1 Solution
Streamstats is your friend here.
This is what I would do:
| streamstats count as ID by TXName
| sort -limit=0 -ID
| eval ValueForDiff = if(ID=1, -Value, Value)
| eventstats sum(ValueForDiff) as DiffValue by TXName
| eval DiffValue = if(ID=1, null(), DiffValue)
Example (mycsv.csv contains the table you mentioned in your question):
| inputcsv mycsv.csv
| streamstats count as ID by TXName
| sort -limit=0 -ID
| eval ValueForDiff = if(ID=1, -Value, Value)
| eventstats sum(ValueForDiff) as DiffValue by TXName
| eval DiffValue = if(ID=1, null(), DiffValue)
| table TXName, Period, Value, DiffValue
| sort -limit=0 TXName, Period
Output (see picture):
Streamstats is your friend here.
This is what I would do:
| streamstats count as ID by TXName
| sort -limit=0 -ID
| eval ValueForDiff = if(ID=1, -Value, Value)
| eventstats sum(ValueForDiff) as DiffValue by TXName
| eval DiffValue = if(ID=1, null(), DiffValue)
Example (mycsv.csv contains the table you mentioned in your question):
| inputcsv mycsv.csv
| streamstats count as ID by TXName
| sort -limit=0 -ID
| eval ValueForDiff = if(ID=1, -Value, Value)
| eventstats sum(ValueForDiff) as DiffValue by TXName
| eval DiffValue = if(ID=1, null(), DiffValue)
| table TXName, Period, Value, DiffValue
| sort -limit=0 TXName, Period
Output (see picture):
