Great!! Your final answer fixes everything - thanks!

Almost there. I found a way to add the correct total for each column with another appendcols but noticed that the final totals were lost - with the |appendpipe [stats avg(* ) as *]

Here's what I have now but missing the final totals:

index=
| bucket _time span=1d

|convert ctime(_time) AS date timeformat="%Y/%m/%d"
| stats count by host date
| appendpipe [| stats avg(count) as count by host | eval date="Host Avg" ]
| xyseries host date count
| appendcols [search index=
| stats count as "Total Count" by host ]
| appendpipe [stats avg(* ) as *]

It would be better (efficient) to just add following after addtotals and before last appendpipe. (to avoid querying the host data again.

| eval Total=Total-'Host Avg'

Full search

index=*
| bucket _time span=1d 
|convert ctime(_time) AS date timeformat="%Y/%m/%d" 
| stats count by host date 
| appendpipe [| stats avg(count) as count by host | eval date="Host Avg" ]
| xyseries host date count
| addtotals | eval Total=Total-'Host Avg'
| appendpipe [stats avg(*) as * ]

Would there be a way to round the final totals from using [stats avg(*) as * ] ?

Of course 🙂

 index=*
 | bucket _time span=1d 
 |convert ctime(_time) AS date timeformat="%Y/%m/%d" 
 | stats count by host date 
 | appendpipe [| stats avg(count) as count by host | eval date="Host Avg" ]
 | xyseries host date count
 | addtotals | eval Total=Total-'Host Avg'
 | appendpipe [stats avg(*) as * | foreach * [eval "<<FIELD>>"=round('<<FIELD>>') ] ]

Wowzers! That's something I've never seen or heard of before ... you're awesome!

Glad to be of help. If there are no follow-up questions, you can close the question by accepting this answer. I'll update my answer to reflect the final version of search.

.. one small addition if you don't mind .. is there also a way to add a label for the last totals row produced from :
| appendpipe [stats avg(*) as * | foreach * [eval "<>"=round('<>') ] ]

If by label you mean a value of say "Average by Host" (or something similar) on the 'host' field for very last row, yes. Just add this eval after the foreach command.

....
 | appendpipe [stats avg(*) as * | foreach * [eval "<<FIELD>>"=round('<<FIELD>>') ]  | eval host="Average by Host"]

cool - thank you sir!

I see - it's including the avg(count) # into the total count but how can I exclude the avg count from the total?

.. oops .. my fault ... getting results now and the avg. is correct and in a new column but the total column is now showing an incorrect total for the time span for each row.

hmmm .... returns 0 results