Count message for user

zeliko79 · March 29, 2018, 7:53am

Hello everyone,
I was able to configure ELK cluster and grok for postfix, now I have a problem in finding information.
For every message sent I have 2 records similar to these:

postfix_queueid, postfix_from
postfix_queueid, postfix_to, postfix_queueid, postfix_status

How can I do to have a single line with:

postfix_queueid, postfix_from, postfix_to, postfix_status

Thank you

Badger · March 30, 2018, 5:15pm

An aggregate filter might work. Can you give actual examples of the events?

system · April 27, 2018, 5:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.