I have a file, say abc.csv, which I indexed once having events a b c , then i indexed it again after some days updating it, having events a b c d, again i indexed it at some point of time, having events a c and again then i uploaded it having events a b c.

My desired output  
date 2- d

date 3- c

date 4- same

Try this search to check when is indexed an event

index=<your index>
| eventstats count by _raw
| where count=1
| table source _indextime _raw

This solution only compares the last and latest ones.. can u give something which compares the latest to all the previous ones. 
Regards 

Hi @akankshayadav 

this search compares the previous event data to the last event data based on your timerange

| 
stats min(_indextime) as min_indextime max(_indextime) as max_indextime | convert ctime(min_indextime) ctime(max_indextime)

sir can u please elaborate the code , how to frame it properly

Hi @akankshayadav 

please describe how you would like the  output search.

index= <your index>
| stats values(_indextime) as indextime by _raw | convert ctime(indextime)

This solution gives  _raw  present in all the versions. Not the event which is different.

ok now you can expand your indextime field

index= <your index>
| stats values(_indextime) as indextime by _raw | convert ctime(indextime)
| mvexpand idextime 
| table idextime _raw