Events are looked like:

2/4/2014 00:00:01 –Something else
2/4/2014 04:00:01 – Restarted
2/4/2014 05:59:59  - Something else
2/4/2014 08:59:59  - Something else
2/4/2014 10:00:01 – Paused
2/4/2014 13:59:59  - Something else
2/4/2014 13:59:59  - Something else
2/4/2014 14:00:01 – Restarted
2/4/2014 15:59:59  - Something else
2/4/2014 16:59:59  - Something else
2/4/2014 17:00:01 – Paused
2/4/2014 18:59:59  - Something else
2/4/2014 19:59:59  - Something else
2/4/2014 20:00:01 – Restarted
2/4/2014 23:59:59  - Something else


2/5/2014 00:00:01 –Something else
2/5/2014 04:00:01 – Paused
2/5/2014 05:59:59  - Something else
2/5/2014 08:59:59  - Something else 
2/5/2014 13:59:59  - Something else
2/5/2014 13:59:59  - Something else
2/5/2014 14:00:01 – Restarted
2/5/2014 15:59:59  - Something else
2/5/2014 16:59:59  - Something else
2/5/2014 17:00:01 – Paused
2/5/2014 18:59:59  - Something else
2/5/2014 19:59:59  - Something else
2/5/2014 20:00:01 – Restarted
2/5/2014 23:59:59  - Something else

And I am trying to get total paused time by Day.

So, my results would be:

2/4/2014 – 7h

2/5/2014 – 13 h

I tried following but could not get by Day, events with different days are overlapping.

index=my_index earliest=-2d ("Paused" OR "Restarted")| eval Day=strftime(_time,"%Y-%m-%d")| transaction startswith="Paused" endswith="Restarted" | stats sum(duration) as PausedTime by Day