logstash配置为
请问怎么解决
input {
file {
type => "mysql-slow"
path => "/tmp/slows.log"
codec => multiline {
pattern => "^# Time:"
negate => true
what => "previous"
}
}
}
filter {
if [ type ] == "mysql-slow" {
grok {
match => { "message" => "SELECT SLEEP" }
add_tag => [ "sleep_drop" ]
}
if "sleep_drop" in [tags] {
drop {}
}
grok {
"message" => "(?m)^#\s+Time\s?.*\s+#\s+User@Host:\s+%{USER:user}\[[^\]]+\]\s+@\s+(?:(?<clienthost>\S*) )?\[(?:%{IPV4:clientip})?\]\s+Id:\s+%{NUMBER:row_id:int}\n#\s+Query_time:\s+%{NUMBER:query_time:float}\s+Lock_time:\s+%{NUMBER:lock_time:float}\s+Rows_sent:\s+%{NUMBER:rows_sent:int}\s+Rows_examined:\s+%{NUMBER:rows_examined:int}\n\s*(?:use %{DATA:database};\s*\n)?SET\s+timestamp=%{NUMBER:timestamp};\n\s*(?<sql>(?<action>\w+)([\w.*\W.*])*;)\s*$"
}
}
}请问怎么解决
[尊重社区原创,转载请保留或注明出处]
本文地址:http://elasticsearch.cn/article/13822
本文地址:http://elasticsearch.cn/article/13822
7 个评论
为什么搞了两个gork , 你第一个gork的作用是什么
丢弃select sleep语句
是不是第二个grok写法有问题? 按照第一个grok 用match试试?
这个grok,我在其他机器上测试可以正常解析,在这台机器上就不行。我感到很奇怪
