Try like this
(index=iks) "Procces started" OR "Procces finished"
| eval type=if(searchmatch("Procces started"),"Process_Started","Process_Finished")
| timechart count span=1d by type
| eval differenc=Process_Started-Process_Finished
Try like this
(index=iks) "Procces started" OR "Procces finished"
| eval type=if(searchmatch("Procces started"),"Process_Started","Process_Finished")
| timechart count span=1d by type
| eval differenc=Process_Started-Process_Finished