如何使用 Amazon Athena 分析我的应用程序负载均衡器访问日志?
3 分钟阅读
我想使用 Amazon Athena 分析我的应用程序负载均衡器访问日志。
默认情况下,弹性负载均衡不会启用访问日志。当您激活访问日志时,需要指定一个 Amazon Simple Storage Service(Amazon S3)存储桶。Athena 分析应用程序负载均衡器和经典负载均衡器的访问日志,并将日志存储在 Amazon S3 存储桶中。
- 打开 Athena 控制台。
- 要创建数据库,请在查询编辑器中运行以下命令:
**注意:**最佳实践是在与 Amazon S3 存储桶相同的 AWS 区域中创建数据库。CREATE DATABASE alb_db
- 在数据库中,为应用程序负载均衡器日志创建一个 alb_logs 表。
**注意:**在前面的查询中,将表名称和 S3 位置替换为您的表名称和 S3 位置。对于 projection.day.range,将 2022/01/01 替换为开始日期。为了提高查询性能,创建带有分区投影的表。CREATE EXTERNAL TABLE IF NOT EXISTS alb_logs( type string, time string, elb string, client_ip string, client_port int, target_ip string, target_port int, request_processing_time double, target_processing_time double, response_processing_time double, elb_status_code int, target_status_code string, received_bytes bigint, sent_bytes bigint, request_verb string, request_url string, request_proto string, user_agent string, ssl_cipher string, ssl_protocol string, target_group_arn string, trace_id string, domain_name string, chosen_cert_arn string, matched_rule_priority string, request_creation_time string, actions_executed string, redirect_url string, lambda_error_reason string, target_port_list string, target_status_code_list string, classification string, classification_reason string, conn_trace_id string ) PARTITIONED BY(day STRING) ROW FORMAT SERDE 'org.apache.hadoop.hive.serde2.RegexSerDe' WITH SERDEPROPERTIES( 'serialization.format' = '1', 'input.regex' = '([^ ]*) ([^ ]*) ([^ ]*) ([^ ]*):([0-9]*) ([^ ]*)[:-]([0-9]*) ([-.0-9]*) ([-.0-9]*) ([-.0-9]*) (|[-0-9]*) (-|[-0-9]*) ([-0-9]*) ([-0-9]*) \"([^ ]*) (.*) (- |[^ ]*)\" \"([^\"]*)\" ([A-Z0-9-_]+) ([A-Za-z0-9.-]*) ([^ ]*) \"([^\"]*)\" \"([^\"]*)\" \"([^\"]*)\" ([-.0-9]*) ([^ ]*) \"([^\"]*)\" \"([^\"]*)\" \"([^ ]*)\" \"([^\s]+?)\" \"([^\s]+)\" \"([^ ]*)\" \"([^ ]*)\" ?([^ ]*)?( .*)?') LOCATION 's3://<your-alb-logs-directory>/AWSLogs/<ACCOUNT-ID>/elasticloadbalancing/<REGION>/' TBLPROPERTIES( "projection.enabled" = "true", "projection.day.type" = "date", "projection.day.range" = "2022/01/01,NOW", "projection.day.format" = "yyyy/MM/dd", "projection.day.interval" = "1", "projection.day.interval.unit" = "DAYS", "storage.location.template" = "s3://<your-alb-logs-directory>/AWSLogs/<ACCOUNT-ID>/elasticloadbalancing/<REGION>/${day}" )
- 要使用存储在 AWS Glue Data Catalog 中的分区创建表,请运行以下查询:
**注意:**在前面的查询中,将表名称和 S3 位置替换为您的表名称和 S3 位置。CREATE EXTERNAL TABLE IF NOT EXISTS alb_logs_partitioned(type string, time string, elb string, client_ip string, client_port int, target_ip string, target_port int, request_processing_time double, target_processing_time double, response_processing_time double, elb_status_code int, target_status_code string, received_bytes bigint, sent_bytes bigint, request_verb string, request_url string, request_proto string, user_agent string, ssl_cipher string, ssl_protocol string, target_group_arn string, trace_id string, domain_name string, chosen_cert_arn string, matched_rule_priority string, request_creation_time string, actions_executed string, redirect_url string, lambda_error_reason string, target_port_list string, target_status_code_list string, classification string, classification_reason string, conn_trace_id string ) PARTITIONED BY(day string) ROW FORMAT SERDE 'org.apache.hadoop.hive.serde2.RegexSerDe' WITH SERDEPROPERTIES( 'serialization.format' = '1', 'input.regex' ='([^ ]*) ([^ ]*) ([^ ]*) ([^ ]*):([0-9]*) ([^ ]*)[:-]([0-9]*) ([-.0-9]*) ([-.0-9]*) ([-.0-9]*) (|[-0-9]*) (-|[-0-9]*) ([-0-9]*) ([-0-9]*) \"([^ ]*) (.*) (- |[^ ]*)\" \"([^\"]*)\" ([A-Z0-9-_]+) ([A-Za-z0-9.-]*) ([^ ]*) \"([^\"]*)\" \"([^\"]*)\" \"([^\"]*)\" ([-.0-9]*) ([^ ]*) \"([^\"]*)\" \"([^\"]*)\" \"([^ ]*)\" \"([^\s]+?)\" \"([^\s]+)\" \"([^ ]*)\" \"([^ ]*)\" ?([^ ]*)?( .*)?') LOCATION 's3://<your-alb-logs-directory>/AWSLogs/<ACCOUNT-ID>/elasticloadbalancing/<REGION>/'
- (可选)要加载分区,请运行以下 ALTER TABLE ADD PARTITION DDL 语句:
**注意:**如果您的表使用分区投影,则跳过加载分区步骤。不要在应用程序负载均衡器日志上使用 AWS Glue 爬网程序。ALTER TABLE alb_logs_partitioned ADD PARTITION (day = '2022/05/21') LOCATION's3://<your-alb-logs-directory>/AWSLogs/<ACCOUNT-ID>/elasticloadbalancing/<REGION>/2022/05/21/'
- 在导航窗格的表下,选择预览表。
- 在结果窗口中,查看应用程序负载均衡器访问日志中的数据。
注意:使用查询编辑器对该表运行 SQL 语句。
- AWS 官方已更新 1 年前
- AWS 官方已更新 9 个月前
- AWS 官方已更新 9 个月前
- AWS 官方已更新 4 年前