使用 NEST 从 elasticsearch 查询现有索引
Query existing index from elasticsearch using NEST
我们安装了带有 kibana 的 elasticsearch,我想知道是否可以使用 NEST 编写查询来显示 .Net 程序的日志文件?
我尝试创建一个简单的 LogMessage POCO class 来提取消息,但没有成功。
[ElasticsearchType(IdProperty = "Id")]
public class LogMessage
{
public Guid? Id { get; set; }
public Source Source { get; set; }
}
public class Source
{
public String Message { get; set; }
}
搜索代码非常简单
var local = new Uri("http://servername:9200");
var settings = new ConnectionSettings(local);
var elastic = new ElasticClient(settings);
var request = new SearchRequest
{
From = 0,
Size = 10,
};
var r = elastic.Search<LogMessage>(request);
- 我的 LogMessage class 应该是什么样的?
kibana 中的事件如下所示。我们使用 serilog 将消息记录到 elasticsearch 服务器
{
"_index": "oxyb-01-2016.08",
"_type": "logevent",
"_id": "AVbfrnje902hsaMqv0p2",
"_score": 1,
"_source": {
"@timestamp": "2016-08-31T18:19:26.9228089+10:00",
"level": "Debug",
"messageTemplate": "Simple message",
"message": "Simple message",
"fields": {
"Session": "AP2016831/08/2016 6:10:19 PM",
"TX": "TX123-001 None",
"ExecutionTime": 523792,
"MethodTime": 109,
"TransactionId": "6058862c-3f45-4956-8992-eb34eba0fa9b",
"Workorder": "WoAP70906YY0831031604526",
},
"renderings": {
"0": [
{
"Format": "0.00",
"Rendering": "0.00"
}
]
}
},
"fields": {
"@timestamp": [
1472631566922
]
}
}
来源是响应中 _source 属性 中的所有内容
"_source": {
"@timestamp": "2016-08-31T18:19:26.9228089+10:00",
"level": "Debug",
"messageTemplate": "Simple message",
"message": "Simple message",
"fields": {
"Session": "AP2016831/08/2016 6:10:19 PM",
"TX": "TX123-001 None",
"ExecutionTime": 523792,
"MethodTime": 109,
"TransactionId": "6058862c-3f45-4956-8992-eb34eba0fa9b",
"Workorder": "WoAP70906YY0831031604526",
},
"renderings": {
"0": [
{
"Format": "0.00",
"Rendering": "0.00"
}
]
}
},
所以您的 LogMessage 类型应该具有每个这些的属性。看起来 fields 可以包含任意键?如果是这种情况,您可能希望将其映射为 Dictionary<string, object>;如果不是这种情况,则也将其映射为特定的 POCO 类型。在最简单的情况下,像这样的映射就可以了
[ElasticsearchType(Name = "logevent")]
public class LogMessage
{
[JsonProperty("@timestamp")]
public DateTimeOffset Timestamp {get; set; }
public string Level {get; set; }
public string MessageTemplate {get; set; }
public string Message {get; set; }
public Dictionary<string, object> Fields {get; set; }
public Dictionary<string, object[]> Renderings {get; set; }
}
我们可以使用以下方法测试它是否按预期工作
void Main()
{
var client = new ElasticClient();
var json = @"{
""@timestamp"": ""2016-08-31T18:19:26.9228089+10:00"",
""level"": ""Debug"",
""messageTemplate"": ""Simple message"",
""message"": ""Simple message"",
""fields"": {
""Session"": ""AP2016831/08/2016 6:10:19 PM"",
""TX"": ""TX123-001 None"",
""ExecutionTime"": 523792,
""MethodTime"": 109,
""TransactionId"": ""6058862c-3f45-4956-8992-eb34eba0fa9b"",
""Workorder"": ""WoAP70906YY0831031604526"",
},
""renderings"": {
""0"": [
{
""Format"": ""0.00"",
""Rendering"": ""0.00""
}
]
}
}";
LogMessage log = null;
using (var stream = new MemoryStream(Encoding.UTF8.GetBytes(json)))
log = client.Serializer.Deserialize<LogMessage>(stream);
// do something with log
}
我们安装了带有 kibana 的 elasticsearch,我想知道是否可以使用 NEST 编写查询来显示 .Net 程序的日志文件?
我尝试创建一个简单的 LogMessage POCO class 来提取消息,但没有成功。
[ElasticsearchType(IdProperty = "Id")]
public class LogMessage
{
public Guid? Id { get; set; }
public Source Source { get; set; }
}
public class Source
{
public String Message { get; set; }
}
搜索代码非常简单
var local = new Uri("http://servername:9200");
var settings = new ConnectionSettings(local);
var elastic = new ElasticClient(settings);
var request = new SearchRequest
{
From = 0,
Size = 10,
};
var r = elastic.Search<LogMessage>(request);
- 我的 LogMessage class 应该是什么样的?
kibana 中的事件如下所示。我们使用 serilog 将消息记录到 elasticsearch 服务器
{
"_index": "oxyb-01-2016.08",
"_type": "logevent",
"_id": "AVbfrnje902hsaMqv0p2",
"_score": 1,
"_source": {
"@timestamp": "2016-08-31T18:19:26.9228089+10:00",
"level": "Debug",
"messageTemplate": "Simple message",
"message": "Simple message",
"fields": {
"Session": "AP2016831/08/2016 6:10:19 PM",
"TX": "TX123-001 None",
"ExecutionTime": 523792,
"MethodTime": 109,
"TransactionId": "6058862c-3f45-4956-8992-eb34eba0fa9b",
"Workorder": "WoAP70906YY0831031604526",
},
"renderings": {
"0": [
{
"Format": "0.00",
"Rendering": "0.00"
}
]
}
},
"fields": {
"@timestamp": [
1472631566922
]
}
}
来源是响应中 _source 属性 中的所有内容
"_source": {
"@timestamp": "2016-08-31T18:19:26.9228089+10:00",
"level": "Debug",
"messageTemplate": "Simple message",
"message": "Simple message",
"fields": {
"Session": "AP2016831/08/2016 6:10:19 PM",
"TX": "TX123-001 None",
"ExecutionTime": 523792,
"MethodTime": 109,
"TransactionId": "6058862c-3f45-4956-8992-eb34eba0fa9b",
"Workorder": "WoAP70906YY0831031604526",
},
"renderings": {
"0": [
{
"Format": "0.00",
"Rendering": "0.00"
}
]
}
},
所以您的 LogMessage 类型应该具有每个这些的属性。看起来 fields 可以包含任意键?如果是这种情况,您可能希望将其映射为 Dictionary<string, object>;如果不是这种情况,则也将其映射为特定的 POCO 类型。在最简单的情况下,像这样的映射就可以了
[ElasticsearchType(Name = "logevent")]
public class LogMessage
{
[JsonProperty("@timestamp")]
public DateTimeOffset Timestamp {get; set; }
public string Level {get; set; }
public string MessageTemplate {get; set; }
public string Message {get; set; }
public Dictionary<string, object> Fields {get; set; }
public Dictionary<string, object[]> Renderings {get; set; }
}
我们可以使用以下方法测试它是否按预期工作
void Main()
{
var client = new ElasticClient();
var json = @"{
""@timestamp"": ""2016-08-31T18:19:26.9228089+10:00"",
""level"": ""Debug"",
""messageTemplate"": ""Simple message"",
""message"": ""Simple message"",
""fields"": {
""Session"": ""AP2016831/08/2016 6:10:19 PM"",
""TX"": ""TX123-001 None"",
""ExecutionTime"": 523792,
""MethodTime"": 109,
""TransactionId"": ""6058862c-3f45-4956-8992-eb34eba0fa9b"",
""Workorder"": ""WoAP70906YY0831031604526"",
},
""renderings"": {
""0"": [
{
""Format"": ""0.00"",
""Rendering"": ""0.00""
}
]
}
}";
LogMessage log = null;
using (var stream = new MemoryStream(Encoding.UTF8.GetBytes(json)))
log = client.Serializer.Deserialize<LogMessage>(stream);
// do something with log
}