You cannot do maths at index time, you're limited to regular expressions.

ok but problem is that i will use this field many times in dashboards and it's alot of data So execute this search command each time will make reports and dashboard slow

i would like to get difference between two fields not summation
and also this events is transaction
so i need to get difference between events in same transaction

Another addition; if this is really in a Splunk transaction event, it will not work with delta nor streamstats. Both commands do their thing event based:

 For each event where field is a number, the delta command computes the difference, in search order, between the field value for the event and the field value for the previous event. The delta command writes this difference into newfield

The same is with streamstats ....

but below example from search referance delta examples and contain same example that i can use
sourcetype=access_* | transaction JSESSIONID clientip startswith="view" endswith="purchase" | delta _time AS timeDelta p=1 | eval timeDelta=abs(timeDelta) | eval timeDelta=tostring(timeDelta,"duration")

Yes, if your after transaction event has a single value field which can be used with delta it will work....But you have a transaction with a multi value field called sum and this cannot be used in delta .....

Sorry my bad, I'm still a bit sleepy 😉 BTW your question states it's two events and not one transaction event.