elasticsearch,Logstash,Logstash Grok" />
elasticsearch,logstash,logstash-grok,Regex,Nginx,Regex Logstash grok筛选器,用于标记接收和反弹的邮件
Sthg让我抓狂,我想解析Postfix日志以了解电子邮件的状态,以下是我迄今为止所做的尝试:Regex Logstash grok筛选器,用于标记接收和反弹的邮件,regex,nginx,
elasticsearch,logstash,logstash-grok,Regex,Nginx,
input {
file {path => "/var/log/mail.log"}
}
filter {
kv {
trim => "<>"
}
if [message] =~ /[ "status=bounced" ]/ {
grok {
patterns_dir => "/etc/logstash/patterns"
match => {"message" => "%{SYSLOGBASE} (?<QID>[0-9A-F]{10}): %{GREEDYDATA:message}"}
add_tag => "bounce"
}
}
}
output {
if "bounce" in [tags] {
stdout { codec => rubydebug }
}
}
有什么想法吗?我发现了问题 它来自这个测试:
if [message] =~ /[ "bounced" ]/ {
mutate {add_tag => [ "bounce" ]}
}
/if [message] =~ /bounced/ {
mutate {add_tag => [ "bounce" ]}
}
你能添加一个日志的例子吗?@ BUDSP我在问题中添加了日志,问题是ReGEX和过滤器里面的规则,但是我认为你的答案非常的有帮助,谢谢!
if [message] =~ /[ "bounced" ]/ {
mutate {add_tag => [ "bounce" ]}
}
if [message] =~ /bounced/ {
mutate {add_tag => [ "bounce" ]}
}