-
Notifications
You must be signed in to change notification settings - Fork 196
Configure the sink
You need to pass in a configuration instance when registering the sink. In the constructor you need to pass in at least a uri where the Elasticsearch server is running. This is in the form of http://localhost:9200
for example.
You can also pass in multiple addresses and the internal Elasticsearch.net library will use all the addresses and connect to the first one responding. When this instance fails to respond it will automatically switch to the other ones listed. Use this to provide higher availability for your Elasticsearch endpoints.
var sink = new ElasticsearchSink(new ElasticsearchSinkOptions(new[] { new Uri("http://server1:9200"), new Uri("http://server2:9200") }));
Note: some of the options can be set using the appSettings reader.
<appSettings>
<add key="serilog:using" value="Serilog.Sinks.Elasticsearch"/>
<add key="serilog:write-to:Elasticsearch.nodeUris" value="http://localhost:9200;http://remotehost:9200"/>
<add key="serilog:write-to:Elasticsearch.indexFormat" value="custom-index-{0:yyyy.MM}"/>
<add key="serilog:write-to:Elasticsearch.templateName" value="myCustomTemplate"/>
</appSettings>
With the appSettings configuration the nodeUris property is required. Multiple nodes can be specified using , or ; to separate them. All other properties are optional.
You can set the following options in the ElasticsearchSinkOptions
instance that you pass to the sink.
Property | Default value | Description |
---|---|---|
AutoRegisterTemplate | False | When set to true the sink will register an index template for the logs in Elasticsearch. This template is optimized to deal with serilog events. |
TemplateName | serilog-events-template | When using the AutoRegisterTemplate feature this allows you to override the default template name. |
ModifyConnectionSettings | Pass in a custom function for the connection configuration to use for connecting to the cluster. | |
IndexFormat | logstash-{0:yyyy.MM.dd} | The index name formatter. A string.Format using the DateTimeOffset of the event is run over this string. |
TypeName | logevent | The default elasticsearch type name to use for the log events. |
BatchPostingLimit | 50 | The maximum number of events to post in a single batch. |
Period | 2 seconds | The time (a timespan) to wait between checking for event batches. |
FormatProvider | null | Supplies culture-specific formatting information. |
Connection | Allows you to override the connection used to communicate with elasticsearch. | |
ConnectionTimeout | 5 seconds | The connection timeout (a timespan) when sending bulk operations to elasticsearch. |
InlineFields | False | When true fields will be written at the root of the json document. |
MinimumLogEventLevel | restrictedToMinimumLevel | The minimum log event level required in order to write an event to the sink. |
Serializer | When passing a serializer an unknown object will be serialized to object instead of relying on their ToString representation. | |
ConnectionPool | The connectionpool describing the cluster to write event to. | |
IndexDecider | (@event, offset) => string.Format(options.IndexFormat, offset) | Function to decide which index to write the LogEvent to. |
BufferBaseFilename | Optional path to directory that can be used as a log shipping buffer for increasing the reliability of the log forwarding. | |
BufferFileSizeLimitBytes | No limit | The maximum size, in bytes, to which the buffer log file for a specific date will be allowed to grow. By default no limit will be applied. |
BufferLogShippingInterval | 5000 | The interval (in milliseconds) between checking the buffer files. |
CustomFormatter | Customizes the formatter used when converting log events into ElasticSearch documents. Please note that the formatter output must be valid JSON. | |
CustomDurableFormatter | Customizes the formatter used when converting log events into the durable sink. Please note that the formatter output must be valid JSON. | |
FormatStackTraceAsArray | False | When set to true the Exception StackTraceString property, which is a single string with all the Stack Trace lines, is replaced by a property called StackTrace, which is an array with all the Stack Trace lines split by Environment.NewLine |