Fields arrange problem

abu.sayeed · March 12, 2018, 5:08am

Two event's of postfix-mail log fields are below.:

Event_1:
source: /var/log/mail.log
postfix_queueid":24C4C681F19
host: mail
program: postfix/amavis/smtp
postfix_to: jhon@gmail.com
time: 10:53:30
postfix_status: sent
postfix_delay: 2.1
postfix_relay_ip: 127.0.0.1
postfix_delay_in_qmgr: 0.01

Event_2:
source: /var/log/mail.log
postfix_queueid: 24C4C681F19
postfix_size: 8209
host: mail
time: 10:53:30
program: postfix/qmgr
postfix_from: salam@gmail.com

But I need a complete information. like from, to, status etc in kibana dashboard.
khsjkd

How can I do it?

I need help.
Thanks.

Brandon_Kobel · March 12, 2018, 2:23pm

Hey @abu.sayeed you can add a Saved Search to your Dashboard that will be very similar to the results that you see in Discover, that will contain the fill source of the documents in Elasticsearch.

abu.sayeed · March 13, 2018, 3:57am

Thanks for reply.

From and To both field are not in same Event.

if I create like the following visualize, its ok.
khsjkd2

But I need it. For this need help.
khsjkd

Thanks

Brandon_Kobel · March 13, 2018, 11:51am

@abu.sayeed if you're trying to display a result and also look up additional information from another document/index, there isn't a built-in way to do this in Kibana. Have you considered denormalizing your data on ingest to lookup the necessary fields so you have everything you need displayed in a single Elasticsearch document?

system · April 10, 2018, 11:51am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash fields merge Kibana	2	372	April 9, 2018
Problem to copy a field from one event to another event Logstash	3	525	April 9, 2018
Merge two logs from Postfix Logstash	1	788	November 7, 2018
Merge problem Logstash	1	265	March 27, 2018
Grouping postfix queueid Kibana	3	2872	February 26, 2017

Fields arrange problem

Related topics