index=GenericHostName host=GenericServerName process="GenericServiceName" | fields _time, host, PID, process, source, pctCPU | fields - _raw
Just add this:
... | stats first(_time) AS first_time last(_time) AS last_time avg(pctCPU) count BY process PID source
not exactly looking for the number of times a process (GenericServiceName) occurs in a certain time period (30 days)
index=GenericHostName host=GenericServerName process="GenericServiceName"
Thank you for your help
I am not at all clear on what you need or what is wrong with my answer but it might be better if you remove the source
in my answer.