A requirement is to get a list of domains (src_host) with the count of their actions (blocked, delivered) associated with them.
The action field is calculated by the event below
2018-09-26T16:00:09+00:00 x.x.com mail_logs_mail*_push: Info: MID 1966 ICID 2657 To: Rejected by Receiving Control
But the src_host is in the field is in the event
2018-09-26T16:00:08+00:00 x.x.com mail_logs_mail*_push: Info: Info: New SMTP ICID 2657 interface Data_1 (1.1.1.1) address 1.1.1.151 reverse dns host abc.net verified yes
I would like to know how I can correlate the 2 fields without the 'transaction' command and get the results.