Hi all,

I want to find the difference between two values (values.in65To127OctetFrames).

My data is like below.

{"name":"ethernet_counter","timestamp":1717838243109,"tags":{"interface_name":"Ethernet48","source":"sri-devgrp-prert00","subscription-name":"ethernet_counter"},"values":{"in65To127OctetFrames":2922198453881}}

{"name":"ethernet_counter","timestamp":1717837943109,"tags":{"interface_name":"Ethernet48","source":"sri-devgrp-prert00","subscription-name":"ethernet_counter"},"values":{"in65To127OctetFrames":2922102453899}}

{"name":"ethernet_counter","timestamp":1717837643345,"tags":{"interface_name":"Ethernet48","source":"sri-devgrp-prert00","subscription-name":"ethernet_counter"},"values":{"in65To127OctetFrames":2922006507704}}

I tried the following SPL, but I received "Error in 'EvalCommand': Type checking failed. '-' only takes numbers.".

index=gnmi name=ethernet_counter tags.source=sri-devgrp-prert00 earliest=06/08/2024:08:00:00 latest=06/08/2024:09:22:00
| sort _time
| streamstats current=f last(values.in65To127OctetFrames) as previous_value by tags.interface_name
| eval value_diff = values.in65To127OctetFrames - previous_value
| table _time tags.interface_name value_diff

I am very new to splunk. Could someone help me to write a proper SPL?

Many thanks,

Kenji