Unable to get mysql performance in packetbeat

Ok, just keep it running for a minute or two, stop it with ^C and than see if it created trace.pcap.

this is the output if i do ^C :

2 packets received by filter
0 packets dropped by kernel

Hmm, only 2 packets. That seems a bit low. What about trace.pcap, was it created? If yes, please send it to us. (If you cannot upload it here, please email it to tudor@elastic.co).

Where will be that file trace.pcap .. when i stop that, i didn't see any file was created with that name.

Should have been in your current working directory. That's strange, tcpdump should have at least created an empty (24 bytes long actually) file.

If you cannot find it, lets try this test:

  • In one terminal tab, start tcpdump and and leave it running:

       tcpdump -i lo -s 0 -w trace.pcap "port 3306"
    
  • On another terminal tab, start the mysql prompt replacing root with a user you have for mysql:

      mysql -h 127.0.0.1 -u root
    
  • On the mysql prompt to a simple select like:

      select 1;
    
  • Stop tcpdump and check that the trace.pcap file was created.

After doing this also i sent you another trace.pacp file to your id.

Ok, first file was empty, second one contain the select 1 as expected.

Just for completeness you can do the same, but instead of tcpdump you can use packetbeat like this:

packetbeat -e -d "publish" -N

It should print a JSON object for that select.

What I suspect is going on is that your application connects to MySQL via the unix sockets rather than the network. The way to force it using the network is usually to tell it to connect to 127.0.0.1 rather than localhost. What programming lagnuage / stack are you having?

This is the output for that command:

publish.go:221: INFO Dry run mode. All output types except the file based one are disabled.
geolite.go:61: INFO Loaded GeoIP data from: /usr/share/GeoIP/GeoIP.dat
publish.go:267: INFO No shipper name configured, using hostname 'ip-10-150-147-210'
procs.go:88: INFO Process matching enabled

Hmm, did you do the select while packetbeat was running? The trace you sent definitely works on my computer.

1 Like

In one terminal im running this command :
packetbeat -e -d "publish" -N
In one terminal i started mysql and done select query..
when i did this.. i got output in other terminal where im running the 1st command but i'm not getting anything on dashboard.
.

This is the output where im running the first command:

Im getting this as shown in above screenshot:
mysql.go:563: WARN Response from unknown transaction. Ignoring.

I'm not getting anything on dashboard.

I'm getting everything what im doing in mysql to elasticsearch. But im unable to get it in dashboard.

Ok, cool, so it works fine when using the mysql client. If you remove the -N, i.e. packetbeat -e -d "publish", it should also insert into Elasticsearch so you will see the transactions in Kibana.

1 Like

Thanq very much for the support Tudor... Now everything is working fine and visualization is excellent.

1 Like

As you said if im starting mysql as shown below im able to see everything..

mysql -h 127.0.0.1 -u root

If im giving normally

mysql -u root

Its not working.

Likewise... how to start PGSQL to get the performance?

Yes, that's because without -h 127..0.0.1 it's using the Unix socket, and we don't support sniffing from that. We need it to use the network (even localhost).

2 Likes

How to start PGSQL ... if im starting normally im unable to view performance in packetbeat... Tell me how to run it..

First you need to make sure you have ssl = false in your postgressql.conf. Then restart postgres and start the CLI like this:

 psql -h 127.0.0.1 -U psql
2 Likes