dhsathiya

fields @timestamp, @message
| parse @message '*Query_time: * Lock_time: * Rows_sent: * Rows_examined: *\n*' as host, query_time, lock_time, rows_sent, rows_examined, query
| sort query_time desc
| limit 100

dhsathiya

useful command for debugging.

tail -f <filename>
tail -f -n <number-of-tailing-lines> <filename>

#example to tail from last 1000 files
tail -f -n 1000 <filename>