tjinjin's blog

さらなる高みに1nmずつ近づくブログ

ALBのログをembulkを使ってmysqlに入れる

About

ALBのログを分析したかったので、手軽にできそうなembulkを使ってみました。

環境

pluginはこんな感じです。

$ embulk gem list
2017-07-21 09:46:57.920 +0900: Embulk v0.8.23

*** LOCAL GEMS ***

did_you_mean (default: 1.0.1)
embulk-input-s3 (0.2.11)
embulk-output-mysql (0.7.8)
jar-dependencies (default: 0.3.5)
jruby-openssl (0.9.17 java)
json (1.8.3 java)
minitest (default: 5.4.1)
net-telnet (default: 0.1.1)
power_assert (default: 0.2.3)
psych (2.0.17 java)
racc (1.4.14 java)
rake (default: 10.4.2)
rdoc (default: 4.2.0)
test-unit (default: 3.1.1)

設定ファイル

# s3_to_mysql.yml.liquid
in:
  type: s3
  bucket:  <s3_bucket> # modify
  path_prefix: AWSLogs/<account_id>/elasticloadbalancing/ap-northeast-1/2017/07/20/ #modify
  auth_method: session
  access_key_id: {{ env.AWS_ACCESS_KEY_ID }}
  secret_access_key: {{ env.AWS_SECRET_ACCESS_KEY }}
  session_token: {{ env.AWS_SESSION_TOKEN }}
  parser:
    charset: UTF-8
    newline: LF
    type: csv
    delimiter: ' '
    quote: ""
    trim_if_not_quoted: false
    skip_header_lines: 1
    allow_extra_columns: false
    allow_optional_columns: false
    columns:
    - {name: protocol, type: string}
    - {name: timestamp, type: string}
    - {name: elb, type: string}
    - {name: client_port, type: string}
    - {name: backend_port, type: string}
    - {name: request_processing_time, type: string}
    - {name: backend_processing_time, type: string}
    - {name: response_processing_time, type: string}
    - {name: elb_status_code, type: string}
    - {name: backend_status_code, type: string}
    - {name: received_bytes, type: string}
    - {name: send_bytes, type: string}
    - {name: request, type: string}
    - {name: user_agent, type: string}
    - {name: ssl_cipher, type: string}
    - {name: ssl_protocol, type: string}
    - {name: target_group_arn, type: string}
    - {name: trace_id, type: string}
  decoders:
    - {type: gzip}
out:
  type: mysql
  host: localhost
  user: root
  password: ""
  database: alb_log
  table: alb_log
  mode: replace

あとはmysqlにdatabase作ってembulk run s3_to_mysql.yml.liquid すれば完成です!全部文字列で突っ込んでいるので、time系は型を変えたほうがいいかもしれないです。