get difference of 3rd and 2nd row - Splunk Community

Reporting

Hi,

I was trying to get the difference of 2nd and 3rd row and display it as 4th status value, below is my search

index = prod_e2 sourcetype=prod_csv type="n"
| dedup order
| stats count
| eval status = "first"
| append [search index=prod_e2 sourcetype=prod_csv type="n" and desc="2"
|dedup order
|stats count
| eval status="submit"
|table status count]
| append [search (index= prod_e2 sourcetype=prod_csv type="n" and stat_desc="2" and order_num !="0" ) or
(index = prod_e2 sourcetype=prod_csv)
| dedup order
| stats count
| eval status = "created"
| table status count]

I was able to get it as

status count
first 20
submit 10
created 50

but I want it as

status count
first 20
submit 10
created 50
difference 40

| transpose 0
| eval "row 4"='row 3'-'row 2'
| eval "row 4"=if(isnull('row 4'),"difference",'row 4')
| transpose 0 header_field=column
| fields status count

Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

Unleash the power of Splunk Observability Watch Now In this can't miss Tech Talk! The Splunk Growth ...