zoukankan      html  css  js  c++  java

  • logstash收集MySQL慢查询日志

    #此处以收集mysql慢查询日志为准,根据文件名不同添加不同的字段值
    input {
        file {
        path => "/data/order-slave-slow.log"
        type => "mysql-slow-log"
        start_position => "beginning"
        codec => multiline {
            pattern => "^# User@Host:"
            negate => true
            what => previous
        }
    }
    file {
        path => "/data/other-slave-slow.log"
        type => "mysql-slow-log"
        start_position => "beginning"
        codec => multiline {
            pattern => "^# User@Host:"
            negate => true
            what => previous
        }
    }
    file {
        path => "/data/order-master-slow.log"
        type => "mysql-slow-log"
        start_position => "beginning"
        codec => multiline {
            pattern => "^# User@Host:"
            negate => true
            what => previous
        }
    }
    file {
        path => "/data/other-master-slow.log"
        type => "mysql-slow-log"
        start_position => "beginning"
        codec => multiline {
            pattern => "^# User@Host:"
            negate => true
            what => previous
        }
    }
}
filter {
    if [path] =~ "order-slave-slow" { //根据文件内容不同,增加不同的字段
        grok {
            match => { "message" => "(?m)^#s+User@Host:s+%{USER:user}[[^]]+]s+@s+(?:(?<clientip>S*) )?[(?:%{IPV4:clientip})?]s+Id:s+%{NUMBER:row_id:int}
#s+Query_time:s+%{NUMBER:Query_time:float}s+Lock_time:s+%{NUMBER:lock_time:float}s+Rows_sent:s+%{NUMBER:Row_sent:int}s+Rows_examined:s+%{NUMBER:Rows_examined:int}
s*(?:use %{DATA:database};s*
)?SETs+timestamp=%{NUMBER:timestamp};
s*(?<sql>(?<action>w+).*;)s*(?:
#s+Time)?.*$" }
            remove_field => [ "message" ]
        }
        mutate {
            replace => [ "host" , "%{host}" ]
            add_field => [ "nsCode", "%{nsCode}" ]
            add_field => [ "envCode", "%{envCode}" ]
            add_field => [ "mysqlType", "%{mysqlType}" ]
            gsub => [ "sql", "
# Time: d+s+d+:d+:d+", "" ]
        }
    }
    if [path] =~ "other-slave-slow" {
        grok {
            match => { "message" => "(?m)^#s+User@Host:s+%{USER:user}[[^]]+]s+@s+(?:(?<clientip>S*) )?[(?:%{IPV4:clientip})?]s+Id:s+%{NUMBER:row_id:int}
#s+Query_time:s+%{NUMBER:Query_time:float}s+Lock_time:s+%{NUMBER:lock_time:float}s+Rows_sent:s+%{NUMBER:Row_sent:int}s+Rows_examined:s+%{NUMBER:Rows_examined:int}
s*(?:use %{DATA:database};s*
)?SETs+timestamp=%{NUMBER:timestamp};
s*(?<sql>(?<action>w+).*;)s*(?:
#s+Time)?.*$" }
            remove_field => [ "message" ]
        }
        mutate {
            replace => [ "host" , "%{host}" ]
            add_field => [ "nsCode", "%{nsCode}" ]
            add_field => [ "envCode", "%{envCode}" ]
            add_field => [ "mysqlType", "%{mysqlType}" ]
            gsub => [ "sql", "
# Time: d+s+d+:d+:d+", "" ]
        }
    }
    if [path] =~ "order-master-slow" {
        grok {
            match => { "message" => "(?m)^#s+User@Host:s+%{USER:user}[[^]]+]s+@s+(?:(?<clientip>S*) )?[(?:%{IPV4:clientip})?]s+Id:s+%{NUMBER:row_id:int}
#s+Query_time:s+%{NUMBER:Query_time:float}s+Lock_time:s+%{NUMBER:lock_time:float}s+Rows_sent:s+%{NUMBER:Row_sent:int}s+Rows_examined:s+%{NUMBER:Rows_examined:int}
s*(?:use %{DATA:database};s*
)?SETs+timestamp=%{NUMBER:timestamp};
s*(?<sql>(?<action>w+).*;)s*(?:
#s+Time)?.*$" }
            remove_field => [ "message" ]
        }
        mutate {
            replace => [ "host" , "%{host}" ]
            add_field => [ "nsCode", "%{nsCode}" ]
            add_field => [ "envCode", "%{envCode}" ]
            add_field => [ "mysqlType", "%{mysqlType}" ]
            gsub => [ "sql", "
# Time: d+s+d+:d+:d+", "" ]
        }
    }
    if [path] =~ "other-master-slow" {
        grok {
            match => { "message" => "(?m)^#s+User@Host:s+%{USER:user}[[^]]+]s+@s+(?:(?<clientip>S*) )?[(?:%{IPV4:clientip})?]s+Id:s+%{NUMBER:row_id:int}
#s+Query_time:s+%{NUMBER:Query_time:float}s+Lock_time:s+%{NUMBER:lock_time:float}s+Rows_sent:s+%{NUMBER:Row_sent:int}s+Rows_examined:s+%{NUMBER:Rows_examined:int}
s*(?:use %{DATA:database};s*
)?SETs+timestamp=%{NUMBER:timestamp};
s*(?<sql>(?<action>w+).*;)s*(?:
#s+Time)?.*$" }
            remove_field => [ "message" ]
        }
        mutate {
           #替换原有host字段的值
            replace     => [ "host" , "%{host}" ]
            #新增三个字段
            add_field     => [ "nsCode", "%{nsCode}" ]
            add_field => [ "envCode", "%{envCode}" ]
            add_field => [ "mysqlType", "%{mysqlType}" ]
           //sql字段的值进行切分,"    
# Time: d+s+d+:d+:d+"匹配到的内容替换为空。
           gsub => [ "sql", "
# Time: d+s+d+:d+:d+", "" ] 
        } 
      } 
    }
    //此处输出至redis服务器中
output {
    if [type] == "mysql-slow-log" {
        redis {
            host => "%{ES_SEVER}" //此处指向redis服务器地址
            data_type => "list"
            key => "mysql-slow-log"
        }
    }
}
  • 相关阅读:
    (七)android开发中两种方式监听短信的原理和实现
    (三)android中Toast的使用
    (二)、Android ListView滑动过程中图片显示重复错位闪烁问题解决
    (一)PagerAdapter、FragmentPagerAdapter、FragmentStatePagerAdapter的区别
    (六)Android中使用CountDownTimer实现倒计时功能
    (五)在android 4.4上设置手机状态栏的背景
    (四)使用PagerSlidingTabStrip和ViewPager实现可左右滑动和点击效果功能
    devexpress表格gridcontrol实现列统计,总计,平均,求和等。
    常用GDB命令行调试命令
    新浪微博SSO授权后回调客户端没有执行sinaweiboDidLogIn&无法返回应用
  • 原文地址:https://www.cnblogs.com/crysmile/p/7070963.html
Copyright © 2011-2022 走看看