docker-mailserver/elk/16-amavis.conf

24 lines
613 B
Plaintext
Raw Normal View History

filter {
# grok log lines by program name
if [program] == 'amavis' {
grok {
patterns_dir => "/etc/logstash/patterns.d"
match => [ "message", "%{AMAVIS}" ]
tag_on_failure => [ "_grok_amavis_nomatch" ]
add_tag => [ "_grok_amavis_success" ]
}
}
# Do some data type conversions
mutate {
convert => [
# list of integer fields
"amavis_size", "integer",
"amavis_duration", "integer",
# list of float fields
"amavis_hits", "float"
]
}
}