capture mysql query response using packetbeat

Question

I have used packetbeat and found it very useful.

But the document does not contain the response received from the server. For e.g. in case of mysql, I have a field num_rows but not the actual data that is returned.

https://www.elastic.co/guide/en/beats/packetbeat/current/exported-fields-mysql.html

I checked the above page and there is no way to enable packets received from port 3306 if mysql.query can be captured, why not mysql.query_response?

Is there any other utility in beats family that can help in this?

I hope you are looking for this https://discuss.elastic.co/t/are-the-mysql-responses-captured-by-packetbeat/47408 ? — Tarun Lalwani, Mar 04 '18 at 05:41
@TarunLalwani Yes. that is correct. Can you post this as answer so that I can accept it? — shantanuo, Mar 05 '18 at 15:41

score 1 · Accepted Answer · answered Mar 05 '18 at 16:14

As discussed in the Elastic search forums

https://discuss.elastic.co/t/are-the-mysql-responses-captured-by-packetbeat/47408

You have to enable send_response: true in mysql protocol section to store query results. You can find all the parameters below

https://www.elastic.co/guide/en/beats/packetbeat/current/packetbeat-reference-yml.html

capture mysql query response using packetbeat

1 Answers1