一 应用场景描述
在有些情况下,仅仅通过Zabbix去监控MongoDB的端口和各种状态还不够,MongoDB的日志监控也是很重要的。例如Mongos连接后端的Shard报SocketException错误等。
二 使用Logstash分析MongoDB日志
要记录慢查询首先需要开启慢查询记录功能
use jd05;
db.setProfilingLevel(1,50)
{ "was" : 1, "slowms" : 50, "ok" : 1 }
1表示只记录慢查询,慢于50毫秒的操作会被记录
如果写成2就会记录所有的操作,不建议在生产环境中使用,可以在开发环境中使用
db.setProfilingLevel(2)
在MongoDB的日志文件中会记录如下操作信息:
Mon Apr 27 16:45:01.853 [conn282854698] command jd01.$cmd command: { count: "player", query: { request_time: { $gte: 1430123701 } } } ntoreturn:1 keyUpdates:0 numYields: 7 locks(micros) r:640822 reslen:48 340ms
logstash配置文件shipper_mongodb.conf如下
input {
file {
path => "/data/app_data/mongodb/log/*.log"
type => "mongodb"
sincedb_path => "/dev/null"
}
}
filter {
if [type] == "mongodb" {
grok {
match => ["message","(?m)%{GREEDYDATA} \[conn%{NUMBER:mongoConnection}\] %{WORD:mongoCommand} %{WORD:mongoDatabase}.%{NOTSPACE:mongoCollection} %{WORD}: \{ %{GREEDYDATA:mongoStatement} \} %{GREEDYDATA} %{NUMBER:mongoElapsedTime:int}ms"
]
add_tag => "mongodb"
}
grok {
match => ["message"," cursorid:%{NUMBER:mongoCursorId}"]
add_tag => "mongo_profiling_data"
}
grok {
match => ["message"," ntoreturn:%{NUMBER:mongoNumberToReturn:int}"]
add_tag => "mongo_profiling_data"
}
grok {
match => ["message"," ntoskip:%{NUMBER:mongoNumberToSkip:int}"]
add_tag => "mongo_profiling_data"
}
grok {
match => ["message"," nscanned:%{NUMBER:mongoNumberScanned:int}"]
add_tag => "mongo_profiling_data"
}
grok {
match => ["message"," scanAndOrder:%{NUMBER:mongoScanAndOrder:int}"]
add_tag => "mongo_profiling_data"
}
grok {
match => ["message"," idhack:%{NUMBER:mongoIdHack:int}"]
add_tag => "mongo_profiling_data"
}
grok {
match => ["message"," nmoved:%{NUMBER:mongoNumberMoved:int}"]
add_tag => "mongo_profiling_data"
}
grok {
match => ["message"," nupdated:%{NUMBER:mongoNumberUpdated:int}"]
add_tag => "mongo_profiling_data"
}
grok {
match => ["message"," keyUpdates:%{NUMBER:mongoKeyUpdates:int}"]
add_tag => "mongo_profiling_data"
}
grok {
match => ["message"," numYields: %{NUMBER:mongoNumYields:int}"]
add_tag => "mongo_profiling_data"
}
grok {
match => ["message"," locks\(micros\) r:%{NUMBER:mongoReadLocks:int}"]
add_tag => "mongo_profiling_data"
}
grok {
match => ["message"," locks\(micros\) w:%{NUMBER:mongoWriteLocks:int}"]
add_tag => "mongo_profiling_data"
}
grok {
match => ["message"," nreturned:%{NUMBER:mongoNumberReturned:int}"]
add_tag => "mongo_profiling_data"
}
grok {
match => ["message"," reslen:%{NUMBER:mongoResultLength:int}"]
add_tag => "mongo_profiling_data"
}
if "mongo_profiling_data" in [tags] {
mutate {
remove_tag => "_grokparsefailure"
}
}
if "_grokparsefailure" in [tags] {
grep {
match => ["message","(Failed|error|SOCKET)"]
add_tag => ["zabbix-sender"]
add_field => [
"zabbix_host","%{host}",
"zabbix_item","mongo.error"
# "send_field","%{message}"
]
}
mutate {
remove_tag => "_grokparsefailure"
}
}
}
}
output {
stdout {
codec => "rubydebug"
}
zabbix {
tags => "zabbix-sender"
host => "zabbixserver"
port => "10051"
zabbix_sender => "/usr/local/zabbix/bin/zabbix_sender"
}
redis {
host => "10.4.29.162"
data_type => "list"
key => "logstash"
}
}
配置文件分为几步:
使用logstash的file插件从/data/app_data/mongodb/log/目录中读取mongodb的日志文件然后对日志内容进行解析
如果日志文件中有类似cursorid,nreturned等关键字的就截取添加标签mongo_profiling_data用于以后进行数据统计
对于其他日志就过滤关键字看是否含有错误信息,如果有就通过zabbix发送报警。
注意使用zabbix插件发送报警的时候需要先进行过滤关键字,然后要有zabbix_host,zabbix_item,zabbix_field三个字段,zabbix_item的值需要和zabbix监控页面配置的item相对应。zabbix_field如果没有指定,默认就是发送这个message字段
添加zabbix的模板
wKiom1U_Lj_CO49uAAKAukHVUAE818.jpg
wKiom1U_LvLwz3KNAAJxMyK0qXM459.jpg
同理可以通过zabbix对PHP-FPM,Nginx,Redis,MySQL等发送报警
然后要做的就是根据不同的字段定义不同的图表
参考文档:
http://techblog.holidaycheck.com/profiling-mongodb-with-logstash-and-kibana/
http://tech.rhealitycheck.com/visualizing-mongodb-profiling-data-using-logstash-and-kibana/
http://www.logstash.net/docs/1.4.2/outputs/zabbix
![main方法为什么要写成:public static void main(String [] args){}?](https://oss.cuixh.com/media/article_img/2020/07/22/java.jpg)
