display first column against nth column

janhvi23 · ‎05-28-2023

Hello All,

I have a log file which looks like below and I want to display in Time against the segment size
(where first column which is date and the column "SEGSZ" column value against time.)

can anyone help me with a query.

T ID KEY MODE OWNER GROUP CREATOR CGROUP NATTCH SEGSZ CPID LPID ATIME DTIME CTIME
28-05-2023 00:00:00 AM;IPC status from <running system> as of Sun May 28 00:00:02 MEST 2023
m 16779859 0 --rw------- prxm2 tuxedo prxm2 tuxedo 3 1472 57944 57954 2:12:42 2:12:42 2:12:42
28-05-2023 00:00:00 AM;Shared Memory:
m 16779801 0 --rw------- prxm2 tuxedo prxm2 tuxedo 365 156068 57942 60092 4:00:42 4:00:42 2:12:42
28-05-2023 00:00:00 AM;m 16779844 0 --rw------- prxm2 tuxedo prxm2 tuxedo 16 4592 57943 60483 6:00:01 6:00:01 2:12:42
m 16779771 0 --rw------- prxm2 tuxedo prxm2 tuxedo 3 6152 57940 57950 2:12:42 2:12:42 2:12:42
28-05-2023 00:00:00 AM;m 16779786 0 --rw------- prxm2 tuxedo prxm2 tuxedo 3 1472 57941 57951 2:12:42 2:12:42 2:12:42
m 16779639 0 --rw------- prxm2 tuxedo prxm2 tuxedo 2 443769 57604 57719 2:12:39 no-entry 2:12:36
28-05-2023 00:00:00 AM;m 16779640 0 --rw------- prxm2 tuxedo prxm2 tuxedo 2 1048576 57604 57719 2:12:39 no-entry 2:12:36
m 16779465 0 --rw------- prxm2 tuxedo prxm2 tuxedo 2 1048576 57289 57447 2:12:33 no-entry 2:12:30

display first column against nth column

proactive Splunk component monitoring

.conf25 Global Broadcast: Don’t Miss a Moment

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Are you a member of the Splunk Community?

display first column against nth column

proactive Splunk component monitoring

.conf25 Global Broadcast: Don’t Miss a Moment

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025