Logstash parser

vinu89 · June 6, 2019, 6:01pm

Hi can someone help me to write the parser for this below logs

Message 335881139 enqueued on incoming connection (ICID 0) from xyz@xyz.com to xyz@xyz.com

Message 335881139 scanned by Malware Protection engine.MALICIOUS.

I have two different logs which says that xyz@xyz.com has sent the malicious mail... is there any possibility to compare this two logs and get the result that the particular user has sent me the malicious mail..Message id is common for both the logs..

I can write the parser for this logs seperately but don't know how to compare and achieve my result...

Please help

Badger · June 6, 2019, 6:06pm

You could combine them using an aggregate filter.

vinu89 · June 6, 2019, 6:54pm

Hi I tried this but I couldn't understand them please explain

system · July 4, 2019, 6:54pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.