Hey,
I created ELK stack, and I saving postfix logs into an index. I created grok patters for mail_from, mail_to and queue_id so I store them in fields. When I'm searching a mail_from or mail_to, I need copy the queue_id and search again. Can I create a query that when I search a mail_from and mail_to then search automatic the queue_id? How?
Thanks!
Hello,
Can you clarify what queries you are running at the moment? And what exactly you are trying to resolve?
I haven't any query yet.
I am searching the best practice for this. Query? Nested fields? I don't know what is the best solution.
I would like grouping logs by queue_id, when I search mail_from and mail_to fields.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.