something like this might get you close:
index="_internal" sourcetype="scheduler" alert_actions=email
| eval scheduled=strftime(scheduled_time, "%Y-%m-%d %H:%M:%S")
| eval dispatch_time=strftime(dispatch_time, "%Y-%m-%d %H:%M:%S")
| stats values(scheduled) as scheduled
values(dispatch_time) as dispatched
values(host) as host
values(status) as status
values(run_time) as run_time
values(result_count) as result_count
values(sid) as sid
by _time,savedsearch_name | sort -scheduled
