Starting with this:
index=* smtp sourcetype="""""""" email="*" date_month=june
I tried date_month=may AND june and it did not work. I need this:
index=* smtp sourcetype="""""""" email="*" date_month=may
| table _time sourcetype email src det count src_tags
| stats count by _time sourcetype src det email
And:
index=* smtp sourcetype="""""""" email="*" date_month=june
| table _time sourcetype email src det count src_tags
| stats count by _time sourcetype src det email
Do I use a I use the join command? Can you provide an example.
... View more