I have sent a mail. And mail server gives me logs like these.
Feb 27 11:30:11 mail postfix/qmgr[8620]: 24C4C681F19: from=kalam@example.com, size=8814, nrcpt=1 (queue active)
Feb 27 11:30:11 mail postfix/amavis/smtp[50690]: 24C4C681F19: to=salam@example.com, relay=127.0.0.1[127.0.0.1]:10024, delay=2.1, delays=1.2/0.01/0/0.93, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as F3433681F7C)
I want to build a search based on the from address, but do stats on the status (separate counts for deffered, sent, reject etc.). Anyway I could make splunk realize these two events are related?
... View more