zoukankan      html  css  js  c++  java

  • logstash收集MySQL慢查询日志

    #此处以收集mysql慢查询日志为准,根据文件名不同添加不同的字段值
    input {
        file {
        path => "/data/order-slave-slow.log"
        type => "mysql-slow-log"
        start_position => "beginning"
        codec => multiline {
            pattern => "^# User@Host:"
            negate => true
            what => previous
        }
    }
    file {
        path => "/data/other-slave-slow.log"
        type => "mysql-slow-log"
        start_position => "beginning"
        codec => multiline {
            pattern => "^# User@Host:"
            negate => true
            what => previous
        }
    }
    file {
        path => "/data/order-master-slow.log"
        type => "mysql-slow-log"
        start_position => "beginning"
        codec => multiline {
            pattern => "^# User@Host:"
            negate => true
            what => previous
        }
    }
    file {
        path => "/data/other-master-slow.log"
        type => "mysql-slow-log"
        start_position => "beginning"
        codec => multiline {
            pattern => "^# User@Host:"
            negate => true
            what => previous
        }
    }
}
filter {
    if [path] =~ "order-slave-slow" { //根据文件内容不同,增加不同的字段
        grok {
            match => { "message" => "(?m)^#s+User@Host:s+%{USER:user}[[^]]+]s+@s+(?:(?<clientip>S*) )?[(?:%{IPV4:clientip})?]s+Id:s+%{NUMBER:row_id:int}
#s+Query_time:s+%{NUMBER:Query_time:float}s+Lock_time:s+%{NUMBER:lock_time:float}s+Rows_sent:s+%{NUMBER:Row_sent:int}s+Rows_examined:s+%{NUMBER:Rows_examined:int}
s*(?:use %{DATA:database};s*
)?SETs+timestamp=%{NUMBER:timestamp};
s*(?<sql>(?<action>w+).*;)s*(?:
#s+Time)?.*$" }
            remove_field => [ "message" ]
        }
        mutate {
            replace => [ "host" , "%{host}" ]
            add_field => [ "nsCode", "%{nsCode}" ]
            add_field => [ "envCode", "%{envCode}" ]
            add_field => [ "mysqlType", "%{mysqlType}" ]
            gsub => [ "sql", "
# Time: d+s+d+:d+:d+", "" ]
        }
    }
    if [path] =~ "other-slave-slow" {
        grok {
            match => { "message" => "(?m)^#s+User@Host:s+%{USER:user}[[^]]+]s+@s+(?:(?<clientip>S*) )?[(?:%{IPV4:clientip})?]s+Id:s+%{NUMBER:row_id:int}
#s+Query_time:s+%{NUMBER:Query_time:float}s+Lock_time:s+%{NUMBER:lock_time:float}s+Rows_sent:s+%{NUMBER:Row_sent:int}s+Rows_examined:s+%{NUMBER:Rows_examined:int}
s*(?:use %{DATA:database};s*
)?SETs+timestamp=%{NUMBER:timestamp};
s*(?<sql>(?<action>w+).*;)s*(?:
#s+Time)?.*$" }
            remove_field => [ "message" ]
        }
        mutate {
            replace => [ "host" , "%{host}" ]
            add_field => [ "nsCode", "%{nsCode}" ]
            add_field => [ "envCode", "%{envCode}" ]
            add_field => [ "mysqlType", "%{mysqlType}" ]
            gsub => [ "sql", "
# Time: d+s+d+:d+:d+", "" ]
        }
    }
    if [path] =~ "order-master-slow" {
        grok {
            match => { "message" => "(?m)^#s+User@Host:s+%{USER:user}[[^]]+]s+@s+(?:(?<clientip>S*) )?[(?:%{IPV4:clientip})?]s+Id:s+%{NUMBER:row_id:int}
#s+Query_time:s+%{NUMBER:Query_time:float}s+Lock_time:s+%{NUMBER:lock_time:float}s+Rows_sent:s+%{NUMBER:Row_sent:int}s+Rows_examined:s+%{NUMBER:Rows_examined:int}
s*(?:use %{DATA:database};s*
)?SETs+timestamp=%{NUMBER:timestamp};
s*(?<sql>(?<action>w+).*;)s*(?:
#s+Time)?.*$" }
            remove_field => [ "message" ]
        }
        mutate {
            replace => [ "host" , "%{host}" ]
            add_field => [ "nsCode", "%{nsCode}" ]
            add_field => [ "envCode", "%{envCode}" ]
            add_field => [ "mysqlType", "%{mysqlType}" ]
            gsub => [ "sql", "
# Time: d+s+d+:d+:d+", "" ]
        }
    }
    if [path] =~ "other-master-slow" {
        grok {
            match => { "message" => "(?m)^#s+User@Host:s+%{USER:user}[[^]]+]s+@s+(?:(?<clientip>S*) )?[(?:%{IPV4:clientip})?]s+Id:s+%{NUMBER:row_id:int}
#s+Query_time:s+%{NUMBER:Query_time:float}s+Lock_time:s+%{NUMBER:lock_time:float}s+Rows_sent:s+%{NUMBER:Row_sent:int}s+Rows_examined:s+%{NUMBER:Rows_examined:int}
s*(?:use %{DATA:database};s*
)?SETs+timestamp=%{NUMBER:timestamp};
s*(?<sql>(?<action>w+).*;)s*(?:
#s+Time)?.*$" }
            remove_field => [ "message" ]
        }
        mutate {
           #替换原有host字段的值
            replace     => [ "host" , "%{host}" ]
            #新增三个字段
            add_field     => [ "nsCode", "%{nsCode}" ]
            add_field => [ "envCode", "%{envCode}" ]
            add_field => [ "mysqlType", "%{mysqlType}" ]
           //sql字段的值进行切分,"    
# Time: d+s+d+:d+:d+"匹配到的内容替换为空。
           gsub => [ "sql", "
# Time: d+s+d+:d+:d+", "" ] 
        } 
      } 
    }
    //此处输出至redis服务器中
output {
    if [type] == "mysql-slow-log" {
        redis {
            host => "%{ES_SEVER}" //此处指向redis服务器地址
            data_type => "list"
            key => "mysql-slow-log"
        }
    }
}
  • 相关阅读:
    HDU ACM 1071 The area 定积分计算
    Effective C++:条款25:考虑写出一个不抛异常的swap函数
    史上最全站点降权原因解析
    shell脚本中的数学运算
    Spark 1.0.0 横空出世 Spark on Yarn 部署(Hadoop 2.4)
    索尼 LT26I刷机包 X.I.D 增加官方风格 GF A3.9.4 各方面完美
    Swift基础--使用TableViewController自己定义列表
    勒索软件出新招,小心你的隐私和財产安全!
    Http协议具体解释
    Android Studio解决unspecified on project app resolves to an APK archive which is not supported
  • 原文地址:https://www.cnblogs.com/crysmile/p/7070963.html
Copyright © 2011-2022 走看看