https://community.splunk.com/t5/Getting-Data-In/How-can-I-compare-values-from-the-same-field-at-different/m-p/433993#M75826 <P>Hi @slipinski,</P> <P>You could use <CODE>delta</CODE> command if you want difference between continuous events</P> <PRE><CODE>e.g. "your search"|delta GC as diff | filnull value=0 </CODE></PRE> <P>Used this to extract the field, <CODE>base search | rex field=_raw "^(?:[^ \n]* ){6}(?P&lt;GC&gt;\d+)" |table GC</CODE></P> Tue, 10 Jul 2018 15:08:19 GMT renjith_nair 2018-07-10T15:08:19Z https://community.splunk.com/t5/Getting-Data-In/How-can-I-compare-values-from-the-same-field-at-different/m-p/433992#M75825 <P>I trying to create a graph which will be display difference beetwen values at different time. <BR /> "2018-07-10 15:37:16,395 Mem: 683 MB GC: 436 GCT: 11475 ms"<BR /> 2018-07-10 15:36:16,395 Mem: 625 MB GC: 434 GCT: 11430 ms"<BR /> "2018-07-10 15:35:16,395 Mem: 868 MB GC: 431 GCT: 11365 ms"</P> <P>I would like to create a graph with GC difeferences .i.e last minute=2, 2 minutes ago=3 and so on.<BR /> Any advice?</P> <P>Thanks</P> <P>Szymon</P> Tue, 10 Jul 2018 13:46:23 GMT https://community.splunk.com/t5/Getting-Data-In/How-can-I-compare-values-from-the-same-field-at-different/m-p/433992#M75825 slipinski 2018-07-10T13:46:23Z https://community.splunk.com/t5/Getting-Data-In/How-can-I-compare-values-from-the-same-field-at-different/m-p/433993#M75826 <P>Hi @slipinski,</P> <P>You could use <CODE>delta</CODE> command if you want difference between continuous events</P> <PRE><CODE>e.g. "your search"|delta GC as diff | filnull value=0 </CODE></PRE> <P>Used this to extract the field, <CODE>base search | rex field=_raw "^(?:[^ \n]* ){6}(?P&lt;GC&gt;\d+)" |table GC</CODE></P> Tue, 10 Jul 2018 15:08:19 GMT https://community.splunk.com/t5/Getting-Data-In/How-can-I-compare-values-from-the-same-field-at-different/m-p/433993#M75826 renjith_nair 2018-07-10T15:08:19Z