Email formatting for ES with logstash pipline?

Jackson_Pollock · November 6, 2018, 5:41pm

Using the imap plugin and am seeing email come across in a variety of formats, sometimes txt, html, or base64 encoded like:

--000_9DC799C9E1E4436E8FDA8B3339216EB3forescoutcom
Content-Type: text/plain;
charset=utf-8
Content-Transfer-Encoding: base64

SSBqdXN0IGRpZCBhIGN1dCBhbmQgcGFzdGUuICBJdCB3b3JrZWQgZmluZSBm
b3IgbWUuDQoNCmo5SjAjaX5WOA0KDQoNCg0KDQoNClRoYW5rcywNCg0KVGVk
DQoNCg0KDQpUZWQgU2xvY2tib3dlciwgQ0lTU1ANClN5c3RlbXMgRW5naW5l
ZXINCkZvcmVTY291dCBUZWNobm9sb2dpZXMNCkNlbGw6ICAgICAgIDIwMS00
NjMtNDA2NA0KT2ZmaWNlOi
...

Does anyone have an example of how to handle this issue? The data needs to go into ES in human readable/searchable form.

thanks

Jackson_Pollock · November 7, 2018, 4:20pm

Seems like no one monitors this site.

magnusbaeck · November 7, 2018, 9:19pm

Seems like no one monitors this site.

Nonsense. People get answers to their questions all the time.

Logstash doesn't have a filter to do what you want so you'd have to write a plugin of your own.

system · December 5, 2018, 9:19pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.