mysql logstash 配置

[elk@dr-mysql01 mysql]$ cat logstash_mysql.conf
input {
        file {
                type => "zj_mysql"
                path => ["/data01/applog_backup/zjzc_log/zj-mysql01-slowlog.*"]
                 codec => multiline {
      pattern => "^\s+#\s+User@Host:"
      negate => true
      what => "previous"
    }

        }
    
       file { 
                type => "wj_mysql" 
                path => ["/data01/applog_backup/winfae_log/wj-mysql01-slowlog.*"] 
                 codec => multiline {
      pattern => "^\s+#\s+User@Host:"
      negate => true
      what => "previous"
    }

        } 
        

    }

filter {
  # drop sleep events
  grok {
    match => { "message" => "SELECT SLEEP" }
    add_tag => [ "sleep_drop" ]
    tag_on_failure => [] # prevent default _grokparsefailure tag on real records
  }
  if "sleep_drop" in [tags] {
    drop {}
  }
  grok {
    match => [ "message","(?m)\s*# User@Host:\s+\S+\[%{USER:user}\]\s+@\s+\[%{IP:clientip}\]\s+(?<id>(\S+\s+)*\S+)\s*#\s+Query_time:\s+%{NUMBER:Query_time}\s+Lock_time: %{NUMBER:lock_time}\s+Rows_sent: %{NUMBER:rows_sent}\s+Rows_examined: %{NUMBER:rows_examined}\s*
\s*SET\s+timestamp=%{NUMBER:timestamp};\s*(?<query>(\s*\S+\s*).*)\s*" 
]
  }
  date {
    match => [ "timestamp", "UNIX" ]
    remove_field => [ "timestamp" ]
  }
}
output {
     if [type] == "zj_mysql" { 
        redis {
                host => "192.168.32.67"
                data_type => "list"
                key => "zj_mysql:redis"
                port=>"6379"
                password => "1234567"
        }
}
      else if [type] == "wj_mysql"{
       redis { 
                host => "192.168.32.67" 
                data_type => "list" 
                key => "wj_mysql:redis" 
                port=>"6379" 
                password => "1234567" 
        } 
}
}

转载于:https://www.cnblogs.com/zhaoyangjian724/p/6199273.html

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值