There are log entries as seen below. When they are SEPARATE events, the following command works to count the # of occurrences of each type: index.... | stats count by type

type count
png 2
gif 3
pdf 1

But I need to use the transaction command in order to gather other information (like direction: inbound or outbound). Once I do so, via: index..... | transaction host,s,m maxspan=301s | stats count by type

such that it is now ONE EVENT, I get the results below, as if it is counting them distinctly. I want to get the results as above, the actual count of the occurrences of each.
Thanks.

type count
png 1
gif 1
pdf 1

Jun 7 00:50:15 lrdna0n2xepmx10 s=1mb0nj7xyk m=1 mod=mail cmd=attachment file=image006.png type=png
Jun 7 00:50:15 lrdna0n2xepmx10 s=1mb0nj7xyk m=1 mod=mail cmd=attachment file=image007.png type=png
Jun 7 00:50:15 lrdna0n2xepmx10 s=1mb0nj7xyk m=1 mod=mail cmd=attachment file=image009.gif type=gif
Jun 7 00:50:15 lrdna0n2xepmx10 s=1mb0nj7xyk m=1 mod=mail cmd=attachment file=image010.gif type=gif
Jun 7 00:50:15 lrdna0n2xepmx10 s=1mb0nj7xyk m=1 mod=mail cmd=attachment file=image011.gif type=gif
Jun 7 00:50:15 lrdna0n2xepmx10 s=1mb0nj7xyk m=1 mod=mail cmd=attachment file="loan repayment.pdf" type=pdf