标签:lte 排名 size out 传输 null images 慢查询日志 date
一、背景1.MySQL慢查询日志格式:
# Time: 181109 15:04:08
# User@Host: tvpayrcdev[tvpayrcdev] @ [172.16.14.51] Id: 8960747
# Query_time: 35.918265 Lock_time: 0.000141 Rows_sent: 1 Rows_examined: 11699162
SET timestamp=1541747048;
select count(*) from trade_risk_control_record
2.MySQL慢查询日志已通过rsyslog实时传输到logstash作为Indexer的节点。
input部分
input {
file {
type => "logstash-rc-mysql-slow"
path => "/opt/data/logs/localhost-172.16.14.35/db1-slow.log"
codec => multiline {
pattern => "^# Time:"
negate => true
what => "previous"
}
stat_interval => 1
discover_interval => 1
start_position=>"end"
sincedb_path => "/dev/null"
}
}
filter部分
if [type] == "logstash-rc-mysql-slow" {
grok {
patterns_dir => ["/usr/local/logstash/etc/conf.d/patterns/mysql"]
match => { "message" => "%{LONGQUERYLOG}" }
}
date {
match => ["timestamp","UNIX"]
}
mutate {
convert => [ "query_time", "float" ]
convert => [ " lock_time", "float" ]
remove_field => "message"
remove_field => "timestamp"
}
}
output部分
if [type] == "logstash-rc-mysql-slow" {
elasticsearch {
hosts => ["172.16.1.25","172.16.1.26","172.16.1.27"]
index => ‘logstash-mysql_slow_log-%{+YYYY-MM-dd}‘
codec=>plain{charset=>"UTF-8"}
}
}
1.创建索引
2.发现数据
包括字段:
3.绘制visualize
例1:统计数量排名前10的sql语句及对应的查询时间
标签:lte 排名 size out 传输 null images 慢查询日志 date
原文地址:http://blog.51cto.com/fengjicheng/2315179