diff --git a/docker/logstash/patterns/opendmarc b/docker/logstash/patterns/opendmarc
new file mode 100644
index 00000000..cd10ab9d
--- /dev/null
+++ b/docker/logstash/patterns/opendmarc
@@ -0,0 +1,4 @@
+OPENDMARC_RESULT (?:%{QUEUEID:local_queueid}: )%{IP_OR_HOST:domain} %{DATA:dmarc_result}
+OPENDMARC_SPF_RESULT (?:%{QUEUEID:local_queueid}: )SPF\(mailfrom\): %{EMAIL_ADDRESS:from} %{DATA:dmarc_result}
+
+OPENDMARC_MESSAGES (?:(%{OPENDMARC_RESULT}|%{OPENDMARC_SPF_RESULT}))