I have mail processing log lines I need to combine and report on.
One type of log line contains strings like "cloned from Aggressive", "cloned from "Blocklist", etc.
Another type of log line contains a field "classification=" This field has values like "Zero-Hour", "Spam-Clean, Spam-Confirmed", "Passed", etc.
The various needed log lines do not share a common field name.
I need a report that combines all these disparate data, to show a stacked column of all email, colored as to its classification and "cloned from" counts by time interval.
I can get a report on classifications, but it drops the other two types of data. I can get a report on the other types of data (separately), but they drop the classification type, and so on.
How do I formulate the search/report to combine all these into a single chart?
... View more