Basically I have an elasticsearch index that contains logs from postfix, i've made an query that gets all documents that contains the value I want, like this:
GET postfix-logs/_search
{
"query": {
"match_phrase": {
"postfix_smtp_response": "*said: 550*"
}
}
}
And with that, I want to get the field "postfix_to" that it is in the same document, and write it in some type of text, like CSV or txt.
That writting would be something that runs in a timeline, for example, every single 3 days, it writes the file.
Thanks in advance.