ELK架构监控MySQL慢日志

目录

一、架构概述

二、安装部署

三、Filebeat配置

四、Logstash配置


一、架构概述

本文使用将使用filebeat收集mysql日志信息,发送到redis中缓存,由logstash从redis中取出,发送es中存储,再从kibana中展示。

二、安装部署

ELK各中间件的安装部署参考章节:审计日志>ELK日志收集,此处不再赘述。

三、Filebeat配置

bash 复制代码
filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /usr/local/mysql-8.2.0/mysql_slow.log
  scan_frequency: 10s
  multiline.pattern: '^\s*# Time:'
  multiline.negate: true
  multiline.match: after 
 
 
output.redis:
  enabled: true
  hosts: ["192.168.122.227:6379","192.168.122.237:6379","192.168.122.238:6379"]
  key: "uap-mysql-slow-log"
  datatype: list
  password: "Redis@123456" 
  db: 0
  codec: [ json ]
  loadbalance: true
 
logging.level: info
logging.to_files: true
logging.files:
  path: /opt/module/filebeat-8.11.0
  name: filebeat.log

四、Logstash配置

bash 复制代码
# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.
 
# 从redis里面拿日志数据
input {
  redis {
        batch_count => 1 #返回的事件数量,此属性仅在list模式下起作用。
        data_type => "list" #logstash redis插件工作方式
        key => "ipu-cbs-mysql-slow-log" #监听的键值
        host => "192.168.122.227" #redis地址
        port => 6379 #redis端口号
        password => "Redis@123456" #如果有安全认证,此项为密码
        db => 0 #redis数据库的编号
        threads => 1 #启用线程数量
        tags => ["uap-mysql-slow-log-159"]
 
  }
  redis {
        batch_count => 1 #返回的事件数量,此属性仅在list模式下起作用。
        data_type => "list" #logstash redis插件工作方式
        key => "ipu-cbs-mysql-slow-log" #监听的键值
        host => "192.168.122.237" #redis地址
        port => 6379 #redis端口号
        password => "Redis@123456" #如果有安全认证,此项为密码
        db => 0 #redis数据库的编号
        threads => 1 #启用线程数量
        tags => ["uap-mysql-slow-log-159"]
 
  }
  redis {
        batch_count => 1 #返回的事件数量,此属性仅在list模式下起作用。
        data_type => "list" #logstash redis插件工作方式
        key => "ipu-cbs-mysql-slow-log" #监听的键值
        host => "192.168.122.238" #redis地址
        port => 6379 #redis端口号
        password => "Redis@123456" #如果有安全认证,此项为密码
        db => 0 #redis数据库的编号
        threads => 1 #启用线程数量
        tags => ["uap-mysql-slow-log-159"]
  }
 
}
 
 
filter {
 if "uap-mysql-slow-log-159" in[tags] {
   
     mutate {
       gsub => [
         "message", "# ", "",
         "message", "\n", " ",
         "message", "\s*@\s*", "@"
       ]
     }
 
 
     grok {
        match => { "message" => "Time: %{TIMESTAMP_ISO8601:log_time} User@Host: %{DATA:user_host} Id:\s+%{NUMBER:id:int} Query_time:\s+%{NUMBER:query_time:float}\s+Lock_time:\s+%{NUMBER:lock_time:float}\s+Rows_sent:\s+%{NUMBER:rows_sent:int}\s+Rows_examined:\s+%{NUMBER:rows_examined:int} use\s+%{DATA:database};\s+SET\s+timestamp=%{NUMBER:timestamp}; %{GREEDYDATA:sql}" }
     }
 
     if [sql] {
       grok {
         match => { "sql" => "\/\* %{GREEDYDATA:comment} \*\/ %{GREEDYDATA:slow_sql}" }
       }
     }
 
     if ![slow_sql] {
        mutate {
          add_field => { "slow_sql" => "%{sql}"}
        }
     }
      
    # 将logdate的值赋值给@timestamp
     date {
         match => [ "log_time", "ISO8601" ]
         target => "@timestamp"
         timezone =>"+08:00"
     }
 
    mutate {
      remove_field => ["timestamp","input","ecs","log","@version","agent","comment","event","log_time","sql"]
    }
  }
}
 
output {
 
if "uap-mysql-slow-log-159" in [tags] {
 
   if "tm_aseanbank_tst" in [database]{
     elasticsearch {
       hosts => ["https://192.168.122.118:9200","https://192.168.122.119:9200","https://192.168.122.120:9200"]
       index => "ipu-cbs-mysql-slow-log-test"
       user => "elastic"
       password => "elastic"
       ssl_certificate_verification => true
       truststore => "/opt/module/logstash-8.11.0/config/certs/http.p12"
       truststore_password => "123456"
     }
    
   }else if "tm_aseanbank_dev" in [database] {
     elasticsearch {
       hosts => ["https://192.168.122.118:9200","https://192.168.122.119:9200","https://192.168.122.120:9200"]
       index => "ipu-cbs-mysql-slow-log-dev"
       user => "elastic"
       password => "elastic"
       ssl_certificate_verification => true
       truststore => "/opt/module/logstash-8.11.0/config/certs/http.p12"
       truststore_password => "123456"
     }
   }
 }
}

**注意事项:**上面用的ipu-cbs-mysql-slow-log-dev 和 ipu-cbs-mysql-slow-log-test 两个索引,如果es中没有配置索引缺失自动生成,那么需要手动在es中生成这两个索引,索引的字段没有要求,缺的字段它在存储数据时会自行添加。

相关推荐
ob熔天使——武3 小时前
MySQL
数据库·mysql
brzhang4 小时前
我操,终于有人把 AI 大佬们 PUA 程序员的套路给讲明白了!
前端·后端·架构
静若繁花_jingjing7 小时前
RocketMq部署模式简介
架构·rocketmq
workflower7 小时前
ISO-IEC-IEEE 42010架构规范
开发语言·架构·软件工程·软件需求·敏捷流程
heimeiyingwang7 小时前
架构如传承:技术长河中的可持续乐章
架构
野生技术架构师8 小时前
MySQL数据实时同步到Elasticsearch的高效解决方案
数据库·mysql·elasticsearch
WarPigs10 小时前
游戏框架笔记
笔记·游戏·架构
Swift社区10 小时前
ELK、Loki、Kafka 三种日志告警联动方案全解析(附实战 Demo)
分布式·elk·kafka
Guheyunyi10 小时前
电气安全监测系统:筑牢电气安全防线
大数据·运维·网络·人工智能·安全·架构
鲸鱼146665707541911 小时前
Android数据架构模式:四种主流方案对比
架构