03 Example Configurations

JP Toto edited this page May 12, 2016 · 4 revisions

Basic logging with no buffer

<appender name="ElasticSearchAppender" type="log4net.ElasticSearch.ElasticSearchAppender, log4net.ElasticSearch">
    <connectionString value="Server=localhost;Index=log;"/>
    <bufferSize value="0" />

This is the most basic appender you can setup. The <connectionString> contains only the bare essentials of configurations. It will log all messages to your local computer. All messages will be logged to the same index called "log". No buffer is used at all so each event will be logged to Elasticsearch as it happens, one at a time. This is a good configuration for local debugging. It's quick and easy to setup and will log all messages regardless of the threshold level (unless you modify the threshold in the appender configuration elsewhere).

Https with a username and password

<appender name="ElasticSearchAppender" type="log4net.ElasticSearch.ElasticSearchAppender, log4net.ElasticSearch">
    <connectionString value="Scheme=https;User=username;Pwd=password;Server=es-log-01;Index=log;Port=9200"/>
    <bufferSize value="0" />

If you're using a 3rd party hosted Elasticsearch solution, or are securing your Elasticsearch cluster with a plugin like Shield, you may need to specify using https in the scheme and adding a user and password to the connectionString. In this case we're logging to a server called "es-log-01".

Rolling indexes with a buffer

<appender name="ElasticSearchAppender" type="log4net.ElasticSearch.ElasticSearchAppender, log4net.ElasticSearch">
    <connectionString value="Server=es-log-01;Index=log;Port=9200;rolling=true"/>
    <lossy value="false" />
    <evaluator type="log4net.Core.LevelEvaluator">
            <threshold value="ERROR" />
    <bufferSize value="100" />

Here we're again logging messages to the "es-log-01" server, we've specified the port which is the default 9200, and we've added a bufferSize of 100. This will cause log4net.ElasticSearch to use the _bulk API in order to log messages more efficiently to Elasticsearch and cut down on unneeded network traffic.

NOTE: The evaluator threshold in this example is set to ERROR. This is important when using a buffered appender. This setting will cause messages to accumulate in the buffer as long as they are below ERROR in level, ie DEBUG, INFO, and WARN. As long as events arrive at those 3 levels, the buffer will continue to accumulate messages until 100 are in and then the buffer will flush and write the messages to Elasticsearch. IF the threshold value were set to ALL, for example, every single message that arrived would cause the buffer to flush and you'd be writing 1 message at at time over the _bulk API which defeats the purpose of using it or having a buffer at all.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.