An ElasticSearch REST appender for Log4j2
This is a simple appender that sends your log data JSON formatted directly to ElasticSearch via the REST API. There are options to buffer the logs before sending in bulk. Two options are provided for the buffering of logs.
- Max Bulk Size: when set to a value greater than
0it will buffer messages untilmaxBulkSizeis reached, when it will then send the whole lot using ElasticSearch's_bulkAPI (defaults to200). - Max Delay Time: similarly to the previous option,
maxDelayTimewill accumulate log messages for up tomaxDelayTimein milliseconds (counted from the first message received) and it will send the entirety of the accumulated messages in a single bulk (defaults to2000ms).
Any combination of the two options can be used. Setting any to 0 effectively disables it, if both are set to 0 logs are sent one by one as soon as they are received.
The appender uses the JSONLayout by default, but a custom layout can be provided. The only requirement is that the layout produces an application/json content type.