Hi friends,
I am getting mail servers logs in elk now i want to visualize par day mail counts in graph
but i am confused about that which field should i choose for the counting mails par day incoming and outgoing mails kindly help me for this problem
the count is a top-level aggregation that does not require any additional field parameters. It just counts the documents within a time-frame.
e.g. this just counts the number of documents (in your case, these correspond to emails) by day
