Hi everybody,
I am creating filters for monitoring a new server.
I have a amavis log that perform spamassassin tests on email.
The problem is that there are a hundred tests and the tests in the log are never the same .
For example i can have this :
test1=1, test2=2, test3=3
test2=4, test5=0.1, test10=0.001, test50=2, test48=0.0001
I would like to retrieve the field values. But how could I identify the field values ?
I wondered if it was possible to recover the first part of the test ( name), then retrieve the second part of the test ( value ) and finally to the test name previously recovered as a field name (value) ?
it will give something:
log : test1=0,01 grok: %{DATA:test_name}=%{DATA:$test_name}
I don't know how to do that or even if we can do that.
Thanks and Regards,
Clément ROS