[packetbeat]The response time collected by packetbeat and the database table information collected by MySQL is incorrect

Elastic Stack Beats
1

As the title,
Among them, the end time is earlier than the start time, and event.duration cannot be captured. and path fetches incorrectly
Publish event is as follows

2021-04-28T14:53:43.296+0800	DEBUG	[processors]	processing/processors.go:203	Publish event: {
  "@timestamp": "2021-04-28T06:53:43.294Z",
  "@metadata": {
    "beat": "packetbeat",
    "type": "_doc",
    "version": "7.12.0"
  },
  "network": {
    "type": "ipv4",
    "transport": "tcp",
    "protocol": "mysql",
    "direction": "ingress",
    "community_id": "1:ySbtBEgtF54EBNkEeeSA7ZUkyD4=",
    "bytes": 4196
  },
  "mysql": {
    "insert_id": 0,
    "num_rows": 11,
    "num_fields": 13,
    "affected_rows": 0
  },
  "destination": {
    "ip": "10.23.23.226",
    "port": 3306,
    "bytes": 3986
  },
  "query": "select\n     \n    id, external_userid, family_id, unionid, create_time, update_time , parent_id,bind_source,bind_project,operator_staff_id\n   \n    from wx_work_student_contact\n    where family_id = 16022072",
  "path": "vk_wechat.wx_work_staff_contact_tag, 上周未完成作业督学.04-03 09:30SLAC-L4-U3-LC1-2, 上周未完成作业督学.04-10 09:30SLAC-L4-U3-LC1-3, 上周未完成作业督学.04-24 09:30SLAC-L4-U4-LC1-2, 个人标签.2.6日4级别外教周一, 课后作业督学.03-27 09:30SLAC-L4-U3-LC1-1, 课后作业督学.04-03 09:30SLAC-L4-U3-LC1-2, 课后作业督学.04-10 09:30SLAC-L4-U3-LC1-3, 课后作业督学.04-17 09:30SLAC-L4-U4-LC1-1, 课后作业督学.04-24 09:30SLAC-L4-U4-LC1-2",
  "type": "mysql",
  "source": {
    "ip": "10.245.67.95",
    "port": 28184,
    "bytes": 210
  },
  "status": "OK",
  "related": {
    "ip": [
      "10.245.67.95",
      "10.23.23.226"
    ]
  },
  "agent": {
    "id": "01957399-2f83-4cb5-8765-f9704ad14785",
    "name": "l-lp-im-mysql0.lp.prod.ali.dm",
    "type": "packetbeat",
    "version": "7.12.0",
    "hostname": "l-lp-im-mysql0.lp.prod.ali.dm",
    "ephemeral_id": "de072258-737f-41f4-bd23-de9ddc96e4a9"
  },
  "host": {
    "name": "l-lp-im-mysql0.lp.prod.ali.dm",
    "hostname": "l-lp-im-mysql0.lp.prod.ali.dm",
    "architecture": "x86_64",
    "os": {
      "kernel": "2.6.32-642.13.1.el6.x86_64",
      "codename": "Final",
      "type": "linux",
      "platform": "centos",
      "version": "6.8 (Final)",
      "family": "redhat",
      "name": "CentOS"
    },
    "containerized": false,
    "ip": [
      "10.23.23.226"
    ],
    "mac": [
      "00:16:3e:0e:3b:b7"
    ]
  },
  "ecs": {
    "version": "1.8.0"
  },
  "method": "SELECT",
  "event": {
    "type": [
      "connection",
      "protocol"
    ],
    "kind": "event",
    "dataset": "mysql",
    "start": "2021-04-28T06:53:43.294Z",
    "end": "2021-04-28T06:53:43.187Z",
    "category": [
      "network_traffic",
      "network"
    ]
  },
  "client": {
    "ip": "10.245.67.95",
    "port": 28184,
    "bytes": 210
  },
  "server": {
    "ip": "10.23.23.226",
    "port": 3306,
    "bytes": 3986
  }
}
2

packetbeat version 7.12
os kernel 2.6.32-642.13.1.el6.x86_64
Part of the debug log output is as follows

2021-04-28T14:53:43.226+0800	DEBUG	[sniffer]	sniffer/sniffer.go:209	Packet number: 12431
2021-04-28T14:53:43.226+0800	DEBUG	[decoder]	decoder/decoder.go:173	decode packet data
2021-04-28T14:53:43.226+0800	DEBUG	[decoder]	decoder/decoder.go:246	IPv4 packet
2021-04-28T14:53:43.226+0800	DEBUG	[decoder]	decoder/decoder.go:287	TCP packet
2021-04-28T14:53:43.226+0800	DEBUG	[tcp]	tcp/tcp.go:177	tcp flow id: 0x0
2021-04-28T14:53:43.226+0800	DEBUG	[tcp]	tcp/tcp.go:190	pkt.start_seq=700137237 pkt.last_seq=700137522 stream.last_seq=700137237 (len=285)
2021-04-28T14:53:43.226+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:276	MySQL parser called. parseState = Start
2021-04-28T14:53:43.226+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:292	MySQL Header: Packet length 281, Seq 0, Type=3 isClient=true
2021-04-28T14:53:43.226+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:384	Message complete. remaining=0
2021-04-28T14:53:43.226+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:596	mysqlMessageParser returned ok=true complete=true
2021-04-28T14:53:43.226+0800	DEBUG	[sniffer]	sniffer/sniffer.go:209	Packet number: 12432
2021-04-28T14:53:43.226+0800	DEBUG	[decoder]	decoder/decoder.go:173	decode packet data
2021-04-28T14:53:43.226+0800	DEBUG	[decoder]	decoder/decoder.go:246	IPv4 packet
2021-04-28T14:53:43.226+0800	DEBUG	[decoder]	decoder/decoder.go:287	TCP packet
2021-04-28T14:53:43.226+0800	DEBUG	[tcp]	tcp/tcp.go:177	tcp flow id: 0x0
2021-04-28T14:53:43.226+0800	DEBUG	[tcp]	tcp/tcp.go:190	pkt.start_seq=3502549329 pkt.last_seq=3502550469 stream.last_seq=3502549329 (len=1140)
2021-04-28T14:53:43.226+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:276	MySQL parser called. parseState = Start
2021-04-28T14:53:43.226+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:292	MySQL Header: Packet length 1, Seq 1, Type=12 isClient=false
2021-04-28T14:53:43.226+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:322	Query response. Number of fields 12
2021-04-28T14:53:43.226+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:453	db=vk_wechat, table=wx_work_staff_contact
2021-04-28T14:53:43.226+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:453	db=vk_wechat, table=wx_work_staff_contact
2021-04-28T14:53:43.226+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:453	db=vk_wechat, table=wx_work_staff_contact
2021-04-28T14:53:43.226+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:453	db=vk_wechat, table=wx_work_staff_contact
2021-04-28T14:53:43.226+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:453	db=vk_wechat, table=wx_work_staff_contact
2021-04-28T14:53:43.226+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:453	db=vk_wechat, table=wx_work_staff_contact
2021-04-28T14:53:43.226+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:453	db=vk_wechat, table=wx_work_staff_contact
2021-04-28T14:53:43.226+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:453	db=vk_wechat, table=wx_work_staff_contact
2021-04-28T14:53:43.226+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:453	db=vk_wechat, table=wx_work_staff_contact
2021-04-28T14:53:43.226+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:453	db=vk_wechat, table=wx_work_staff_contact
2021-04-28T14:53:43.226+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:453	db=vk_wechat, table=wx_work_staff_contact
2021-04-28T14:53:43.226+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:453	db=vk_wechat, table=wx_work_staff_contact
2021-04-28T14:53:43.226+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:415	Received EOF packet
2021-04-28T14:53:43.226+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:596	mysqlMessageParser returned ok=true complete=false
2021-04-28T14:53:43.266+0800	DEBUG	[sniffer]	sniffer/sniffer.go:209	Packet number: 12433
2021-04-28T14:53:43.266+0800	DEBUG	[decoder]	decoder/decoder.go:173	decode packet data
2021-04-28T14:53:43.266+0800	DEBUG	[decoder]	decoder/decoder.go:246	IPv4 packet
2021-04-28T14:53:43.266+0800	DEBUG	[decoder]	decoder/decoder.go:287	TCP packet
2021-04-28T14:53:43.266+0800	DEBUG	[tcp]	tcp/tcp.go:177	tcp flow id: 0x0
2021-04-28T14:53:43.266+0800	DEBUG	[tcp]	tcp/tcp.go:190	pkt.start_seq=2859005142 pkt.last_seq=2859005510 stream.last_seq=2859005142 (len=368)
2021-04-28T14:53:43.266+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:276	MySQL parser called. parseState = EatMessage
2021-04-28T14:53:43.266+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:596	mysqlMessageParser returned ok=true complete=false
2021-04-28T14:53:43.266+0800	DEBUG	[sniffer]	sniffer/sniffer.go:209	Packet number: 12434
2021-04-28T14:53:43.266+0800	DEBUG	[decoder]	decoder/decoder.go:173	decode packet data
2021-04-28T14:53:43.266+0800	DEBUG	[decoder]	decoder/decoder.go:246	IPv4 packet
2021-04-28T14:53:43.266+0800	DEBUG	[decoder]	decoder/decoder.go:287	TCP packet
2021-04-28T14:53:43.266+0800	DEBUG	[decoder]	decoder/decoder.go:353	Ignore empty non-FIN packet
2021-04-28T14:53:43.266+0800	DEBUG	[sniffer]	sniffer/sniffer.go:209	Packet number: 12435
2021-04-28T14:53:43.266+0800	DEBUG	[decoder]	decoder/decoder.go:173	decode packet data
2021-04-28T14:53:43.266+0800	DEBUG	[decoder]	decoder/decoder.go:246	IPv4 packet
2021-04-28T14:53:43.266+0800	DEBUG	[decoder]	decoder/decoder.go:287	TCP packet
2021-04-28T14:53:43.266+0800	DEBUG	[decoder]	decoder/decoder.go:353	Ignore empty non-FIN packet
2021-04-28T14:53:43.267+0800	DEBUG	[sniffer]	sniffer/sniffer.go:209	Packet number: 12436
2021-04-28T14:53:43.267+0800	DEBUG	[decoder]	decoder/decoder.go:173	decode packet data
2021-04-28T14:53:43.267+0800	DEBUG	[decoder]	decoder/decoder.go:246	IPv4 packet
2021-04-28T14:53:43.267+0800	DEBUG	[decoder]	decoder/decoder.go:287	TCP packet
2021-04-28T14:53:43.267+0800	DEBUG	[tcp]	tcp/tcp.go:177	tcp flow id: 0x0
2021-04-28T14:53:43.267+0800	DEBUG	[tcp]	tcp/tcp.go:190	pkt.start_seq=3769230734 pkt.last_seq=3769231080 stream.last_seq=3769230734 (len=346)
2021-04-28T14:53:43.267+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:276	MySQL parser called. parseState = EatMessage
2021-04-28T14:53:43.267+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:596	mysqlMessageParser returned ok=true complete=false
2021-04-28T14:53:43.267+0800	DEBUG	[sniffer]	sniffer/sniffer.go:209	Packet number: 12437
2021-04-28T14:53:43.267+0800	DEBUG	[decoder]	decoder/decoder.go:173	decode packet data
2021-04-28T14:53:43.267+0800	DEBUG	[decoder]	decoder/decoder.go:246	IPv4 packet
2021-04-28T14:53:43.267+0800	DEBUG	[decoder]	decoder/decoder.go:287	TCP packet
2021-04-28T14:53:43.267+0800	DEBUG	[decoder]	decoder/decoder.go:353	Ignore empty non-FIN packet
2021-04-28T14:53:43.275+0800	DEBUG	[sniffer]	sniffer/sniffer.go:209	Packet number: 12438
2021-04-28T14:53:43.275+0800	DEBUG	[decoder]	decoder/decoder.go:173	decode packet data
2021-04-28T14:53:43.275+0800	DEBUG	[decoder]	decoder/decoder.go:246	IPv4 packet
2021-04-28T14:53:43.275+0800	DEBUG	[decoder]	decoder/decoder.go:287	TCP packet
2021-04-28T14:53:43.275+0800	DEBUG	[tcp]	tcp/tcp.go:177	tcp flow id: 0x0
2021-04-28T14:53:43.275+0800	DEBUG	[tcp]	tcp/tcp.go:190	pkt.start_seq=2859005510 pkt.last_seq=2859006083 stream.last_seq=2859005510 (len=573)
2021-04-28T14:53:43.275+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:276	MySQL parser called. parseState = EatMessage
2021-04-28T14:53:43.275+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:596	mysqlMessageParser returned ok=true complete=false
2021-04-28T14:53:43.276+0800	DEBUG	[sniffer]	sniffer/sniffer.go:209	Packet number: 12439
2021-04-28T14:53:43.276+0800	DEBUG	[decoder]	decoder/decoder.go:173	decode packet data
2021-04-28T14:53:43.276+0800	DEBUG	[decoder]	decoder/decoder.go:246	IPv4 packet
2021-04-28T14:53:43.276+0800	DEBUG	[decoder]	decoder/decoder.go:287	TCP packet
2021-04-28T14:53:43.276+0800	DEBUG	[tcp]	tcp/tcp.go:177	tcp flow id: 0x0
2021-04-28T14:53:43.276+0800	DEBUG	[tcp]	tcp/tcp.go:190	pkt.start_seq=3769231080 pkt.last_seq=3769231639 stream.last_seq=3769231080 (len=559)
2021-04-28T14:53:43.276+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:276	MySQL parser called. parseState = EatMessage
2021-04-28T14:53:43.276+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:596	mysqlMessageParser returned ok=true complete=false
2021-04-28T14:53:43.295+0800	DEBUG	[sniffer]	sniffer/sniffer.go:209	Packet number: 12440
2021-04-28T14:53:43.295+0800	DEBUG	[decoder]	decoder/decoder.go:173	decode packet data
2021-04-28T14:53:43.295+0800	DEBUG	[decoder]	decoder/decoder.go:246	IPv4 packet
2021-04-28T14:53:43.295+0800	DEBUG	[decoder]	decoder/decoder.go:287	TCP packet
2021-04-28T14:53:43.295+0800	DEBUG	[tcp]	tcp/tcp.go:177	tcp flow id: 0x0
2021-04-28T14:53:43.295+0800	DEBUG	[tcp]	tcp/tcp.go:190	pkt.start_seq=3052785153 pkt.last_seq=3052785363 stream.last_seq=3052785153 (len=210)
2021-04-28T14:53:43.295+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:276	MySQL parser called. parseState = Start
2021-04-28T14:53:43.295+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:292	MySQL Header: Packet length 206, Seq 0, Type=3 isClient=true
2021-04-28T14:53:43.295+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:384	Message complete. remaining=0
2021-04-28T14:53:43.295+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:596	mysqlMessageParser returned ok=true complete=true
2021-04-28T14:53:43.295+0800	DEBUG	[mysql]	mysql/mysql.go:672	Two requests without a Response. Dropping old request: {}
2021-04-28T14:53:43.295+0800	DEBUG	[sniffer]	sniffer/sniffer.go:209	Packet number: 12441
2021-04-28T14:53:43.295+0800	DEBUG	[decoder]	decoder/decoder.go:173	decode packet data
2021-04-28T14:53:43.295+0800	DEBUG	[decoder]	decoder/decoder.go:246	IPv4 packet
2021-04-28T14:53:43.295+0800	DEBUG	[decoder]	decoder/decoder.go:287	TCP packet
2021-04-28T14:53:43.295+0800	DEBUG	[tcp]	tcp/tcp.go:177	tcp flow id: 0x0
2021-04-28T14:53:43.295+0800	DEBUG	[tcp]	tcp/tcp.go:190	pkt.start_seq=1893775115 pkt.last_seq=1893776149 stream.last_seq=1893775115 (len=1034)
2021-04-28T14:53:43.295+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:276	MySQL parser called. parseState = EatRows
2021-04-28T14:53:43.295+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:471	Rows: packet length 1, packet number 1
2021-04-28T14:53:43.295+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:471	Rows: packet length 81, packet number 2
2021-04-28T14:53:43.295+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:471	Rows: packet length 107, packet number 3
2021-04-28T14:53:43.295+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:471	Rows: packet length 95, packet number 4
2021-04-28T14:53:43.295+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:471	Rows: packet length 91, packet number 5
2021-04-28T14:53:43.295+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:471	Rows: packet length 99, packet number 6
2021-04-28T14:53:43.295+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:471	Rows: packet length 99, packet number 7
2021-04-28T14:53:43.295+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:471	Rows: packet length 95, packet number 8
2021-04-28T14:53:43.295+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:471	Rows: packet length 99, packet number 9
2021-04-28T14:53:43.295+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:471	Rows: packet length 101, packet number 10
2021-04-28T14:53:43.295+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:471	Rows: packet length 111, packet number 11
2021-04-28T14:53:43.295+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:471	Rows: packet length 7, packet number 12
2021-04-28T14:53:43.295+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:481	Received EOF packet
2021-04-28T14:53:43.295+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:596	mysqlMessageParser returned ok=true complete=true
2021-04-28T14:53:43.295+0800	DEBUG	[mysql]	mysql/mysql.go:1030	Data len: 3986
2021-04-28T14:53:43.295+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:1140	Append row: [Qdef	v]
2021-04-28T14:53:43.295+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:1140	Append row: [def vk_wechat wx_work_student_contact wx_work_student_contact id id #B]
2021-04-28T14:53:43.295+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:1140	Append row: [def vk_wechat wx_work_student_contact wx_work_student_contact external_userid external_userid ᶂ
2021-04-28T14:53:43.295+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:1140	Append row: [def vk_wechat wx_work_student_contact wx_work_student_contact family_id family_id ?P]
2021-04-28T14:53:43.295+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:1140	Append row: [def vk_wechat wx_work_student_contact wx_work_student_contact unionid unionid ች]
2021-04-28T14:53:43.295+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:1140	Append row: [def vk_wechat wx_work_student_contact wx_work_student_contact create_time create_time ?
                                                                                                                                                                                    ]
2021-04-28T14:53:43.295+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:1140	Append row: [def vk_wechat wx_work_student_contact wx_work_student_contact update_time update_time ?
                                                                                                                                                                                    ]
2021-04-28T14:53:43.295+0800	DEBUG	[mysqldetailed]	mysql/mysql.go:1140	Append row: [def vk_wechat wx_work_student_contact wx_work_student_contact parent_id parent_id ]
3

Has anyone encountered this problem?
I suspect this is related to MySQL's long connection
It may be a bug

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.