Logstash Grok筛选器mysql慢查询

Question

我尝试使用grok过滤mysql慢查询。而且我需要得到

• 数据库名称
• 用户
• IP
• Query_time
• 命令

有人帮我吗？

# User@Host: tysa6775_ua_data[tysa6775_ua_data] @ localhost []  Id:   360
# Query_time: 1.627188  Lock_time: 0.000246 Rows_sent: 5566  Rows_examined: 459414
use tysa6775_au_data1;
SET timestamp=1541421036;
select * from table_rating where id_product=1009 order by ngaytao desc;
# User@Host: tysa6775_ua_data[tysa6775_ua_data] @ localhost []  Id:   360
# Query_time: 0.000569  Lock_time: 0.000308 Rows_sent: 0  Rows_examined: 3
SET timestamp=1541421036;
select * from table_hoidap where id_product=1009 order by ngaytao desc;
# User@Host: tysa6775_ua_data[tysa6775_ua_data] @ localhost []  Id:   360
# Query_time: 0.000349  Lock_time: 0.000208 Rows_sent: 0  Rows_examined: 28
SET timestamp=1541421036;
select * from table_product_like where id_product='1009' and ip_nguoilike='5.188.210.8' order by stt,id desc;

Answer 1

由于您要访问的数据分散在日志文件中的多行中，因此您需要使用multiline codec，这将从这些行中产生一个事件。