Answers for "How to evaluate an arithmetic difference between two consecutive events"
https://answers.splunk.com/answers/6554/how-to-evaluate-an-arithmetic-difference-between-two-consecutive-events.html
The latest answers for the question "How to evaluate an arithmetic difference between two consecutive events"Answer by dwaddle
https://answers.splunk.com/answering/6555/view.html
<p>Have you tried the "delta" search operator? </p>
<p><a href="http://www.splunk.com/base/Documentation/latest/SearchReference/Delta" rel="nofollow">http://www.splunk.com/base/Documentation/latest/SearchReference/Delta</a></p>
<p>Delta will find the different between the same extracted field in consecutive events. You will probably need to define field extractions for your fields in order to be able to use delta against them.</p>Wed, 08 Sep 2010 21:50:13 GMTdwaddle