Hi,
In my opinion, your current timeseries query correctly filters by average duration, but it can’t detect degradation over time or enforce “X times per day” conditions.

To do that, you need to:

aggregate per day

compare first vs last daily averages for degradation

apply the count per day threshold

This requires a log-based summarize approach, not just a single timeseries.

Try this:

fetch logs
| filter isNotNull(totalSecs)

| fieldsAdd
    duration = toDouble(totalSecs),
    day = formatTimestamp(timestamp, format:"yyyy-MM-dd")

| summarize
    avg_duration = avg(duration),
    first_seen   = min(duration),
    last_seen    = max(duration),
    per_day      = count(),
    by:{operation, day}

| summarize
    avg_duration = avg(avg_duration),
    total_count  = sum(per_day),
    first_seen   = min(first_seen),
    last_seen    = max(last_seen),
    by:{operation}

| fieldsAdd
    degraded = last_seen > first_seen

| filter degraded == true
| filter avg_duration > 2
| filter total_count > 10

This requires a log-based summarize approach, not just a single timeseries.