Hello @zmmt,

Convert your timestamps to epoch objects using strptime().

Then you can easily calculate the time difference in seconds:

| makeresults count=1 | fields - _time
| eval Previous_Time="2018-12-26T09:36:32.959975900Z"
| eval New_Time="2018-12-26T09:36:32.959000000Z"
| eval Previous_Time_Epoch=strptime(Previous_Time,"%Y-%m-%dT%H:%M:%S.%9N")
| eval New_Time_Epoch=strptime(New_Time,"%Y-%m-%dT%H:%M:%S.%9N")
| eval diff=abs(New_Time_Epoch-Previous_Time_Epoch)

The result for your sample event is:

 Previous_Time_Epoch    New_Time_Epoch        diff
 1545816992.959975      1545816992.959000     0.000975

And now filter for:

| search diff>60

I'm not sure though what the "Z" in your timestamps stands for.