-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfilter-50-idomysqlconnection.conf
66 lines (65 loc) · 2.35 KB
/
filter-50-idomysqlconnection.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
filter {
if [icinga][facility] == "IdoMysqlConnection" {
if [message] =~ /^MySQL IDO/ {
grok {
match => ["message","MySQL IDO instance id: %{POSINT:[icinga][dbinstance][id]} \(schema version: '%{DATA:[icinga][dbinstance][schema]}\)"]
id => "icinga_mysqlinstance"
add_tag => "icinga_mysqlinstance"
tag_on_failure => ["_grokparsefailure","icinga_mysqlinstance_failed"]
add_field => {
"[icinga][eventtype]" => "mysql_instance"
}
}
} else if [message] =~ /^Query: UPDATE.+/ {
grok {
match => ["message","Query: %{GREEDYDATA:[icinga][query]}"]
id => "icinga_mysqlupdate"
add_tag => "icinga_mysqlupdate"
tag_on_failure => ["_grokparsefailure","icinga_mysqlupdate_failed"]
add_field => {
"[icinga][eventtype]" => "mysql_update"
}
}
} else if [message] =~ /^Query: INSERT INTO.+/ {
grok {
match => ["message","Query: %{GREEDYDATA:[icinga][query]}"]
id => "icinga_mysqlinsertinto"
add_tag => "icinga_mysqlinsertinto"
tag_on_failure => ["_grokparsefailure","icinga_mysqlinsertinto_failed"]
add_field => {
"[icinga][eventtype]" => "mysql_insert_into"
}
}
} else if [message] =~ /^Query: BEGIN/ {
grok {
match => ["message","Query: %{GREEDYDATA:[icinga][query]}"]
id => "icinga_mysqlbegin"
add_tag => "icinga_mysqlbegin"
tag_on_failure => ["_grokparsefailure","icinga_mysqlbegin_failed"]
add_field => {
"[icinga][eventtype]" => "mysql_begin"
}
}
} else if [message] =~ /^Query: COMMIT/ {
grok {
match => ["message","Query: %{GREEDYDATA:[icinga][query]}"]
id => "icinga_mysqlcommit"
add_tag => "icinga_mysqlcommit"
tag_on_failure => ["_grokparsefailure","icinga_mysqlcommit_failed"]
add_field => {
"[icinga][eventtype]" => "mysql_commit"
}
}
} else if [message] =~ /^Query: DELETE FROM.+/ {
grok {
match => ["message","Query: %{GREEDYDATA:[icinga][query]}"]
id => "icinga_mysqldeletefrom"
add_tag => "icinga_mysqldeletefrom"
tag_on_failure => ["_grokparsefailure","icinga_mysqldeletefrom_failed"]
add_field => {
"[icinga][eventtype]" => "mysql_delete_from"
}
}
}
}
}