How to write compound queries on kibana to search multi records of logs

ShashikanthKomandoor · April 11, 2021, 2:10pm

Hi team,

I am currently sending my MTAs' /var/log/maillog files to a centralized Elastic Stack Log Analyser. I am using Elastic Stack version 7.X.

I have got a requirement to search set of message ids which look like message-id=<20210411134224.6E07810002DB5@mydomain against their delivery status.

This is happening if I take each message-id individually and get its Queue Id in that MTA and check the delivery status against that Queue Id. But this entire process requires 2 queries for each message id.

Is it possible to check the delivery status of the message ids in a given duration of time with one single compound query or any other means?

The requirement for the compound query is in Kibana Discovery, Visualization and Dashboards

matw · April 27, 2021, 8:40am

Hi
This is not possible in a single query in Kibana, but what you could do is using our transform solution, to create a summarized index containing the delivery status of each message id:

Best,
Matthias

system · May 25, 2021, 8:40am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.