Hi all, I encounter with problem about zimbra mail log. When a user send email, zimbra create 2 log.
First log with some field: email_id, sender, receiver, subject....
Second log with field: email_id, status (ok if email sending successfully, otherwise it will be failed)
I wonder how can I using logstash to combine two log into one using field email_id. Which only 1 log we can follow it easily than now.
Have you looked at the aggregate filter?
I had looked at the aggregate filter but I think aggregate filter is suitable for statistic. Do you have any exp using aggregate to solve my problem, bro?
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.