ELK分析MySQL慢查询日志并生成图像
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ELK分析MySQL慢查询日志并生成图像相关的知识,希望对你有一定的参考价值。
一、背景
1.mysql慢查询日志格式:
# Time: 181109 15:04:08
# [email protected]: tvpayrcdev[tvpayrcdev] @ [172.16.14.51] Id: 8960747
# Query_time: 35.918265 Lock_time: 0.000141 Rows_sent: 1 Rows_examined: 11699162
SET timestamp=1541747048;
select count(*) from trade_risk_control_record2.MySQL慢查询日志已通过rsyslog实时传输到logstash作为Indexer的节点。
二、logstash配置文件
input部分
input {
file {
type => "logstash-rc-mysql-slow"
path => "/opt/data/logs/localhost-172.16.14.35/db1-slow.log"
codec => multiline {
pattern => "^# Time:"
negate => true
what => "previous"
}
stat_interval => 1
discover_interval => 1
start_position=>"end"
sincedb_path => "/dev/null"
}
}filter部分
if [type] == "logstash-rc-mysql-slow" {
grok {
patterns_dir => ["/usr/local/logstash/etc/conf.d/patterns/mysql"]
match => { "message" => "%{LONGQUERYLOG}" }
}
date {
match => ["timestamp","UNIX"]
}
mutate {
convert => [ "query_time", "float" ]
convert => [ " lock_time", "float" ]
remove_field => "message"
remove_field => "timestamp"
}
} output部分
if [type] == "logstash-rc-mysql-slow" {
elasticsearch {
hosts => ["172.16.1.25","172.16.1.26","172.16.1.27"]
index => ‘logstash-mysql_slow_log-%{+YYYY-MM-dd}‘
codec=>plain{charset=>"UTF-8"}
}
}三、kibana展示
1.创建索引
2.发现数据
包括字段:
3.绘制visualize
例1:统计数量排名前10的sql语句及对应的查询时间
以上是关于ELK分析MySQL慢查询日志并生成图像的主要内容,如果未能解决你的问题,请参考以下文章