ASerilog sink that writes logs directly toElasticsearch orElastic Cloud

Add a reference to theElastic.Serilog.Sinks package:

<PackageReference Include="Elastic.Serilog.Sinks" Version="8.6.0" />

There’s a few ways that you can extend aSerilogLoggerConfiguration:

Log.Logger = new LoggerConfiguration().MinimumLevel.Debug().Enrich.FromLogContext()

NOTE: Don’t forget we also publish anElastic.Apm.SerilogEnricher for the Elastic APM Agent!

Writing toElasticsearch

.WriteTo.Elasticsearch(new [] { new Uri("http://localhost:9200" )}, opts =>{opts.DataStream = new DataStreamName("logs", "console-example", "demo");opts.BootstrapMethod = BootstrapMethod.Failure;opts.ConfigureChannel = channelOpts =>{channelOpts.BufferOptions = new BufferOptions{ConcurrentConsumers = 10};};}, transport =>{// transport.Authentication(new BasicAuthentication(username, password));// transport.Authentication(new ApiKey(base64EncodedApiKey));})

1. Basic Auth
2. ApiKey

Writing toElastic Cloud:

.WriteTo.ElasticCloud("cloudId", "cloudUser", "cloudPass", opts =>

opts is an instance ofElasticsearchSinkOptions with the following options

Note that you can also passElasticsearchSinkOptions directly

.WriteTo.Elasticsearch(new ElasticsearchSinkOptions(client.Transport))

This allows you to reuse theTransport used by the Elasticsearch Client for instance.

When Elasticsearch security features are enabled, requests without a valid authentication header will be rejected. You can enable authentication via one of the methods below:

Basic Auth

.WriteTo.Elasticsearch(new [] { new Uri("http://localhost:9200" )}, opts =>{...}, transport =>{transport.Authentication(new BasicAuthentication(username, password));})

1. Basic authentication

API Key

.WriteTo.Elasticsearch(new [] { new Uri("http://localhost:9200" )}, opts =>{...}, transport =>{transport.Authentication(new ApiKey(base64EncodedApiKey));})

1. API Key

To learn more about authentication with the Elastic Stack, seeUser Authentication.

This sink by proxy of its formatter allows you to set ECS fields directly from the message template using properties that adhere to thehttps://messagetemplates.org/ format.

The available ECS message template properties are listed underLogTemplateProperties.* e.gLogTemplateProperties.TraceId

Log.Information("The time is {TraceId}", "my-trace-id");

Will overridetrace.id on the resulting ECS json document.

In case of issues, you can enable theSerilog Self-Log feature to expose any error you might have encountered.

• Serilog.Sinks.Elasticsearch is an amazing community led sink that has a ton of options and works against older Elasticsearch versions< 8.0.
• Serilog.Sinks.Elasticsearch is unofficially supported by Elastic with some of the .NET team helping to maintain it.
• Elastic.Serilog.Sinks isofficially supported by Elastic and was purposely build to adhere to newer best practices around logging, datastreams and ILM.
• Elastic.Serilog.Sinks is purposely build to have fewer configuration options and be more prescriptive thanSerilog.Sinks.Elasticsearch.
• That is not to say there aren’t plenty of configuration hooks inElastic.Serilog.Sinks

• Elastic.Serilog.Sinks only works withElasticsearch 8.x and up.
• This is because the bootrapping (BootstrapMethod) attempts to load templates build for Elasticsearch 8.0 and up.
• Elastic.Serilog.Sinks has only one way it emits data to Elasticsearch confirming to theecs-logging specification
• That doesn’t mean you can not introduce your own additional properties though.
• Elastic.Serilog.Sinks has no durable mode.
• If you need higher guarantees on log delivery useSerilog.Sinks.File with ourECS log formatter for Serilog and usefilebeat to ship these logs.
• Check outElastic Agent and Fleet to simplify collecting logs and metrics on the edge.

If you miss a particular feature fromSerilog.Sinks.Elasticsearch inElastic.Serilog.Sinks please open afeature request! We’d love to grow this sink organically moving forward.