ワンライナー
$ tail -qf access.*.log | ruby -e 'loop { line=STDIN.readline; time=line.scan(/reqtime:([0-9.]+)/)[0][0].to_f; puts line if time >= 1 }'
time:30/Nov/2016:00:55:08 +0900 host:xxx.xxx.xxx.xxx forwardedfor:- req:GET /v1/xxx HTTP/1.1 status:200 size:4968 referer:- ua:Java/1.6.0_31 reqtime:2.532 apptime:2.532 vhost:api.example.com
time:30/Nov/2016:00:56:37 +0900 host:xxx.xxx.xxx.xxx forwardedfor:- req:GET /v1/yyy HTTP/1.1 status:200 size:412 referer:- ua:Java/1.6.0_17 reqtime:3.580 apptime:3.580 vhost:api.example.com
補足
ログの設定は下記の通り。
log_format ltsv "time:$time_local"
"\thost:$remote_addr"
"\tforwardedfor:$http_x_forwarded_for"
"\treq:$request"
"\tstatus:$status"
"\tsize:$body_bytes_sent"
"\treferer:$http_referer"
"\tua:$http_user_agent"
"\treqtime:$request_time"
"\tapptime:$upstream_response_time"
"\tvhost:$host";
- $request_time: クライアントからのリクエスト受信を開始してから、レスポンスを送信しきるまでの時間。
- \$upstream_response_time: upstreamサーバ、例えばproxy_passしてる先のサーバからレスポンスを受け取るまでの時間($request_timeと比べて説明が曖昧)