Logstash实践之MySQL Slowlog解析
logstash config script
input {
file {
path => ["/apps/svr/logstash/log/slow3306.log3"]
start_position => "beginning"
type => "mysql_slowlog"
}
}
filter {
# I am told that the '# Time: ...' lines in slow query log
# are optional and may not appear, so merge it to the next line.
multiline {
what => next
pattern => "^# Time:"
}
# The next line is always the '# user@host ...' line, so merge
# everything that is not that upwards towards it.
multiline {
what => previous
negate => true
pattern => "^# [A-Za-z0-9_-]+@"
}
}
output {
stdout {
codec => rubydebug
}
elasticsearch {
host => &