Multi Document Search in the Same Index

Hi Team,

I am pushing the /var/log/maillog to ELK Stack version 6.X

I was able to use the postfix grok filters available in github and create the indices, documents, fields and so and also I am able to see in Kibana too.

I am capturing the header message id in the /var/log/maillog which is being pushed to ELK.

I want to know through ELK searches that the message ids which got successfully sent, deferred and softbounce.

Here I faced the challenge of writing the query of search for the above requirement as the header message id is recorded in /var/log/maillog in one line while the delivery status would be recorded in a different line.

As per my understanding, each record or each line in the log file is called as a document in an Index. Correct me if I am wrong.

So, is there a way that would solve my requirement ? This has become a great challenge from past few days for me.

Yes, that's correct

Transforming data | Elasticsearch Guide [7.9] | Elastic should be able to do what you want. Basically you want to create an entity-centric index, where the entity is the unique postfix ID.

Thank you Warkolm for your immediate response. I am new to this concept of Transforming Data. Let me first study this and come back to you if any queries.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.