You'd have to doublecheck the command options but I would maybe look at the transaction command which will output a new field called duration

... | transation clientip startswith=<page1> endswith=<page2> 

Depending on data volume and Splunk version transaction may run slower than doing other commands (at least it feels like it runs faster in 6.2.2 from our last version 6.1.3 or maybe just our first version 5.0 - I know I'm not growing any more patient as I age 😃

At any rate you could get the same effect with stats and maybe more speed. One thing you lose in stats vs transaction though is in transaction to can set the max time for each event which may or may not be a big deal but could help account for reuse of an IP during the course of a day or whatever timeframe you are searching across (think user at some McDonalds wifi).

sourcetype = iis uri=<page1> OR uri=<page2>  | stats max(_time) as second_page min(_time) as first_page by clientip | eval delta = second_page - first_page

One thing to remember is Splunk searches in reverse chronological order and time is stored in numeric format (epoch) which is why max (or using first() ) is the second page and min (or using last() ) is the first page. If there are spaces or major delimiters before and behind the uri page deal you could probably make this faster still by dropping the fields and using TERM()

sourcetype=iis TERM(<page1>) OR TERM(<page2>) | stats max(_time) as second_page min(_time) as first_page by clientip | eval delta = second_page - first_page