zoukankan      html  css  js  c++  java
  • 通过logstash收集mysql慢查询日志转换为json

    input {
    file {
    type => "mysql-slow"
    path => "/var/log/slow_mysqld.log"
    start_position => "beginning"
    codec => multiline {
    pattern => "^# Time:"
    negate => true
    what => "previous"
    }
    }
    }
    filter {
    grok {
    match => { "message" => "SELECT SLEEP" }
    add_tag => [ "sleep_drop" ]
    tag_on_failure => []
    }
    if "sleep_drop" in [tags] {
    drop {}
    }
    grok {
    match => [ "message", "(?m)^# Time:.*s+# User@Host: %{USER:user}[[^]]+] @ (?:(?<clienthost>S*) )?[(?:%{IP:clientip})?]s*Id: %{NUMBER:id}s+# Query_time: %{NUMBER:query_time}s+Lock_time: %{NUMBER:lock_time}s+Rows_sent: %{NUMBER:rows_sent}s+Rows_examined: %{NUMBER:rows_examined}s*(?:use %{DATA:database};s*)?SET timestamp=%{NUMBER:timestamp};s*(?<query>(?<action>w+)s+.*)$" ]
    }
    grok {
    match => [ "message", "(?m)^# Time: %{GREEDYDATA:Time}s+# User@Host: %{USER:user}[[^]]+] @ (?:(?<clienthost>S*) )?[(?:%{IP:clientip})?]s*Id: %{NUMBER:id}s+# Schema: %{GREEDYDATA:schema}s+# Query_time: %{NUMBER:query_time}s+Lock_time: %{NUMBER:lock_time}s+Rows_sent: %{NUMBER:rows_sent}s+Rows_examined: %{NUMBER:rows_examined}s+Rows_affected: %{NUMBER:Rows_affected}s+# Bytes_sent: %{NUMBER:Bytes_sent}s+SET timestamp=%{NUMBER:sqltimestamp};s*(?<query>(?<action>w+)s+.*)$" ]
    }
    date {
    match => [ "timestamp", "UNIX" ]
    remove_field => [ "timestamp" ]
    }
    }
    output {
         stdout {
     codec => rubydebug {}
    }
    }

     日志格式

    # Time: 2018-11-22T01:58:21.726750Z
    # User@Host: xxx[xxx] @  [xx.xx.xx.xx]  Id: 23258299
    # Schema: xxx  Last_errno: 0  Killed: 0
    # Query_time: 3.533099  Lock_time: 0.000021  Rows_sent: 2  Rows_examined: 2517002  Rows_affected: 0
    # Bytes_sent: 975
    SET timestamp=1542851901;
    SELECT * FROM `x`  WHERE `xxx`
    # Time: 2018-11-22T01:58:21.726750Z
    # User@Host: xxx[xxx] @  [xx.xx.xx.xx]  Id: 23258299
    # Schema: xxx  Last_errno: 0  Killed: 0
    # Query_time: 3.533099  Lock_time: 0.000021  Rows_sent: 2  Rows_examined: 2517002  Rows_affected: 0
    # Bytes_sent: 975
    SET timestamp=1542851901;
    SELECT * FROM `x`  WHERE `xxx`
    # Time: 2018-11-22T01:58:21.726750Z
    # User@Host: xxx[xxx] @  [xx.xx.xx.xx]  Id: 23258299
    # Schema: xxx  Last_errno: 0  Killed: 0
    # Query_time: 3.533099  Lock_time: 0.000021  Rows_sent: 2  Rows_examined: 2517002  Rows_affected: 0
    # Bytes_sent: 975
    SET timestamp=1542851901;
    SELECT * FROM `x`  WHERE `xxx`
  • 相关阅读:
    Python爬虫入门教程 59-100 python爬虫高级技术之验证码篇5-极验证识别技术之二
    CouchDB简介
    零成本打造抖音IP,轻松实现月入过万,90%的人都不懂
    couchdb集群搭建
    汽车测评详细操作流程,一篇赚300+
    基于docker部署的微服务架构: docker环境下的zookeeper和kafka部署
    零成本的互联网赚钱项目,都是怎么做的?
    SQuirrel连接hive配置
    本人有8万启动资金,做点什么生意好呢?
    PHP实现自己活了多少岁
  • 原文地址:https://www.cnblogs.com/cp-miao/p/9996409.html
Copyright © 2011-2022 走看看