Hello Splunk Community, I am kind of beginner in Splunk. Need help on a scenario I have below example logs   2020-08-20 08:52:46, 760 XYZ_Processor/1.1.0 Application Process Completed 2020-08-20 08:51:46, 760 XYZ_Processor/1.1.0 Random logs 2020-08-20 08:50:46, 760 XYZ_Processor/1.1.0 Random logs 2020-08-20 08:47:46, 760 XYZ_Processor/1.1.0 Application Process Id generated : 23232 2020-08-20 08:40:46, 760 XYZ_Processor/1.1.0 Application Process Completed 2020-08-20 08:39:46, 760 XYZ_Processor/1.1.0 Random logs 2020-08-20 08:38:46, 760 XYZ_Processor/1.1.0 Random logs 2020-08-20 08:37:46, 760 XYZ_Processor/1.1.0 Application Process Id generated : 42343   I want below results PID                     START_TIME                          END_TIME                             TIME_TAKEN 42343        2020-08-20 08:37:46      2020-08-20 08:40:46                   03:00:00 23232        2020-08-20 08:47:46      2020-08-20 08:52:46                   05:00:00   Could anyone help in this? I have to add PID as first field from the logs and print in first column and then start time and end time of the process and then the time taken. Thank you in advance. ... View more