Learn more »
Push, build, and install
RubyGems
npm packages
Python packages
Maven artifacts
PHP packages
Go Modules
Bower components
Debian packages
RPM packages
NuGet packages
require "test_utils"
# Skip until we convert this to use multiline codec
describe "parse mysql slow query log", :if => false do
extend LogStash::RSpec
config <<-'CONFIG'
filter {
grep {
# Drop the '# Time:' lines since they only appear when the 'time'
# changes and are omitted otherwise. Further, there's always (from what
# I have seen) a 'SET timestamp=123456789' line in each query event, so
# I use that as the timestamp instead.
#
# mysql logs are messed up, so this is pretty much best effort.
match => [ "@message", "^# Time: " ]
negate => true
}
grok {
singles => true
pattern => [
"^# User@Host: %{USER:user}\[[^\]]+\] @ %{HOST:host} \[%{IP:ip}?]",
"^# Query_time: %{NUMBER:duration:float} \s*Lock_time: %{NUMBER:lock_wait:float} \s*Rows_sent: %{NUMBER:results:int} \s*Rows_examined: %{NUMBER:scanned:int}",
"^SET timestamp=%{NUMBER:timestamp};"
]
}
multiline {
pattern => "^# User@Host: "
negate => true
what => previous
}
date {
match => ["timestamp", UNIX]
}
mutate {
remove => "timestamp"
}
}
CONFIG
lines = <<-'MYSQL_SLOW_LOGS'
# Time: 121004 6:00:27
# User@Host: someuser[someuser] @ db.example.com [1.2.3.4]
# Query_time: 0.018143 Lock_time: 0.000042 Rows_sent: 237 Rows_examined: 286
use somedb;
SET timestamp=1349355627;
SELECT option_name, option_value FROM wp_options WHERE autoload = 'yes';
MYSQL_SLOW_LOGS
sample lines.split("\n") do
reject { subject }.is_a? Array # 1 event expected
insist { subject.message.split("\n").size } == 5 # 5 lines
lines.split("\n")[1..5].each_with_index do |line, i|
insist { subject.message.split("\n")[i] } == line
end
insist { subject["user"] } == "someuser"
insist { subject["host"] } == "db.example.com"
insist { subject["ip"] } == "1.2.3.4"
insist { subject["duration"] } == 0.018143
insist { subject["lock_wait"] } == 0.000042
insist { subject["results"] } == 237
insist { subject["scanned"] } == 286
end
end