Hi All, I am a newbie in Splunk world and looking for some help in structuring my query. I have an index with data like this -       DATE CUST_ID CUST_NAME ITEM_REF CUST_PRICE CUST_DISC 09/04/2020 012341 ERIC N 011111 199.00 0.10 09/04/2020 012342 RUBY N 011112 209.00 0.15 09/04/2020 012343 JULY N 011113 189.00 0.12 09/04/2020 012344 SEAN N 011114 619.00 0.18 09/05/2020 012341 ERIC N 011111 199.00 0.10 09/05/2020 012342 RUBY N 011112 229.00 0.12 09/05/2020 012343 JULY N 011114 139.00 0.19 09/05/2020 012344 SEAN N 011114 619.00 0.18         I am looking to build a query that will show me all the fields that have changed from yesterday (09/04/2020) and today (09/05/2020) based on the CUST_ID. The output will be like this         CUST_ID CUST_NAME ITEM_REF CUST_PRICE CUST_DISC 012342 RUBY N 011112 229.00 0.12 012343 JULY N 011114 139.00 0.19         I tried doing this (got some ideas in this forum) but could only do a comparison for one field (CUST_PRICE) and not for two or more fields based on the cust_id. Is there a way I can show all the mismatched fields? (as shown above as an example)         index="cust_apps" sourcetype=DB earliest=-1d@d latest=now | eval Day=if(_time<relative_time(now(),"@d"),"Yesterday","Today") | chart values(CUST_PRICE) over CUST_ID by Day | where Yesterday!=Today | table CUST_ID Yesterday Today         Please help.   Thanks ... View more