Mysql-Module Grok-Parsing Error

strowi · March 26, 2018, 8:12am

Hi,

trying to get percona slow-logs into es with the mysql-module. But it seems there is some pattern mismatch?

Version: 6.2.3
Operating System: Ubuntu 16.04.3 LTS
Steps to Reproduce:

filebeat.prospectors:

filebeat.config.modules:
  # Glob pattern for configuration loading
  path: ${path.config}/modules.d/*.yml

  # Set to true to enable config reloading
  reload.enabled: false

  # Period on which files under path should be checked for changes
  #reload.period: 10s

output.elasticsearch:
  hosts: ["es:30092"]
  index: "percona-%{[beat.version]}-%{+yyyy.MM.dd}"

setup:
  template:
    name: "percona-%{[beat.version]}"
    pattern: "percona-%{[beat.version]}-*"

filebeat.modules:
 - module: mysql
   # Error logs
   error:
     enabled: true
     var.paths: [/var/log/mysql/error.log]
   # Slow logs
   slowlog:
     enabled: true
     var.paths: [/var/log/mysql/mysql-slow.log]

error:

||Provided Grok expressions do not match field value: [# Time: 2018-03-26T08:03:59.598547Z]|

message:

@timestamp:
    March 26th 2018, 10:04:06.883
offset:
    6,594
beat.hostname:
    db03
beat.name:
    db03
beat.version:
    6.2.3
prospector.type:
    log
source:
    /var/log/mysql/mysql-slow.log
fileset.module:
    mysql
fileset.name:
    slowlog
fields.env:
    prod2
message:
    # User@Host: root[root] @ localhost [] Id: 37045034 # Schema: Last_errno: 0 Killed: 0 # Query_time: 10.000204 Lock_time: 0.000000 Rows_sent: 1 Rows_examined: 0 Rows_affected: 0 # Bytes_sent: 57 Tmp_tables: 0 Tmp_disk_tables: 0 Tmp_table_sizes: 0 # QC_Hit: No Full_scan: No Full_join: No Tmp_table: No Tmp_table_on_disk: No # Filesort: No Filesort_on_disk: No Merge_passes: 0 # No InnoDB statistics available for this query # Log_slow_rate_type: session Log_slow_rate_limit: 100 SET timestamp=1522051439; select sleep(10);
error.message:
    Provided Grok expressions do not match field value: [# User@Host: root[root] @ localhost [] Id: 37045034\n# Schema: Last_errno: 0 Killed: 0\n# Query_time: 10.000204 Lock_time: 0.000000 Rows_sent: 1 Rows_examined: 0 Rows_affected: 0\n# Bytes_sent: 57 Tmp_tables: 0 Tmp_disk_tables: 0 Tmp_table_sizes: 0\n# QC_Hit: No Full_scan: No Full_join: No Tmp_table: No Tmp_table_on_disk: No\n# Filesort: No Filesort_on_disk: No Merge_passes: 0\n# No InnoDB statistics available for this query\n# Log_slow_rate_type: session Log_slow_rate_limit: 100\nSET timestamp=1522051439;\nselect sleep(10);]
_id:
    Uv9WYWIBCQzjQvHMD8TZ
_type:
    doc
_index:
    percona-6.2.3-2018.03.26
_score:
    -

original log:

# Time: 2018-03-26T08:03:59.598547Z
# User@Host: root[root] @ localhost []  Id: 37045034
# Schema:   Last_errno: 0  Killed: 0
# Query_time: 10.000204  Lock_time: 0.000000  Rows_sent: 1  Rows_examined: 0  Rows_affected: 0
# Bytes_sent: 57  Tmp_tables: 0  Tmp_disk_tables: 0  Tmp_table_sizes: 0
# QC_Hit: No  Full_scan: No  Full_join: No  Tmp_table: No  Tmp_table_on_disk: No
# Filesort: No  Filesort_on_disk: No  Merge_passes: 0
# No InnoDB statistics available for this query
# Log_slow_rate_type: session  Log_slow_rate_limit: 100
SET timestamp=1522051439;
select sleep(10);

regards,
strowi

jsoriano · March 26, 2018, 4:44pm

It seems that percona server provides more information in slow logs, could you please create a new issue in Github to request support for your percona server version in the mysql module?

Thanks!

strowi · March 26, 2018, 5:07pm

Done: https://github.com/elastic/beats/issues/6665

Thx!

system · April 23, 2018, 7:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.