hi all,
With your previous suggestion i can able to create a parameter like in field3,but i want field pass and fail should get calculated like below.

Need your help!

field1 field2 field3 pass fail
Orange 10 10 10 0
apple 9 10 9 1
potato 7 10 7 3

Pass or fail based on what and how?

Pass = field3-field2
fail = field2-field3

Did you try |eval Pass=field3-field2|eval Fail=Field2-Field2 ?

yes i did Ranjith, but unfortunately im getting result for only one row not for all rows..Actually i'm struck here..

field1 field2 field3 pass fail
Orange 10 10 10 0
apple 9 10
potato 7 10

How to make this calculations happen to all rows?

what i'm trying to do here is:
step1: i will check for field1 value..if it is orange
step2: fetch the corresponding value in field2..here the value is 10
step3: Assign this value to abc..such that abc=10
step4: eval new field pass =field2-abc..if it is equal to zero then value =abc else
step5: eval new field fail - gives the difference and provide me the difference.

Try this

your search
|eval field3=if(field1=="Orange",field2,"")|eventstats values(field3) as field3
|eval field3=mvindex(field3,1)|eval status=if(field2==field3,field2,(field2-field3))
|table sourcetype field2 field3 status

Or

   your search
    |eval field3=if(field1=="Orange",field2,"")|eventstats values(field3) as field3
    |eval field3=mvindex(field3,1)|eval status=if(field2==field3,"Pass (".field2.")","Fail (".(field2-field3).")")
    |table sourcetype field2 field3 status

OR

Your search
|eval field3=if(field1=="Orange",field2,"")|eventstats values(field3) as field3
|eval field3=mvindex(field3,1)|eval pass=if(field2==field3,field2,"")|eval fail=if(field2==field3,"",(field2-field3))
|table sourcetype field2 field3 pass fail

will you be able to explain me why we need to use mvindex here after assigning values(field3) as field3 ?

Because in eventstats we are taking values(field3) which is a list includes "" and value. To get the value from a multivalue field we use mvindex
http://docs.splunk.com/Documentation/Splunk/6.2.0/Search/Parsemultivaluefields

Hi,
also here if i want to save the value of field2 corresponding to filed1 value orange say here is 10 as another variable abc..how can i do that?

Have you tried the search posted by me?

yes it is working for me..thx

thx Mr renjith.nair you are right

thanks for your reply:
Here im trying to create another field3
as per your suggestion im getting output like
field1 field2 field3
Orange 10 10
apple 12 12
potato 13 13

but i would like to have result as below:
field1 field2 field3
Orange 10 10
apple 12 10
potato 13 10

Hi, so assuming you want to set the value of field3 in ALL your events to be field2 when field1 matches Orange, this is what I would do:

| inputcsv mycsv.csv
| join type=left [
   | inputcsv mycsv.csv
   | search field1 = "Orange"
   | eval fieldNEW = field2
   | fields fieldNEW
]
| eval field3 = fieldNEW
| fields - fieldNEW

mycsv.csv is just a csv matching the content of your table:

field1  field2  field3
Orange  10  11
apple   12  12
potato  13  13

And the query returns the following:

field1  field2  field3
Orange  10  10
apple   12  10
potato  13  10