I would like to use Logstash to stream CSV data in email to Elasticsearch. IMAP and CSV filter seems suitable to extract email content and parse the CSV contents respectively. How can I use both filter together to output CSV content to elastics search? Thanks!
{
"date" => "Fri, 17 Dec2021 00:00:00 +0800",
"subject" => "Test CSV inside email content",
"message" => "<CSV data here>",
"from" => "xxx <xxx@xxx>",
"to" => "ttt <ttt@ttt>"
}
The IMAP plugin is an input plugin and the CSV is a filter plugin and the Elasticsearch plugin is an output filter.
Just define each one appropriately and it should work.
input {
imap {
...
}
}
filter {
csv {
...
}
}
output {
elasticsearch {
....
}
Thank you for the response.
After some searching, I find that split filter is also required to split the event to multiple messages for csv filter to process. Thanks.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.