文章目录
1. 前言
- 1. 前言
- 2. 慢查询配置
- 2.1 MySQL数据库配置
- 2.2 Logstash配置
- 2.3 Filebeat配置
在前面一篇博客《微服务轮子项目(13) - 统一日志中心详解(docker安装部署)》,主要讲解了在Docker下部署ELK,以及各个组件的作用(包括filebeat)。
本文基于上一篇博客的环境下,讲解慢查询SQL如何配置。
2. 慢查询配置 2.1 MySQL数据库配置step1: 修改数据库配置,增加慢sql日志
vim /etc/my.cnf
#是否开启慢查询日志
slow_query_log=ON
#日志存放地址
slow_query_log_file=/var/lib/mysql/mysql-slow.log
#慢查询时间(s),这里为了测试所以设置比较小
long_query_time=0.1
step2: 重启数据库
service mysqld restart
step3:登录数据库查询配置信息是否生效
show VARIABLES like '%slow%';
show VARIABLES like 'long_query_time';
step1:修改10-syslog.conf配置,在filter里增加以下内容
if [fields][docType] == "mysqlslowlogs" {
grok {
match => [
"message", "^#\s+User@Host:\s+%{USER:user}\[[^\]]+\]\s+@\s+(?:(?\S*) )?\[(?:%{IP:clientip})?\]\s+Id:\s+%{NUMBER:id}\n# Query_time: %{NUMBER:query_time}\s+Lock_time: %{NUMBER:lock_time}\s+Rows_sent: %{NUMBER:rows_sent}\s+Rows_examined: %{NUMBER:rows_examined}\nuse\s(?\w+);\nSET\s+timestamp=%{NUMBER:timestamp_mysql};\n(?[\s\S]*)",
"message", "^#\s+User@Host:\s+%{USER:user}\[[^\]]+\]\s+@\s+(?:(?\S*) )?\[(?:%{IP:clientip})?\]\s+Id:\s+%{NUMBER:id}\n# Query_time: %{NUMBER:query_time}\s+Lock_time: %{NUMBER:lock_time}\s+Rows_sent: %{NUMBER:rows_sent}\s+Rows_examined: %{NUMBER:rows_examined}\nSET\s+timestamp=%{NUMBER:timestamp_mysql};\n(?[\s\S]*)",
"message", "^#\s+User@Host:\s+%{USER:user}\[[^\]]+\]\s+@\s+(?:(?\S*) )?\[(?:%{IP:clientip})?\]\n# Query_time: %{NUMBER:query_time}\s+Lock_time: %{NUMBER:lock_time}\s+Rows_sent: %{NUMBER:rows_sent}\s+Rows_examined: %{NUMBER:rows_examined}\nuse\s(?\w+);\nSET\s+timestamp=%{NUMBER:timestamp_mysql};\n(?[\s\S]*)",
"message", "^#\s+User@Host:\s+%{USER:user}\[[^\]]+\]\s+@\s+(?:(?\S*) )?\[(?:%{IP:clientip})?\]\n# Query_time: %{NUMBER:query_time}\s+Lock_time: %{NUMBER:lock_time}\s+Rows_sent: %{NUMBER:rows_sent}\s+Rows_examined: %{NUMBER:rows_examined}\nSET\s+timestamp=%{NUMBER:timestamp_mysql};\n(?[\s\S]*)"
]
}
date {
match => ["timestamp_mysql","yyyy-MM-dd HH:mm:ss.SSS","UNIX"]
}
date {
match => ["timestamp_mysql","yyyy-MM-dd HH:mm:ss.SSS","UNIX"]
target => "timestamp"
}
mutate {
convert => ["query_time", "float"]
convert => ["lock_time", "float"]
convert => ["rows_sent", "integer"]
convert => ["rows_examined", "integer"]
remove_field => "message"
remove_field => "timestamp_mysql"
remove_field => "@version"
}
}
step2: 修改30-output.conf配置,增加以下内容
if [fields][docType] == "mysqlslowlogs" {
elasticsearch {
hosts => ["localhost"]
manage_template => false
index => "mysql-slowlog-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}
修改配置文件filebeat.yml,在filebeat.inputs 里改为以下内容:
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/lib/mysql/mysql-slow.log
fields:
docType: mysqlslowlogs
exclude_lines: ['^\# Time']
multiline:
pattern: '^\# Time|^\# User'
negate: true
match: after
