The Enterprise Library team have released a new Semantic Logging Application Block which now includes an Elasticsearch sink. I have also created a Slab.Elasticsearch NuGet package but do not see the point in supporting this anymore, now that it is part of the SLAB itself. One of the major features which my package was missing, was the support for bulk or buffered inserts. This is included in the new package. This BufferedEventPublisher can also be used for any custom sinks which makes the Semantic.Logging very easy to extend now.
How to use the Elasticsearch sink:
Create a console application and install the following packages:
EnterpriseLibrary.SemanticLogging version=1.1.1403.1
EnterpriseLibrary.SemanticLogging.Elasticsearch version=1.1.1403.1
Required just for Out-of-Process logging.
EnterpriseLibrary.SemanticLogging.Service version=1.1.1403.2
Add an EventSource class to your project:
using System.Diagnostics.Tracing;
namespace SemanticLogging.Elasticsearch.Console
{
[EventSource(Name = "TestEvents")]
public class TestEvents : EventSource
{
public static readonly TestEvents Log = new TestEvents();
[Event(1, Message = "TestEvents Critical: {0}", Level = EventLevel.Critical)]
public void Critical(string message)
{
if (IsEnabled()) WriteEvent(1, message);
}
[Event(2, Message = "TestEvents Error {0}", Level = EventLevel.Error)]
public void Error(string message)
{
if (IsEnabled()) WriteEvent(2, message);
}
[Event(3, Message = "TestEvents Informational {0}", Level = EventLevel.Informational)]
public void Informational(string message)
{
if (IsEnabled()) WriteEvent(3, message);
}
[Event(4, Message = "TestEvents LogAlways {0}", Level = EventLevel.LogAlways)]
public void LogAlways(string message)
{
if (IsEnabled()) WriteEvent(4, message);
}
[Event(5, Message = "TestEvents Verbose {0}", Level = EventLevel.Verbose)]
public void Verbose(string message)
{
if (IsEnabled()) WriteEvent(5, message);
}
[Event(6, Message = "TestEvents Warning {0}", Level = EventLevel.Warning)]
public void Warning(string message)
{
if (IsEnabled()) WriteEvent(6, message);
}
}
}
The following code demonstates how to create in-process logging for your application. The code adds a listener with logs to the Elasticsearch engine found at http://localhost:9200. If your server is running, logs will be written to the myindex-date index in Elasticsearch. The problem with this solution, is that per default the buffer is set to a 1000 records and added with a bulk insert. When the application stops, logs will/can be lost. The buffer size can be reduced to 1 and the delay to one second. This causes more traffic, but less logs will be lost. A flush function would be nice for in-process logging.
var listener = new ObservableEventListener();
listener.EnableEvents(TestEvents.Log, EventLevel.LogAlways, Keywords.All);
listener.LogToConsole();
listener.LogToElasticsearch("SLABEL","http://localhost:9200", "myindex", "mytype", bufferingCount:2);
TestEvents.Log.Critical("Hello world In-Process Critical");
TestEvents.Log.Error("Hello world In-Process Error");
TestEvents.Log.Informational("Hello world In-Process Informational");
Another solution would be to use OUT-OF-PROCESS logging. First remove the in-process logging and just add 3 log events.
TestEvents.Log.Critical("Hello world Out-Of-Process Critical");
TestEvents.Log.Error("Hello world Out-Of-Process Error");
TestEvents.Log.Informational("Hello world Out-Of-Process Informational");
Now install the service which was installed using NuGet. NOTE: it is important that this is installed close to the root directory, otherwise it will not run correctly due to too many characters in the path. When he service is installed, add the following configuration to the SemanticLogging-svc.xml file:
<?xml version="1.0" encoding="utf-8" ?>
<configuration xmlns="http://schemas.microsoft.com/practices/2013/entlib/semanticlogging/etw"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://schemas.microsoft.com/practices/2013/entlib/semanticlogging/etw SemanticLogging-svc.xsd">
<traceEventService/>
<sinks>
<elasticsearchSink instanceName="slabtest" connectionString="http://localhost:9200" name="out" index="outofprocessslab" type="test">
<sources>
<eventSource name="TestEvents" level="LogAlways"/>
</sources>
</elasticsearchSink>
</sinks>
</configuration>
When the application is started and stopped, all logs will be written to the Elasticsearch search and analytics engine.
The new Elasticsearch sink is a great feature and now you have the power of high performance logging with high performance searching. What could be better.
Links:
http://www.nuget.org/packages/EnterpriseLibrary.SemanticLogging.Elasticsearch/
https://slab.codeplex.com/wikipage?title=ElasticsearchSink
https://damienbod.wordpress.com/2014/01/24/getting-started-with-elasticsearch-and-net/
https://damienbod.wordpress.com/2014/02/01/semantic-logging-with-elasticsearch/
Software Engineering 
Does the listener.LogToElasticsearch support basic auth (login/password)?