Count message for user

zeliko79 · March 29, 2018, 7:53am

Hello everyone,
I was able to configure ELK cluster and grok for postfix, now I have a problem in finding information.
For every message sent I have 2 records similar to these:

postfix_queueid, postfix_from
postfix_queueid, postfix_to, postfix_queueid, postfix_status

How can I do to have a single line with:

postfix_queueid, postfix_from, postfix_to, postfix_status

Thank you

Badger · March 30, 2018, 5:15pm

An aggregate filter might work. Can you give actual examples of the events?

Topic		Replies	Views
Query group by postifx Logstash	2	313	April 24, 2018
Grouping postfix queueid Kibana	3	2956	February 26, 2017
Filebeat multiline by Queue ID Beats filebeat	11	3738	July 5, 2017
Monitoring the logstash postfix queue Logstash	1	573	September 8, 2021
Logstash join (aggregate?) two aggregated maps (postfix) Logstash	4	624	January 21, 2022

Count message for user

Related topics