@woodcock, line 17 is missing comma after 50

| eval kpidns=case(time_request >=2 , 50,

Fair enough; fixed now (re-edit).

thanks, but the problem is that the resulting kpign field does not appear

@medveleyenet, what are you seeing right not. Does your search result say No results found or something else. Above query by @woodcock has default case to set a specific field value to 0 in case none of the conditions are matched. Which implies as far as you get results after | dedup KPI you should see "Networking health" (worst case is 0). Following is run anywhere search where you can set test conditions using eval. Following will result in 0 since none of the conditions are set.

| makeresults
 | eval kpica=case(ClientesActivos <=15000, 90, 
                   ClientesActivos >=15001 AND ClientesActivos <=16999, 100,
                   ClientesActivos >=17000,90,
                   true(), 0)
 | eval kpicc=case(ConexionesConcurrentes <=300000, 90,
                   ConexionesConcurrentes >=300001 AND ConexionesConcurrentes <=1799999, 100,
                   ConexionesConcurrentes >=180000,90,
                   true(), 0)
 | eval Vel=E_speed/1048576
 | eval kpivl=case(Vel <=5 , 50,
                   Vel >=5.1 AND Vel <=15, 60,
                   Vel >=15.1 AND Vel <=19.99 , 70,
                   Vel >=20, 100,
                   true(), 0)
 | eval kpidns=case(time_request >=2 , 50,
                    time_request <=1.99 AND time_request >=1.01, 70,
                    time_request <=1 AND time_request >=0.8 , 90,
                    time_request <0.8, 100,
                    true(), 0)
 | eval kpign= (kpica+kpicc+kpivl+kpidns)/4
 | stats avg(kpign) as "Networking health"

If your issue is something else, you will have to provide sample for each field. I noticed you are performing a dedup on KPI but the same is not used anywhere.

There are 3 reasons for your sum to fail:

1) One (or more) of the fields has no value. I have solved this for you with my answer.
2) One (or more) of the fields is not a number ( NaN ).
3) One (or more) of the fields is multi-valued. This is a whole other matter, entirely.

To test, use my existing answer but add this line just above the eval kpign line:

| mvexpand kpica | mvexpand kpicc| mvexpand kpivl | mvexpand kpidns

and change the eval kpign line to this:

| eval kpign= (tonumber(kpica)+tonumber(kpicc)+tonumber(kpivl)+tonumber(kpidns))/4

tranks, whit the first answer i can sum the the fields but some result is 0 and modify the final result of the sentence eval kpign=(kpicc + kpica +kpivl + kpidns)/4

Well there you go; set an appropriate default value for the operands ( other than 0 ) and then you are done.

Following @niketnillay, are all of your evaluated fields coming through except login with your current query? Are any missing? If you're in verbose mode, you can check for these fields on the left hand side of the events, otherwise you can add a |fields kpign kpica kpicc kpivl kpidns Vel

i need sum the fields kpicc, kpivl, kpidns and kipca but field "kpign" don,t appears