Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Postfix_logs_format

abusayeed
New Member
‎02-27-2018 08:46 PM

I have sent a mail. And mail server gives me logs like these.

Feb 27 11:30:11 mail postfix/qmgr[8620]: 24C4C681F19: from=kalam@example.com, size=8814, nrcpt=1 (queue active)
Feb 27 11:30:11 mail postfix/amavis/smtp[50690]: 24C4C681F19: to=salam@example.com, relay=127.0.0.1[127.0.0.1]:10024, delay=2.1, delays=1.2/0.01/0/0.93, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as F3433681F7C)

I want to build a search based on the from address, but do stats on the status (separate counts for deffered, sent, reject etc.). Anyway I could make splunk realize these two events are related?

Tags (1)
0 Karma
Reply

p_gurav
Champion
‎03-01-2018 02:24 AM

Hi,

This is answer will help you:
https://answers.splunk.com/answers/40922/postfix-logs.html

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...