zoukankan      html  css  js  c++  java

  • 通过logstash收集mysql慢查询日志转换为json

    input {
file {
type => "mysql-slow"
path => "/var/log/slow_mysqld.log"
start_position => "beginning"
codec => multiline {
pattern => "^# Time:"
negate => true
what => "previous"
}
}
}
filter {
grok {
match => { "message" => "SELECT SLEEP" }
add_tag => [ "sleep_drop" ]
tag_on_failure => []
}
if "sleep_drop" in [tags] {
drop {}
}
grok {
match => [ "message", "(?m)^# Time:.*s+# User@Host: %{USER:user}[[^]]+] @ (?:(?<clienthost>S*) )?[(?:%{IP:clientip})?]s*Id: %{NUMBER:id}s+# Query_time: %{NUMBER:query_time}s+Lock_time: %{NUMBER:lock_time}s+Rows_sent: %{NUMBER:rows_sent}s+Rows_examined: %{NUMBER:rows_examined}s*(?:use %{DATA:database};s*)?SET timestamp=%{NUMBER:timestamp};s*(?<query>(?<action>w+)s+.*)$" ]
}
grok {
match => [ "message", "(?m)^# Time: %{GREEDYDATA:Time}s+# User@Host: %{USER:user}[[^]]+] @ (?:(?<clienthost>S*) )?[(?:%{IP:clientip})?]s*Id: %{NUMBER:id}s+# Schema: %{GREEDYDATA:schema}s+# Query_time: %{NUMBER:query_time}s+Lock_time: %{NUMBER:lock_time}s+Rows_sent: %{NUMBER:rows_sent}s+Rows_examined: %{NUMBER:rows_examined}s+Rows_affected: %{NUMBER:Rows_affected}s+# Bytes_sent: %{NUMBER:Bytes_sent}s+SET timestamp=%{NUMBER:sqltimestamp};s*(?<query>(?<action>w+)s+.*)$" ]
}
date {
match => [ "timestamp", "UNIX" ]
remove_field => [ "timestamp" ]
}
}
output {
     stdout {
 codec => rubydebug {}
}
}

     日志格式

    # Time: 2018-11-22T01:58:21.726750Z
# User@Host: xxx[xxx] @  [xx.xx.xx.xx]  Id: 23258299
# Schema: xxx  Last_errno: 0  Killed: 0
# Query_time: 3.533099  Lock_time: 0.000021  Rows_sent: 2  Rows_examined: 2517002  Rows_affected: 0
# Bytes_sent: 975
SET timestamp=1542851901;
SELECT * FROM `x`  WHERE `xxx`
# Time: 2018-11-22T01:58:21.726750Z
# User@Host: xxx[xxx] @  [xx.xx.xx.xx]  Id: 23258299
# Schema: xxx  Last_errno: 0  Killed: 0
# Query_time: 3.533099  Lock_time: 0.000021  Rows_sent: 2  Rows_examined: 2517002  Rows_affected: 0
# Bytes_sent: 975
SET timestamp=1542851901;
SELECT * FROM `x`  WHERE `xxx`
# Time: 2018-11-22T01:58:21.726750Z
# User@Host: xxx[xxx] @  [xx.xx.xx.xx]  Id: 23258299
# Schema: xxx  Last_errno: 0  Killed: 0
# Query_time: 3.533099  Lock_time: 0.000021  Rows_sent: 2  Rows_examined: 2517002  Rows_affected: 0
# Bytes_sent: 975
SET timestamp=1542851901;
SELECT * FROM `x`  WHERE `xxx`
  • 相关阅读:
    Python爬虫入门教程 59-100 python爬虫高级技术之验证码篇5-极验证识别技术之二
    CouchDB简介
    零成本打造抖音IP,轻松实现月入过万,90%的人都不懂
    couchdb集群搭建
    汽车测评详细操作流程,一篇赚300+
    基于docker部署的微服务架构: docker环境下的zookeeper和kafka部署
    零成本的互联网赚钱项目,都是怎么做的?
    SQuirrel连接hive配置
    本人有8万启动资金,做点什么生意好呢?
    PHP实现自己活了多少岁
  • 原文地址:https://www.cnblogs.com/cp-miao/p/9996409.html
Copyright © 2011-2022 走看看