Email formatting for ES with logstash pipline?

Jackson_Pollock · November 6, 2018, 5:41pm

Using the imap plugin and am seeing email come across in a variety of formats, sometimes txt, html, or base64 encoded like:

--000_9DC799C9E1E4436E8FDA8B3339216EB3forescoutcom
Content-Type: text/plain;
charset=utf-8
Content-Transfer-Encoding: base64

SSBqdXN0IGRpZCBhIGN1dCBhbmQgcGFzdGUuICBJdCB3b3JrZWQgZmluZSBm
b3IgbWUuDQoNCmo5SjAjaX5WOA0KDQoNCg0KDQoNClRoYW5rcywNCg0KVGVk
DQoNCg0KDQpUZWQgU2xvY2tib3dlciwgQ0lTU1ANClN5c3RlbXMgRW5naW5l
ZXINCkZvcmVTY291dCBUZWNobm9sb2dpZXMNCkNlbGw6ICAgICAgIDIwMS00
NjMtNDA2NA0KT2ZmaWNlOi
...

Does anyone have an example of how to handle this issue? The data needs to go into ES in human readable/searchable form.

thanks

Jackson_Pollock · November 7, 2018, 4:20pm

Seems like no one monitors this site.

magnusbaeck · November 7, 2018, 9:19pm

Seems like no one monitors this site.

Nonsense. People get answers to their questions all the time.

Logstash doesn't have a filter to do what you want so you'd have to write a plugin of your own.

system · December 5, 2018, 9:19pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash IMAP input unable to parse HTML email Logstash	3	1117	January 16, 2017
Parsing Emails with logstash Logstash	10	3339	May 18, 2018
Logstash errors on imap input multiple languages Logstash	5	852	February 26, 2018
Import Emails into Elasticsearch using Logstash IMAP Input Logstash	1	225	February 22, 2024
How to decode Email Subject using logstash filter? Logstash	2	766	November 23, 2018

Email formatting for ES with logstash pipline?

Related topics