[FEATURE] Support for counting records meeting a condition

[earthling-shruti]

Is your feature request related to a problem?
Currently, counting records that meet a condition requires verbose WHERE clause syntax like:

| where statusCode >= 400 and statusCode < 500
| stats count() as Errors by attributes.hostname

This prevents writing complex queries in PPL. For example, in order to get all requests and errors, I need to run multiple queries - the above query, and a second query -

| stats count() as Requests, avg(duration) as Latency by hostname

I'm building an experience in OSD that allows for users to view limited results in the component, and explore more results in Discover. However, since the complex query isn't supported in PPL, I have to pick one of the two queries to prepopulate in Discover.

What solution would you like?
Support counting with inline conditions using syntax like -

| eval statusCode4xx5xx = sum(statusCode >= 400), statusCode5xx = sum(statusCode >= 500), statusCode4xx = statusCode4xx5xx - statusCode5xx

What alternatives have you considered?
Breaking up a complex query into multiple simple queries, using the where clause for conditions.

Do you have any additional context?
No.

[Swiddis]

Done with #3949, albeit with different syntax

[RyanL1997]

Closing due to the merge of #4103