Ok, just keep it running for a minute or two, stop it with ^C and than see if it created trace.pcap
.
this is the output if i do ^C :
2 packets received by filter
0 packets dropped by kernel
Hmm, only 2 packets. That seems a bit low. What about trace.pcap
, was it created? If yes, please send it to us. (If you cannot upload it here, please email it to tudor@elastic.co).
Where will be that file trace.pcap .. when i stop that, i didn't see any file was created with that name.
Should have been in your current working directory. That's strange, tcpdump should have at least created an empty (24 bytes long actually) file.
If you cannot find it, lets try this test:
-
In one terminal tab, start tcpdump and and leave it running:
tcpdump -i lo -s 0 -w trace.pcap "port 3306"
-
On another terminal tab, start the mysql prompt replacing root with a user you have for mysql:
mysql -h 127.0.0.1 -u root
-
On the mysql prompt to a simple select like:
select 1;
-
Stop tcpdump and check that the
trace.pcap
file was created.
After doing this also i sent you another trace.pacp file to your id.
Ok, first file was empty, second one contain the select 1
as expected.
Just for completeness you can do the same, but instead of tcpdump you can use packetbeat like this:
packetbeat -e -d "publish" -N
It should print a JSON object for that select.
What I suspect is going on is that your application connects to MySQL via the unix sockets rather than the network. The way to force it using the network is usually to tell it to connect to 127.0.0.1
rather than localhost
. What programming lagnuage / stack are you having?
This is the output for that command:
publish.go:221: INFO Dry run mode. All output types except the file based one are disabled.
geolite.go:61: INFO Loaded GeoIP data from: /usr/share/GeoIP/GeoIP.dat
publish.go:267: INFO No shipper name configured, using hostname 'ip-10-150-147-210'
procs.go:88: INFO Process matching enabled
Hmm, did you do the select while packetbeat was running? The trace you sent definitely works on my computer.
In one terminal im running this command :
packetbeat -e -d "publish" -N
In one terminal i started mysql and done select query..
when i did this.. i got output in other terminal where im running the 1st command but i'm not getting anything on dashboard.
.
This is the output where im running the first command:
Im getting this as shown in above screenshot:
mysql.go:563: WARN Response from unknown transaction. Ignoring.
I'm not getting anything on dashboard.
I'm getting everything what im doing in mysql to elasticsearch. But im unable to get it in dashboard.
Ok, cool, so it works fine when using the mysql client. If you remove the -N, i.e. packetbeat -e -d "publish"
, it should also insert into Elasticsearch so you will see the transactions in Kibana.
Thanq very much for the support Tudor... Now everything is working fine and visualization is excellent.
As you said if im starting mysql as shown below im able to see everything..
mysql -h 127.0.0.1 -u root
If im giving normally
mysql -u root
Its not working.
Likewise... how to start PGSQL to get the performance?
Yes, that's because without -h 127..0.0.1
it's using the Unix socket, and we don't support sniffing from that. We need it to use the network (even localhost).
How to start PGSQL ... if im starting normally im unable to view performance in packetbeat... Tell me how to run it..
First you need to make sure you have ssl = false
in your postgressql.conf
. Then restart postgres and start the CLI like this:
psql -h 127.0.0.1 -U psql