Hi all, I encounter with problem about zimbra mail log. When a user send email, zimbra create 2 log.
First log with some field: email_id, sender, receiver, subject....
Second log with field: email_id, status (ok if email sending successfully, otherwise it will be failed)
I wonder how can I using logstash to combine two log into one using field email_id. Which only 1 log we can follow it easily than now.
Have you looked at the aggregate filter?
I had looked at the aggregate filter but I think aggregate filter is suitable for statistic. Do you have any exp using aggregate to solve my problem, bro?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.