標籤:elk
介紹通過利用filebeat來收集mysql的慢查詢日誌,logstash解析後推送到elasticsearch,並建立自訂的索引,最終通過kibana進行web展示。
環境介紹:
作業系統版本:CentOS Linux release 7.3.1611 (Core) 64bit
Mysql版本: 5.6.28
Logstash版本: logstash 5.3.0
Elasticsearch版本:elasticsearch 5.3.0
Kibana版本:Kibana 5.3.0
Java版本:1.8.0_121
Mysql版本: 5.6.28及mysql慢日誌
[bash]# Time: 170420 1:41:04# [email protected]: root[root] @ [192.168.1.178] Id: 2238895756# Query_time: 3.887598 Lock_time: 0.000099 Rows_sent: 19 Rows_examined: 19SET timestamp=1492623664;select * from users_test;# [email protected]: root[root] @ [192.168.1.178] Id: 2238895828# Query_time: 3.161184 Lock_time: 0.000150 Rows_sent: 28 Rows_examined: 28SET timestamp=1492623664;select * from users_test;# Time: 170420 1:41:12[/bash]
filebeat及logstash配置
filebeat.yml設定檔
[bash]filebeat:prospectors:-paths:- /data/mysql/xxx-slow.logdocument_type: mysqlslowmultiline:pattern: "^# [email protected]: "negate: truematch: afterregistry_file: /var/lib/filebeat/registryoutput:logstash:hosts: ["192.168.1.63:5044"][/bash]
logstash.conf
[bash]input {beats {port => 5044}}filter {grok {match => [ "message", "(?m)^# [email protected]: %{USER:query_user}\[[^\]]+\] @ (?:(?<query_host>\S*) )?\[(?:%{IP:query_ip})?\]\s*Id: %{NUMBER:id:int}\s+# Query_time: %{NUMBER:query_time:float}\s+Lock_time: %{NUMBER:lock_time:float}\s+Rows_sent: %{NUMBER:rows_sent:int}\s+Rows_examined: %{NUMBER:rows_examined:int}\s*(?:use %{DATA:database};\s*)?SET timestamp=%{NUMBER:timestamp};\s*(?<query>(?<action>\w+)\s+.*)" ]}grok {match => { "message" => "# Time: " }add_tag => [ "drop" ]tag_on_failure =>[]}if "drop" in [tags] {drop {}}date {match => [ "timestamp", "UNIX", "YYYY-MM-dd HH:mm:ss"]remove_field => [ "timestamp" ]}}output {elasticsearch {hosts => "192.168.1.63:9200"manage_template => falseindex => "%{[@metadata][beat]}-%{[type]}-%{+YYYY.MM.dd}"document_type => "%{[@metadata][type]}"}}[/bash]
kibana日誌輸出展示
650) this.width=650;" class="size-large wp-image-1158" src="https://www.olinux.org.cn/wp-content/uploads/2017/04/QQ%E6%88%AA%E5%9B%BE20170420135345-1024x459.jpg" alt="mysql慢日誌kibana展示" width="1024" height="459" style="height:auto;vertical-align:middle;border:0px;margin:0px;" />
mysql慢日誌kibana展示
650) this.width=650;" class="wp-image-1159 size-large" src="https://www.olinux.org.cn/wp-content/uploads/2017/04/QQ%E5%9B%BE%E7%89%8720170420135617-1024x643.png" alt="mysql慢日誌kibana展示" width="1024" height="643" style="height:auto;vertical-align:middle;border:0px;margin:0px;" />
mysql慢日誌kibana展示
本文出自 “olinux營運瑣事” 部落格,請務必保留此出處http://93489.blog.51cto.com/83489/1917982
利用filebeat推送mysql慢查詢日誌
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
