There's no need to use variables, like $e, in UDM stats searches. Those are only used in YARA-L rules today. Removing that will make it a valid query.

-mike

UDM stats search is slightly different from UDM search (w/o stats). Here are some examples that might help

https://cloud.google.com/chronicle/docs/investigation/statistics-aggregations-in-udm-search

Thanks, Mike

But still getting same error:

ERROR: Search has encountered an error and could not load data. Please try again, and contact support if this error continues.

Can you try some other simpler UDM stats search like below to verify that the feature is working : 

  target.ip != ""

  match:

    principal.ip

  outcome:

    $min_seconds = min(metadata.event_timestamp.seconds)

  target.ip != ""

  match:

    principal.ip

  outcome:

    $min_seconds = min(metadata.event_timestamp.seconds)

Still getting the same error.

I think, udm state serach is not enabled that's why getting this issue. How can I confirm that this is enable or not.

You can share you Hex ID with support team privately (donot share in public forums) and help them confirm 

The search you initially wrote will work even with the event variable $e in it, the key to that is that once you have a UDM field with an event variable, all UDM fields need it, so consistency is key. @mikewilusz search also works but removes the extraneous event variable that can sometimes confuse folks. I agree with your suspicion that the stats search functionality is not enabled in the tenant and request out to the support team should hopefully get that fixed. 

Once you get access, here are a few additional resources to help you get going:

Blogs: 

https://www.googlecloudcommunity.com/gc/Community-Blog/New-to-Google-SecOps-Introducing-Statistical-Search/ba-p/750365

https://www.googlecloudcommunity.com/gc/Community-Blog/New-to-Google-SecOps-Getting-More-From-Statistical-Searches/ba-p/750385

Videos: 

https://www.youtube.com/watch?v=o50ix8vQVIM

https://www.youtube.com/watch?v=7RofNmlarXA