Logstash分析MySQL慢查询日志
input {file {
type => "mysql-slow"
path => "/var/lib/mysql/slow.log"
start_position => beginning
sincedb_write_interval => 0
codec => multiline {
pattern => "^# User@Host:"
negate => true
what => "previous"
}
}
}
filter {
#if =~ "^Tcp" {
# drop {}
#}
#if =~ "^Time" {
# drop {}
#}
#if =~ "^\/usr" {
# drop {}
#}
grok {
match => { "message" => "SELECT SLEEP" }
add_tag => [ "sleep_drop" ]
tag_on_failure => []
}
if "sleep_drop" in {
drop {}
}
grok {
match => { "message" => "(?m)^# User@Host: %{USER:User}\[[^\]]+\] @ (?:(?\S*) )?\[(?:%{IP:Client_IP})?\]\s.*# Query_time: %{NUMBER:Query_Time:float}\s+Lock_time: %{NUMBER:Lock_Time:float}\s+Rows_sent: %{NUMBER:Rows_Sent:int}\s+Rows_examined: %{NUMBER:Rows_Examined:int}\s*(?:use %{DATA:Database};\s*)?SET timestamp=%{NUMBER:timestamp};\s*(?(?\w+)\s+.*)\n# Time:.*$" }
}
date {
match => [ "timestamp", "UNIX" ]
remove_field => [ "timestamp" ]
}
}
output {
redis {
host => "192.168.1.2:6379"
data_type => "list"
key => "logstash:mysql_slow_log"
}
}
页:
[1]