我是ES和Serilog的新手,但我的搜索还没有产生这个答案。 我试图弄清楚如何使用Serilog以这样的方式向Elasticsearch发送数据:如果数据包含字段(例如,如果它是具有公共属性的对象),则数据显示在ES中,并且这些属性为领域。 到目前为止,我已经得到使用RenderedCompactJsonFormatter和匿名类型来实现这一点(见下文),但仍然产生命名字段,其中字段中的数据是除了“新”部分之外的所有内容。匿名类型声明:
var log = new LoggerConfiguration() .MinimumLevel.Information() .WriteTo.Elasticsearch(new ElasticsearchSinkOptions(new Uri("http://localhost:9200/test_srpostimes")) { InlineFields = true, IndexDecider = (@event,offset) => "test_elapsedtimes", CustomFormatter = new RenderedCompactJsonFormatter() }) .WriteTo.Console() .CreateLogger(); var elapsedTime = new {Time = 64}; var timeStamp = new {Timestamp = DateTime.Now}; var transID = new {TransID = "551674"}; log.Information("{timeStamp} {transID} {elapsedTime}", timeStamp, transID, elapsedTime);这会产生:
@t: 2016-07-11T18:45:35.0349343Z @m: "{ Timestamp = 7/11/2016 2:45:35 PM }" "{ TransID = 551674 }" "{ Time = 64 }" @i: b3ee2c05 timeStamp: { Timestamp = 7/11/2016 2:45:35 PM } transID: { TransID = 551674 } elapsedTime: { Time = 64 } _id: AVXbR11WjgSgCs5HSlYY _type: logevent _index: test_srpostimes _score: 1是否有更好的方法可以使用ES(和Kibana)中的字段搜索/可视化我们的数据?
I'm new to ES and Serilog, but my searches haven't produced this answer yet. I am trying to figure out how to use Serilog to send data to Elasticsearch in such a way that, if the data contains fields (for instance, if it's an object that has public properties), the data shows up in ES with those properties as fields. So far, I've gotten as far as using a RenderedCompactJsonFormatter and anonymous types to be able to achieve this mostly (see below), but that still produces named fields where the data in the fields is everything but the "new" part of the anonymous type declaration:
var log = new LoggerConfiguration() .MinimumLevel.Information() .WriteTo.Elasticsearch(new ElasticsearchSinkOptions(new Uri("http://localhost:9200/test_srpostimes")) { InlineFields = true, IndexDecider = (@event,offset) => "test_elapsedtimes", CustomFormatter = new RenderedCompactJsonFormatter() }) .WriteTo.Console() .CreateLogger(); var elapsedTime = new {Time = 64}; var timeStamp = new {Timestamp = DateTime.Now}; var transID = new {TransID = "551674"}; log.Information("{timeStamp} {transID} {elapsedTime}", timeStamp, transID, elapsedTime);This produces:
@t: 2016-07-11T18:45:35.0349343Z @m: "{ Timestamp = 7/11/2016 2:45:35 PM }" "{ TransID = 551674 }" "{ Time = 64 }" @i: b3ee2c05 timeStamp: { Timestamp = 7/11/2016 2:45:35 PM } transID: { TransID = 551674 } elapsedTime: { Time = 64 } _id: AVXbR11WjgSgCs5HSlYY _type: logevent _index: test_srpostimes _score: 1Is there a better way to do this so that our data can be searched/visualized using fields in ES (and Kibana)?
最满意答案
我想到了。 我改变了构造以使用ElasticsearchJsonFormatter。 由于记录器似乎能够从消息中解析字段名称,因此我切换到了一个对象并传入了属性:
var log = new LoggerConfiguration() .MinimumLevel.Information() .WriteTo.Elasticsearch(new ElasticsearchSinkOptions(new Uri("http://localhost:9200/test_srpostimes")) { IndexDecider = (@event,offset) => "test_elapsedtimes", CustomFormatter = new ElasticsearchJsonFormatter() }) .WriteTo.Console() .CreateLogger(); var elapsedTimeMessage = new ElapsedTimeMessage(DateTime.Now.Millisecond); log.Information("{EventTime} {EventId} {ElapsedTime}", elapsedTimeMessage.EventTime, elapsedTimeMessage.EventId, elapsedTimeMessage.ElapsedTime);这在ES中产生了更可读的输出:
"_source": { "@timestamp": "2016-07-12T09:03:21.5804873-04:00", "level": "Information", "messageTemplate": "{EventTime} {EventId} {ElapsedTime}", "fields": { "EventTime": "2016-07-12T09:03:21.5754873-04:00", "EventId": "575", "ElapsedTime": 575 } }I figured it out. I changed the construction to use the ElasticsearchJsonFormatter. Since the logger seemed to be able to parse the field name from the message, I switched to an object and passed in the properties instead:
var log = new LoggerConfiguration() .MinimumLevel.Information() .WriteTo.Elasticsearch(new ElasticsearchSinkOptions(new Uri("http://localhost:9200/test_srpostimes")) { IndexDecider = (@event,offset) => "test_elapsedtimes", CustomFormatter = new ElasticsearchJsonFormatter() }) .WriteTo.Console() .CreateLogger(); var elapsedTimeMessage = new ElapsedTimeMessage(DateTime.Now.Millisecond); log.Information("{EventTime} {EventId} {ElapsedTime}", elapsedTimeMessage.EventTime, elapsedTimeMessage.EventId, elapsedTimeMessage.ElapsedTime);That produced a much more readable output in ES:
"_source": { "@timestamp": "2016-07-12T09:03:21.5804873-04:00", "level": "Information", "messageTemplate": "{EventTime} {EventId} {ElapsedTime}", "fields": { "EventTime": "2016-07-12T09:03:21.5754873-04:00", "EventId": "575", "ElapsedTime": 575 } }更多推荐
发布评论