Hi @romoc, I tried to simulate your case, I index the sample data you gave since there are key pair value which splunk will auto extract for you in search time , i dont need to manually extract it. So I run my search index="test" sourcetype="test2" source="/home/Documents/test2.txt" |chart values(ROW_COUNT) over TABLE_NAME by DB_NAME |eval REC_DIFF=x-y|table TABLE_NAME x y REC_DIFF and it works 🙂 note: I use the "*" on my first answer inside the table so i twill show all the values under DB_NAME in order also values are not static. ... View more

Thanks niketnilay - looks like it's what we were looking for. I will be working on get it implemented. ... View more