Logstash fields merge

abu.sayeed · February 27, 2018, 11:50am

Two event's of postfix-mail log fields are below.:

source: /var/log/mail.log
postfix_queueid":24C4C681F19
host: mail
program: postfix/amavis/smtp
postfix_to: jhon@gmail.com
time: 10:53:30
postfix_status: sent
postfix_delay: 2.1
postfix_relay_ip: 127.0.0.1
postfix_delay_in_qmgr: 0.01

source: /var/log/mail.log
postfix_queueid: 24C4C681F19
postfix_size: 8209
host: mail
time: 10:53:30
program: postfix/qmgr
postfix_from: salam@gmail.com

But I need a complete information. like from, to, status etc in kibana dashboard.
khsjkd

How can I do it?

I need help.
Thanks.

Brandon_Kobel · March 12, 2018, 2:22pm

Hey @abu.sayeed you can add a Saved Search to your Dashboard that will be very similar to the results that you see in Discover, that will contain the fill source of the documents in Elasticsearch.

system · April 9, 2018, 2:22pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Fields arrange problem Kibana	4	400	April 10, 2018
Problem to copy a field from one event to another event Logstash	3	525	April 9, 2018
Merge two logs from Postfix Logstash	1	788	November 7, 2018
Grouping postfix queueid Kibana	3	2872	February 26, 2017
Merge problem Logstash	1	265	March 27, 2018

Logstash fields merge

Related topics