Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
03 Example Configurations
Basic logging with no buffer
<appender name="ElasticSearchAppender" type="log4net.ElasticSearch.ElasticSearchAppender, log4net.ElasticSearch"> <connectionString value="Server=localhost;Index=log;"/> <bufferSize value="0" /> </appender>
This is the most basic appender you can setup. The
<connectionString> contains only the bare essentials of configurations. It will log all messages to your local computer. All messages will be logged to the same index called "log". No buffer is used at all so each event will be logged to Elasticsearch as it happens, one at a time. This is a good configuration for local debugging. It's quick and easy to setup and will log all messages regardless of the threshold level (unless you modify the threshold in the appender configuration elsewhere).
Https with a username and password
<appender name="ElasticSearchAppender" type="log4net.ElasticSearch.ElasticSearchAppender, log4net.ElasticSearch"> <connectionString value="Scheme=https;User=username;Pwd=password;Server=es-log-01;Index=log;Port=9200"/> <bufferSize value="0" /> </appender>
If you're using a 3rd party hosted Elasticsearch solution, or are securing your Elasticsearch cluster with a plugin like Shield, you may need to specify using
https in the
scheme and adding a
password to the
connectionString. In this case we're logging to a server called "es-log-01".
Rolling indexes with a buffer
<appender name="ElasticSearchAppender" type="log4net.ElasticSearch.ElasticSearchAppender, log4net.ElasticSearch"> <connectionString value="Server=es-log-01;Index=log;Port=9200;rolling=true"/> <lossy value="false" /> <evaluator type="log4net.Core.LevelEvaluator"> <threshold value="ERROR" /> </evaluator> <bufferSize value="100" /> </appender>
Here we're again logging messages to the "es-log-01" server, we've specified the
port which is the default 9200, and we've added a
100. This will cause log4net.ElasticSearch to use the _bulk API in order to log messages more efficiently to Elasticsearch and cut down on unneeded network traffic.
thresholdin this example is set to
ERROR. This is important when using a buffered appender. This setting will cause messages to accumulate in the buffer as long as they are below ERROR in level, ie DEBUG, INFO, and WARN. As long as events arrive at those 3 levels, the buffer will continue to accumulate messages until 100 are in and then the buffer will flush and write the messages to Elasticsearch. IF the
thresholdvalue were set to
ALL, for example, every single message that arrived would cause the buffer to flush and you'd be writing 1 message at at time over the _bulk API which defeats the purpose of using it or having a buffer at all.