Count message for user

zeliko79 · March 29, 2018, 7:53am

Hello everyone,
I was able to configure ELK cluster and grok for postfix, now I have a problem in finding information.
For every message sent I have 2 records similar to these:

postfix_queueid, postfix_from
postfix_queueid, postfix_to, postfix_queueid, postfix_status

How can I do to have a single line with:

postfix_queueid, postfix_from, postfix_to, postfix_status

Thank you

Badger · March 30, 2018, 5:15pm

An aggregate filter might work. Can you give actual examples of the events?

system · April 27, 2018, 5:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Query group by postifx Logstash	2	293	April 24, 2018
Query script for postfix queue id groupping Kibana	3	575	October 21, 2020
Merge two logs from Postfix Logstash	1	788	November 7, 2018
Grouping postfix queueid Kibana	3	2872	February 26, 2017
Elasticsearch merge two strings Elasticsearch	1	407	August 16, 2018

Count message for user

Related topics