Hi @mm12,

you have to categorize your data, using eval, something like this:

your_search
| eval period=case(_time<60,"1",_time<300,"2",_time<1500,"3")
| stats 
 avg(eval(if(_time<60,vmstat_metric.loadAvg,"") AS vmstat_metric.loadAvg_1m 
 avg(eval(if(_time<300,vmstat_metric.loadAvg,"") AS vmstat_metric.loadAvg_5m 
 avg(eval(if(_time<1500,vmstat_metric.loadAvg,"") AS vmstat_metric.loadAvg_15m

Ciao.

Giuseppe