Logstash 处理 Mysql Slow Log5
Logstash 处理 Mysql Slow Log5
filter 是整个mysql 日志处理的核心部分,就是通过它来抓取信息赋给各个filed
Item | Comment |
|---|---|
filter { | 框定处理逻辑的定义范围 |
grok { | 定义了一个过滤器,使用 grok 插件来解析文本,和抓取信息,用于文本结构化 |
match => ["message",".*"] | 用来match哈希 {"message" => ".*patten.*"},然后把正则捕获的值作为事件日志的filed |
date { | 定义了一个过滤器,使用 date 插件来从fileds中解析出时间,然后把获取的时间值作为此次事件日志的时间戳 |
match => [ "timestamp", "UNIX" ] | 取用 timestamp 中的时间作为事件日志时间戳,模式匹配为UNIX |
#remove_field => [ "timestamp" ] | 一般而言,日志会有一个自己的时间戳 @timestamp ,这是logstash或 beats看到日志时的时间点,但是上一步已经将从日志捕获的时间赋给了 @timestamp ,所以 timestamp 就是一份冗余的信息,可以使用 remove_field 方法来删掉这个字段,但我选择保留 |
The date filter is especially important for sorting events and for backfilling old data. If you don’t get the date correct in your event, then searching for them later will likely sort out of order. In the absence of this filter, logstash will choose a timestamp based on the first time it sees the event (at input time), if the timestamp is not already set in the event. For example, with file input, the timestamp is set to the time of each read.
output
output {
elasticsearch {
hosts => ["localhost:9200"]
index=>"mysql-slow-log-%{+YYYY.MM.dd}"
}
stdout { codec => rubydebug }
}本文系转载,前往查看
如有侵权,请联系 cloudcommunity@tencent.com 删除。
本文系转载,前往查看
如有侵权,请联系 cloudcommunity@tencent.com 删除。
腾讯云开发者
