Hi all. We are facing difficulties, trying to get postfix logs readable in ELK.
-we installed filebeat and set communication with ELK server
-then, configured logstash patterns and configs
-finally we've got logs in kibana discovery fully parsed
But postfix logs came line by line from different services like qmgr, smtpd, amavis, etc. And not all fields are filled in this strings. Doing some filtering we manage to get two different settings, but each of them displayed separately, by switching filter on|off
for example,
filtered log string one: from, -, -, -, -, mesage size
filtered log string two: to,relayhost,relayip,status
Is there a way to combine it all in one, or at least do some smart filter to show only this two strings simultaneously?
Thanks a lot