How to compute a cumulative count over any interval grouped by multiple fields.

First, note that it is not as simple as something like

timestats count:count(1), group_by(deviceId)

because this does not take into account intervals. Instead, you should use timechart, which does take into account intervals.

Here is an example of computing the cumulative count of an interval grouped by two hypothetical fields, updateDate and metadataUpdateDate.

make_col rank : window(dense_rank(), group_by(updatedDate, metadataUpdatedDate)) 
timechart max(rank), group_by(updatedDate, metadataUpdatedDate)"

Note that the first line for make_col rank is necessary because it creates the new column the timechart is computing the max over. Your dataset may not already have the rank column, so you will need to run the make_col rank command first.

Take care to note that there is no explicit cumulative function.