Hi, As newcomer to splunk , i have the following ironport log : <38>Sep 22 02:15:35 mail_logs: Info: Message finished MID 3035876 done <38>Sep 22 02:15:35 mail_logs: Info: MID 3035876 quarantined to "Virus" (a/v verdict:VIRAL) <38>Sep 22 02:15:34 mail_logs: Info: MID 3035877 was generated based on MID 3035876 by antivirus <38>Sep 22 02:15:32 mail_logs: Info: MID 3035876 attachment 'Revised=20Order.doc' <38>Sep 22 02:15:32 mail_logs: Info: MID 3035876 antivirus positive 'CXmail/RtfObf-D' <38>Sep 22 02:15:32 mail_logs: Info: MID 3035876 interim AV verdict using Sophos VIRAL <38>Sep 22 02:15:32 mail_logs: Info: MID 3035876 was too big (1456210/1048576) for scanning by CASE <38>Sep 22 02:15:32 mail_logs: Info: MID 3035876 matched all recipients for per-recipient policy DEFAULT in the inbound table <38>Sep 22 02:15:31 mail_logs: Info: MID 3035876 ready 1456210 bytes from <
[email protected]> <38>Sep 22 02:15:31 mail_logs: Info: MID 3035876 Subject 'Revised Order 21-09-20' <38>Sep 22 02:15:31 mail_logs: Info: MID 3035876 Message-ID '<
[email protected]>' <38>Sep 22 02:15:31 mail_logs: Info: MID 3035876 DMARC: Verification passed <38>Sep 22 02:15:31 mail_logs: Info: MID 3035876 DMARC: Message from domain swiftsecuritas.in, DMARC pass (SPF aligned True, DKIM aligned True) <38>Sep 22 02:15:31 mail_logs: Info: MID 3035876 DKIM: pass signature verified (d=swiftsecuritas.in s=73FEA6D0-E5D5-11EA-A7BE-617208D79BCE
[email protected]) <38>Sep 22 02:15:13 mail_logs: Info: MID 3035876 SPF: mailfrom identity
[email protected] Pass (v=spf1) <38>Sep 22 02:15:11 mail_logs: Info: MID 3035876 SPF: helo identity
[email protected] None <38>Sep 22 02:15:11 mail_logs: Info: MID 3035876 ICID 1856276 RID 0 To: <
[email protected]> <38>Sep 22 02:15:11 mail_logs: Info: MID 3035876 ICID 1856276 From: <
[email protected]> <38>Sep 22 02:15:11 mail_logs: Info: Start MID 3035876 ICID 1856276 I have extract the field and i want to create a table to get statistic: table sender,message_subject,recipient,quarantine_dest,reason,virus_vendor_category When i try it, i got a table per one line. How to concatenate all line to get all statistics, please Rgds silverem
... View more