for each unique Channel in to resultvalue where Channel=channeltxn* and type=2100
Responsetime ( (time where type=2210 and channel=resultvalue)- ( time where type=2100 and channel=resultvalue)) group by time in hour .
i can get the query for the first search but not aware how to store the value to resultvalue and get inside the loop for comparison. kindly need your help .
Splunk doesn't do loops, searches work differently. Here's an approach, partly in pseudo-SPL:
| inputlookup your_lookup_here
... format the HH:MM:SS time into actual epoch values ...
| stats range(epoch_field) as duration values(type) as types by Channel
That will compute the difference between the smallest and largest time for each Channel, assuming each channel has exactly one request and response type. The values() will give you a list of types present for that Channel, mostly for checking/debugging.