Works Fine for Me too ! @Badger beat me to it!
test file
# Time: 2022-02-21T21:06:30.359422Z\n# User@Host: backoffice[backoffice] @ [10.27.10.23] Id: 5373\n# Query_time: 13.690075 Lock_time: 0.000000 Rows_sent: 0 Rows_examined: 189879\nSET timestamp=1645477590;\ncall sp_execute_sql_on_server('select s.id,\r\ns.channel,\r\ns.capture_type,\r\ns.ruc,\r\ns.commerce_id,\r\nc.`name` as commerce_name, \r\nIF(s.id_procesador IS NULL OR s.id_procesador = '''',s.transaction_id, s.id_procesador) as transaction_id,\r\ns.id_resolutor,\r\ns.id_procesador,\r\ns.trx_date,\r\ns.registerFrequent,\r\ns.useFrequent,\r\ns.po_number,\r\ns.po_ext_number,\r\ns.shop_po_number,\r\ns.global_po_number,\r\ns.currency,\r\ns.order_amount, \r\ns.auth_payment,\r\ns.settled_amount,\r\ns.bin,\r\ns.pan,\r\ns.panEnc,\r\ns.expEnc,\r\ns.cardholder,\r\ns.cardholder_email,\r\ns.sub_product,\r\ns.state,\r\ns.action_code,\r\ns.authorization_code,\r\n(select IF(e.message IS NULL, s.authorization_message, e.message) from bo_error_messages e where s.action_code = CONVERT( e.`code` USING UTF8)) AS authorization_message,\r\ns.authorization_date,\r\ns.annulation_trace,\r\ns.annulation_date,\r\ns.annulation_reason,\r\ns.cavv,\r\ns.eci,\r\ns.xid,\r\ns.cavv_response,\r\ns.cvv2_response,\r\ns.verification_code,\r\nc.mcc,\r\ns.bank,\r\ns.entity_id,\r\ns.pago_link_id,\r\ns.billing_address,\r\ns.aditionalFieldType,\r\ns.confirmation_date,\r\ns.countable,\r\ns.acquirer,\r\ns.brand,\r\ns.expiration_date,\r\ndccIndicator,\r\ndccEligibilityCode,\r\ndccCurrencyCode,\r\ndccCurrencyCodeAlpha,\r\ndccAmount,\r\ndccExponent,\r\ndccExchangeRate,\r\ndccWholeSaleRate,\r\ndccMarkup,\r\ndccRateSource,\r\ndccRateDateTime,\r\nquotaNumber,\r\nquotaAmount,\r\nquotaDeferred,\r\nnoInterestProgram,\r\nnoInterestType,\r\nnoInterestAmount,\r\nnoInterestDiscount,\r\nnoInterestMessage,\r\nsignature,\r\nts.`user` as user,\r\nts.`name` as name,\r\nts.`lastName` as lastName,\r\ns.vaultBlock,\r\ns.additionalData,\r\n(select bi.binType from ecommerce.Bines bi WHERE s.`bin` = bi.`binNumber`) AS `binType`,\r\n(select bi.issuerId from ecommerce.Bines bi WHERE s.`bin` = bi.`binNumber`) AS `emisor` \r\nFROM bo_sales s FORCE INDEX (SALES_IX_004)\r\nLEFT JOIN bo_commerce c ON CAST(s.commerce_id AS CHAR) = c.`commerce_code` \r\nLEFT JOIN bo_telepago_sales ts ON s.`id` = ts.`idSale` \r\nWHERE s.state NOT IN (''Verified'',''Verified/Not Voided'',''Not Verified'') \r\nand s.commerce_id = CONVERT(650182975, UNSIGNED) and DATE(s.trx_date) >= STR_TO_DATE(''20/02/2022'',''%d/%m/%Y'') and DATE(s.trx_date) <= STR_TO_DATE(''21/02/2022'',''%d/%m/%Y'') and s.order_amount = 514.06 order by s.trx_date DESC LIMIT 0, 10');"
# Time: 2022-02-21T21:06:31.359422Z\n# User@Host: backoffice[backoffice] @ [10.27.10.23] Id: 5373\n# Query_time: 13.690075 Lock_time: 0.000000 Rows_sent: 0 Rows_examined: 189879\nSET timestamp=1645477590;\ncall sp_execute_sql_on_server('select s.id,\r\ns.channel,\r\ns.capture_type,\r\ns.ruc,\r\ns.commerce_id,\r\nc.`name` as commerce_name, \r\nIF(s.id_procesador IS NULL OR s.id_procesador = '''',s.transaction_id, s.id_procesador) as transaction_id,\r\ns.id_resolutor,\r\ns.id_procesador,\r\ns.trx_date,\r\ns.registerFrequent,\r\ns.useFrequent,\r\ns.po_number,\r\ns.po_ext_number,\r\ns.shop_po_number,\r\ns.global_po_number,\r\ns.currency,\r\ns.order_amount, \r\ns.auth_payment,\r\ns.settled_amount,\r\ns.bin,\r\ns.pan,\r\ns.panEnc,\r\ns.expEnc,\r\ns.cardholder,\r\ns.cardholder_email,\r\ns.sub_product,\r\ns.state,\r\ns.action_code,\r\ns.authorization_code,\r\n(select IF(e.message IS NULL, s.authorization_message, e.message) from bo_error_messages e where s.action_code = CONVERT( e.`code` USING UTF8)) AS authorization_message,\r\ns.authorization_date,\r\ns.annulation_trace,\r\ns.annulation_date,\r\ns.annulation_reason,\r\ns.cavv,\r\ns.eci,\r\ns.xid,\r\ns.cavv_response,\r\ns.cvv2_response,\r\ns.verification_code,\r\nc.mcc,\r\ns.bank,\r\ns.entity_id,\r\ns.pago_link_id,\r\ns.billing_address,\r\ns.aditionalFieldType,\r\ns.confirmation_date,\r\ns.countable,\r\ns.acquirer,\r\ns.brand,\r\ns.expiration_date,\r\ndccIndicator,\r\ndccEligibilityCode,\r\ndccCurrencyCode,\r\ndccCurrencyCodeAlpha,\r\ndccAmount,\r\ndccExponent,\r\ndccExchangeRate,\r\ndccWholeSaleRate,\r\ndccMarkup,\r\ndccRateSource,\r\ndccRateDateTime,\r\nquotaNumber,\r\nquotaAmount,\r\nquotaDeferred,\r\nnoInterestProgram,\r\nnoInterestType,\r\nnoInterestAmount,\r\nnoInterestDiscount,\r\nnoInterestMessage,\r\nsignature,\r\nts.`user` as user,\r\nts.`name` as name,\r\nts.`lastName` as lastName,\r\ns.vaultBlock,\r\ns.additionalData,\r\n(select bi.binType from ecommerce.Bines bi WHERE s.`bin` = bi.`binNumber`) AS `binType`,\r\n(select bi.issuerId from ecommerce.Bines bi WHERE s.`bin` = bi.`binNumber`) AS `emisor` \r\nFROM bo_sales s FORCE INDEX (SALES_IX_004)\r\nLEFT JOIN bo_commerce c ON CAST(s.commerce_id AS CHAR) = c.`commerce_code` \r\nLEFT JOIN bo_telepago_sales ts ON s.`id` = ts.`idSale` \r\nWHERE s.state NOT IN (''Verified'',''Verified/Not Voided'',''Not Verified'') \r\nand s.commerce_id = CONVERT(650182975, UNSIGNED) and DATE(s.trx_date) >= STR_TO_DATE(''20/02/2022'',''%d/%m/%Y'') and DATE(s.trx_date) <= STR_TO_DATE(''21/02/2022'',''%d/%m/%Y'') and s.order_amount = 514.06 order by s.trx_date DESC LIMIT 0, 10');"
# Time: 2022-02-21T21:06:32.359422Z\n# User@Host: backoffice[backoffice] @ [10.27.10.23] Id: 5373\n# Query_time: 13.690075 Lock_time: 0.000000 Rows_sent: 0 Rows_examined: 189879\nSET timestamp=1645477590;\ncall sp_execute_sql_on_server('select s.id,\r\ns.channel,\r\ns.capture_type,\r\ns.ruc,\r\ns.commerce_id,\r\nc.`name` as commerce_name, \r\nIF(s.id_procesador IS NULL OR s.id_procesador = '''',s.transaction_id, s.id_procesador) as transaction_id,\r\ns.id_resolutor,\r\ns.id_procesador,\r\ns.trx_date,\r\ns.registerFrequent,\r\ns.useFrequent,\r\ns.po_number,\r\ns.po_ext_number,\r\ns.shop_po_number,\r\ns.global_po_number,\r\ns.currency,\r\ns.order_amount, \r\ns.auth_payment,\r\ns.settled_amount,\r\ns.bin,\r\ns.pan,\r\ns.panEnc,\r\ns.expEnc,\r\ns.cardholder,\r\ns.cardholder_email,\r\ns.sub_product,\r\ns.state,\r\ns.action_code,\r\ns.authorization_code,\r\n(select IF(e.message IS NULL, s.authorization_message, e.message) from bo_error_messages e where s.action_code = CONVERT( e.`code` USING UTF8)) AS authorization_message,\r\ns.authorization_date,\r\ns.annulation_trace,\r\ns.annulation_date,\r\ns.annulation_reason,\r\ns.cavv,\r\ns.eci,\r\ns.xid,\r\ns.cavv_response,\r\ns.cvv2_response,\r\ns.verification_code,\r\nc.mcc,\r\ns.bank,\r\ns.entity_id,\r\ns.pago_link_id,\r\ns.billing_address,\r\ns.aditionalFieldType,\r\ns.confirmation_date,\r\ns.countable,\r\ns.acquirer,\r\ns.brand,\r\ns.expiration_date,\r\ndccIndicator,\r\ndccEligibilityCode,\r\ndccCurrencyCode,\r\ndccCurrencyCodeAlpha,\r\ndccAmount,\r\ndccExponent,\r\ndccExchangeRate,\r\ndccWholeSaleRate,\r\ndccMarkup,\r\ndccRateSource,\r\ndccRateDateTime,\r\nquotaNumber,\r\nquotaAmount,\r\nquotaDeferred,\r\nnoInterestProgram,\r\nnoInterestType,\r\nnoInterestAmount,\r\nnoInterestDiscount,\r\nnoInterestMessage,\r\nsignature,\r\nts.`user` as user,\r\nts.`name` as name,\r\nts.`lastName` as lastName,\r\ns.vaultBlock,\r\ns.additionalData,\r\n(select bi.binType from ecommerce.Bines bi WHERE s.`bin` = bi.`binNumber`) AS `binType`,\r\n(select bi.issuerId from ecommerce.Bines bi WHERE s.`bin` = bi.`binNumber`) AS `emisor` \r\nFROM bo_sales s FORCE INDEX (SALES_IX_004)\r\nLEFT JOIN bo_commerce c ON CAST(s.commerce_id AS CHAR) = c.`commerce_code` \r\nLEFT JOIN bo_telepago_sales ts ON s.`id` = ts.`idSale` \r\nWHERE s.state NOT IN (''Verified'',''Verified/Not Voided'',''Not Verified'') \r\nand s.commerce_id = CONVERT(650182975, UNSIGNED) and DATE(s.trx_date) >= STR_TO_DATE(''20/02/2022'',''%d/%m/%Y'') and DATE(s.trx_date) <= STR_TO_DATE(''21/02/2022'',''%d/%m/%Y'') and s.order_amount = 514.06 order by s.trx_date DESC LIMIT 0, 10');"
# Time: 2022-02-21T21:06:33.359422Z\n# User@Host: backoffice[backoffice] @ [10.27.10.23] Id: 5373\n# Query_time: 13.690075 Lock_time: 0.000000 Rows_sent: 0 Rows_examined: 189879\nSET timestamp=1645477590;\ncall sp_execute_sql_on_server('select s.id,\r\ns.channel,\r\ns.capture_type,\r\ns.ruc,\r\ns.commerce_id,\r\nc.`name` as commerce_name, \r\nIF(s.id_procesador IS NULL OR s.id_procesador = '''',s.transaction_id, s.id_procesador) as transaction_id,\r\ns.id_resolutor,\r\ns.id_procesador,\r\ns.trx_date,\r\ns.registerFrequent,\r\ns.useFrequent,\r\ns.po_number,\r\ns.po_ext_number,\r\ns.shop_po_number,\r\ns.global_po_number,\r\ns.currency,\r\ns.order_amount, \r\ns.auth_payment,\r\ns.settled_amount,\r\ns.bin,\r\ns.pan,\r\ns.panEnc,\r\ns.expEnc,\r\ns.cardholder,\r\ns.cardholder_email,\r\ns.sub_product,\r\ns.state,\r\ns.action_code,\r\ns.authorization_code,\r\n(select IF(e.message IS NULL, s.authorization_message, e.message) from bo_error_messages e where s.action_code = CONVERT( e.`code` USING UTF8)) AS authorization_message,\r\ns.authorization_date,\r\ns.annulation_trace,\r\ns.annulation_date,\r\ns.annulation_reason,\r\ns.cavv,\r\ns.eci,\r\ns.xid,\r\ns.cavv_response,\r\ns.cvv2_response,\r\ns.verification_code,\r\nc.mcc,\r\ns.bank,\r\ns.entity_id,\r\ns.pago_link_id,\r\ns.billing_address,\r\ns.aditionalFieldType,\r\ns.confirmation_date,\r\ns.countable,\r\ns.acquirer,\r\ns.brand,\r\ns.expiration_date,\r\ndccIndicator,\r\ndccEligibilityCode,\r\ndccCurrencyCode,\r\ndccCurrencyCodeAlpha,\r\ndccAmount,\r\ndccExponent,\r\ndccExchangeRate,\r\ndccWholeSaleRate,\r\ndccMarkup,\r\ndccRateSource,\r\ndccRateDateTime,\r\nquotaNumber,\r\nquotaAmount,\r\nquotaDeferred,\r\nnoInterestProgram,\r\nnoInterestType,\r\nnoInterestAmount,\r\nnoInterestDiscount,\r\nnoInterestMessage,\r\nsignature,\r\nts.`user` as user,\r\nts.`name` as name,\r\nts.`lastName` as lastName,\r\ns.vaultBlock,\r\ns.additionalData,\r\n(select bi.binType from ecommerce.Bines bi WHERE s.`bin` = bi.`binNumber`) AS `binType`,\r\n(select bi.issuerId from ecommerce.Bines bi WHERE s.`bin` = bi.`binNumber`) AS `emisor` \r\nFROM bo_sales s FORCE INDEX (SALES_IX_004)\r\nLEFT JOIN bo_commerce c ON CAST(s.commerce_id AS CHAR) = c.`commerce_code` \r\nLEFT JOIN bo_telepago_sales ts ON s.`id` = ts.`idSale` \r\nWHERE s.state NOT IN (''Verified'',''Verified/Not Voided'',''Not Verified'') \r\nand s.commerce_id = CONVERT(650182975, UNSIGNED) and DATE(s.trx_date) >= STR_TO_DATE(''20/02/2022'',''%d/%m/%Y'') and DATE(s.trx_date) <= STR_TO_DATE(''21/02/2022'',''%d/%m/%Y'') and s.order_amount = 514.06 order by s.trx_date DESC LIMIT 0, 10');"
test logstash.conf
input {
file {
path => "/Users/sbrown/workspace/sample-data/discuss/slowlog/slowlog.txt"
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter {
grok {
match => { "message" => "# Time: %{TIMESTAMP_ISO8601:aws_mysql.slowquery.date}\\n# User@Host: %{USER:aws_mysql.slowquery.user1}\[%{USER:aws_mysql.slowquery.user2}\] @ \[%{IP:aws_mysql.slowquery.ip:ip}\] Id: %{NUMBER:aws_mysql.slowquery.id:integer}\\n# Query_time: %{BASE16FLOAT:aws_mysql.slowquery.query_time:float} Lock_time: %{BASE16FLOAT:aws_mysql.slowquery.lock_time:float} Rows_sent: %{NUMBER:aws_mysql.slowquery.rows_sent:integer} Rows_examined: %{NUMBER:aws_mysql.slowquery.rows_examined:integer}\\n%{GREEDYDATA:aws_mysql.slowquery.set_timestamp};\\n%{GREEDYDATA:aws_mysql.slowquery.query}" }
}
mutate {
remove_field => [ "message" ]
}
}
output {
stdout {codec => rubydebug}
# elasticsearch {
# hosts => ["localhost:9200"]
# index => "my-discuss-slowlog"
# }
}
output
{
"aws_mysql.slowquery.date" => "2022-02-21T21:06:32.359422Z",
"aws_mysql.slowquery.rows_sent" => "0",
"aws_mysql.slowquery.query_time" => 13.690075,
"aws_mysql.slowquery.query" => "call sp_execute_sql_on_server('select s.id,\\r\\ns.channel,\\r\\ns.capture_type,\\r\\ns.ruc,\\r\\ns.commerce_id,\\r\\nc.`name` as commerce_name, \\r\\nIF(s.id_procesador IS NULL OR s.id_procesador = '''',s.transaction_id, s.id_procesador) as transaction_id,\\r\\ns.id_resolutor,\\r\\ns.id_procesador,\\r\\ns.trx_date,\\r\\ns.registerFrequent,\\r\\ns.useFrequent,\\r\\ns.po_number,\\r\\ns.po_ext_number,\\r\\ns.shop_po_number,\\r\\ns.global_po_number,\\r\\ns.currency,\\r\\ns.order_amount, \\r\\ns.auth_payment,\\r\\ns.settled_amount,\\r\\ns.bin,\\r\\ns.pan,\\r\\ns.panEnc,\\r\\ns.expEnc,\\r\\ns.cardholder,\\r\\ns.cardholder_email,\\r\\ns.sub_product,\\r\\ns.state,\\r\\ns.action_code,\\r\\ns.authorization_code,\\r\\n(select IF(e.message IS NULL, s.authorization_message, e.message) from bo_error_messages e where s.action_code = CONVERT( e.`code` USING UTF8)) AS authorization_message,\\r\\ns.authorization_date,\\r\\ns.annulation_trace,\\r\\ns.annulation_date,\\r\\ns.annulation_reason,\\r\\ns.cavv,\\r\\ns.eci,\\r\\ns.xid,\\r\\ns.cavv_response,\\r\\ns.cvv2_response,\\r\\ns.verification_code,\\r\\nc.mcc,\\r\\ns.bank,\\r\\ns.entity_id,\\r\\ns.pago_link_id,\\r\\ns.billing_address,\\r\\ns.aditionalFieldType,\\r\\ns.confirmation_date,\\r\\ns.countable,\\r\\ns.acquirer,\\r\\ns.brand,\\r\\ns.expiration_date,\\r\\ndccIndicator,\\r\\ndccEligibilityCode,\\r\\ndccCurrencyCode,\\r\\ndccCurrencyCodeAlpha,\\r\\ndccAmount,\\r\\ndccExponent,\\r\\ndccExchangeRate,\\r\\ndccWholeSaleRate,\\r\\ndccMarkup,\\r\\ndccRateSource,\\r\\ndccRateDateTime,\\r\\nquotaNumber,\\r\\nquotaAmount,\\r\\nquotaDeferred,\\r\\nnoInterestProgram,\\r\\nnoInterestType,\\r\\nnoInterestAmount,\\r\\nnoInterestDiscount,\\r\\nnoInterestMessage,\\r\\nsignature,\\r\\nts.`user` as user,\\r\\nts.`name` as name,\\r\\nts.`lastName` as lastName,\\r\\ns.vaultBlock,\\r\\ns.additionalData,\\r\\n(select bi.binType from ecommerce.Bines bi WHERE s.`bin` = bi.`binNumber`) AS `binType`,\\r\\n(select bi.issuerId from ecommerce.Bines bi WHERE s.`bin` = bi.`binNumber`) AS `emisor` \\r\\nFROM bo_sales s FORCE INDEX (SALES_IX_004)\\r\\nLEFT JOIN bo_commerce c ON CAST(s.commerce_id AS CHAR) = c.`commerce_code` \\r\\nLEFT JOIN bo_telepago_sales ts ON s.`id` = ts.`idSale` \\r\\nWHERE s.state NOT IN (''Verified'',''Verified/Not Voided'',''Not Verified'') \\r\\nand s.commerce_id = CONVERT(650182975, UNSIGNED) and DATE(s.trx_date) >= STR_TO_DATE(''20/02/2022'',''%d/%m/%Y'') and DATE(s.trx_date) <= STR_TO_DATE(''21/02/2022'',''%d/%m/%Y'') and s.order_amount = 514.06 order by s.trx_date DESC LIMIT 0, 10');\"",
"aws_mysql.slowquery.user1" => "backoffice",
"host" => "hyperion",
"aws_mysql.slowquery.ip" => "10.27.10.23",
"aws_mysql.slowquery.user2" => "backoffice",
"aws_mysql.slowquery.id" => "5373",
"aws_mysql.slowquery.lock_time" => 0.0,
"aws_mysql.slowquery.set_timestamp" => "SET timestamp=1645477590",
"path" => "/Users/sbrown/workspace/sample-data/discuss/slowlog/slowlog.txt",
"@timestamp" => 2022-02-22T02:11:11.613Z,
"@version" => "1",
"aws_mysql.slowquery.rows_examined" => "189879"
}