Regular expression and aggregate the result

Assume the following records: Nov 17 19:24:51 x.x.x.x Nov 17 19:24:51 myserver (appx): 1510943091.801 520 192.168.0.5 CONNECT something else Nov 17 19:24:51 x.x.x.x Nov 17 19:24:51 myserver (appx): 1510943091.801 1040 192.168.0.5 CONNECT something else The above record is a modied squid log and i'd like to get the average response time, in this case it's the value of **520 and 1040** My query: myserver | rex field=_raw "appx\):\s+\d+\.\d+\s+(?\s+\d+)" | convert num(TIME) | stats avg(TIME) Somehow the avg aggregate returns nothing but using the min/max aggregate returns a value. Whats wrong with the query? Thanks..