Hello,
I'm trying to filter postfix logs using the grok patterns posted here: https://github.com/whyscream/postfix-grok-patterns
The thing is, its not filtering the postfix logs properly. It is not segregating the message field which contains various fields like FROM, TO , HOST, STATUS, NCRPT , etc.
I'm still using logstash and elastic search, kibana are all latest stable release.
Can any one help?
Sure.
Have you tried testing you parser rules here? http://grokdebug.herokuapp.com/
I created my own patterns for Cyrus, and tested all of them there.
No, but its a general postfix log. There are 100's of lines to be tested with grokdebug parser which I feel extremely difficult.
you dont have to test them all.
just the lines that parses the fields FROM, TO , HOST, STATUS, NCRPT, like you said.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.