2

I am trying to get ElasticSearch configured correctly with ETW/Out-Of-Process logging. I have successfully installed the latest version of the Out-Of-Process logger and followed the steps outlined on the SLAB site.

My SemanticLogging-svc.xml looks like this:

<?xml version="1.0" encoding="utf-8" ?>
<configuration xmlns="http://schemas.microsoft.com/practices/2013/entlib/semanticlogging/etw"
               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xsi:schemaLocation="http://schemas.microsoft.com/practices/2013/entlib/semanticlogging/etw SemanticLogging-svc.xsd">
  
  <!-- Optional settings for fine tuning performance and Trace Event Session identification-->
  <traceEventService/>

  <!-- Sinks reference definitons used by this host to listen ETW events -->
  <sinks>
        <elasticsearchSink instanceName="slabtest" connectionString="http://localhost:9200" name="out" index="outofprocessslab" type="test">
      <sources>
        <eventSource name="ServiceBaseEventSource" level="LogAlways"/>
      </sources>
    </elasticsearchSink>
  
  
    <!-- The service identity should have security permissions to access the resource according to each event sink -->
    <flatFileSink name="svcRuntime" fileName="SemanticLogging-svc.runtime.log" >
      <sources>
        <!-- The below settings shows a simple configuration sample for the buit-in non-transient fault tracing -->
        <!-- Remove this eventSource if you'd like, and add your own configuration according to the documentation -->
        <!-- The name attribute is from the EventSource.Name Property -->
        <eventSource name="ServiceBaseEventSource" level="LogAlways"/>
      </sources>
      <!--[Add any built-in or custom formatter here if the sink supports text formatters]-->
      <eventTextFormatter header="----------"/>
    </flatFileSink>
    
    <!--[Add any built-in or custom sink definition here]-->
  
  </sinks>

</configuration>

However, when I attempt to start the service I get the following error message:

c:\slab-svc2\tools>SemanticLogging-svc.exe -c
Enterprise Library Semantic Logging Service v2.0.1406.1
Microsoft Enterprise Library
Microsoft Corporation


One or more errors occurred when loading the TraceEventService configuration file.
Configuration file: C:\Tools\slab-svc2\tools\SemanticLogging-svc.xml
The element 'sinks' has invalid child element 'elasticsearchSink'. List of possible elements expecte
d: 'flatFileSink, rollingFlatFileSink, windowsAzureTableSink, sqlDatabaseSink, consoleSink, customSi
nk' as well as any element in namespace '##other'.
Line number: 11, Line position: 7

I should also note that I have downloaded the FullScale180.SemanticLogging.Elasticsearch nuget package and placed it in the same directory as the executable. I came across a vague blog post saying that the ElasticSearch components of SLAB were now a community project which pointed me in that direction. But how do I configure this to work with the out of process service?

Thanks.

Community
  • 1
  • 1
ohlando
  • 301
  • 1
  • 7

2 Answers2

1

In case anybody is interested.... it seems SLAB Out-Of-Process Service 2.0 does not support ElasticSearch anymore. I solved this by rolling back to version 1.1.

ohlando
  • 301
  • 1
  • 7
1

Ohlando, the elasticsearchSink configuration element does not seem to be directly supported anymore (in 2.0). However, you can download the code from git and the elasticsearch dll (Microsoft.Practices.EnterpriseLibrary.SemanticLogging.Elasticsearch.dll) is still in the project. If you add a customSink attribute, you can get it to work. Here is how I got it to work:

<customSink type=" Microsoft.Practices.EnterpriseLibrary.SemanticLogging.Sinks.ElasticsearchSink,Microsoft.Practices.EnterpriseLibrary.SemanticLogging.Elasticsearch" 
 name="ElasticSearchOutput">
  <sources>
    <eventSource name="EventName" level="LogAlways"/>
  </sources>
<parameters>
    <parameter name="instanceName" type="System.String" value="instance" />
    <parameter name="connectionString" type="System.String" value="http://localhost:9200" />
    <parameter name="index" type="System.String" value="indexWithoutTheMinus" />
    <parameter name="type" type="System.String" value="TypeHere" />
    <parameter name="flattenPayload" type="System.Nullable`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]" value="false" />
    <parameter name="bufferInterval" type="System.TimeSpan" value="00:00:01" />
    <parameter name="bufferingCount" type="System.Int32" value="1" />
    <parameter name="maxBufferSize" type="System.Int32" value="500" />
    <parameter name="onCompletedTimeout" type="System.TimeSpan" value="00:00:10" />

This works for me in v2! I couldn't find this in any of the documentation, though. I also wonder if anyone from the SLAB team reads this and can comment on if there is a way to add the shorthand configuration back into the binaries? I have downloaded and poked around the code, but I haven't found where this happens, yet.

Thanks Scott

Scott Meddows
  • 11
  • 3
  • It's the answer I was looking for! Many thanks. BTW the current version of Elasticsearch sink is [here](https://github.com/fullscale180/slab-sinks) – rnort Oct 13 '16 at 18:40
  • Thanks, mort. I just included SLAB in a new project and noticed the ES Nuget package it downloaded then came across this in my SO profile. Man, Nuget is sooooo good :) – Scott Meddows May 18 '18 at 16:53