* host=hostName EXT | rex field=_raw "(EXT \| )(?<CategoryString>.+)( \| Time)" | rex field=_raw "(\| Time)(?<TimeValue>.+)" | stats mean(TimeValue) BY CategoryString   which returns the mean value of all entries. The data foundation of the query looks like: All is grouped by 4 actions per one request, meaning that the first action: has the following values: 80, 45, 71, 63, 458. When i then run the above query i get a correct result with mean: But when switching to e.g. max, i get a maximum value of 80. which seems wrong, however it corresponds to the latest value. What am i missing here?   ... View more