How to write compound queries on kibana to search multi records of logs

ShashikanthKomandoor · April 11, 2021, 2:10pm

Hi team,

I am currently sending my MTAs' /var/log/maillog files to a centralized Elastic Stack Log Analyser. I am using Elastic Stack version 7.X.

I have got a requirement to search set of message ids which look like message-id=<20210411134224.6E07810002DB5@mydomain against their delivery status.

This is happening if I take each message-id individually and get its Queue Id in that MTA and check the delivery status against that Queue Id. But this entire process requires 2 queries for each message id.

Is it possible to check the delivery status of the message ids in a given duration of time with one single compound query or any other means?

The requirement for the compound query is in Kibana Discovery, Visualization and Dashboards

matw · April 27, 2021, 8:40am

Hi
This is not possible in a single query in Kibana, but what you could do is using our transform solution, to create a summarized index containing the delivery status of each message id:

Best,
Matthias

system · May 25, 2021, 8:40am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Obtain Search Results from Multiple Documents of Same Index Elasticsearch	1	321	August 20, 2020
Multi Document Search in the Same Index Elasticsearch	3	388	September 28, 2020
Search related documents in kibana in single query Kibana	5	282	September 17, 2023
Mail log event correlation Kibana	12	747	September 30, 2021
Query script for postfix queue id groupping Kibana	3	575	October 21, 2020

How to write compound queries on kibana to search multi records of logs

Related topics