Get Startededit

Step 1: Configure application loggingedit

The following logging frameworks are supported:

  • Serilog
  • NLog

Add the dependencyedit

The following target frameworks are supported

Name Target Framework Moniker (TFM)

.NET Framework 4.6.1

net461

.NET Standard 2.0

netstandard2.0

.NET Standard 2.1

netstandard2.1

The minimum required Serilog version is 2.9.0.

Add a dependency to your application project file:

<Project Sdk="Microsoft.NET.Sdk">
    <!-- other details excluded for brevity... -->
    <ItemGroup>
        <PackageReference Include="Elastic.CommonSchema.Serilog" Version="${ecs-logging-dotnet.version}" />
    </ItemGroup>
</Project>

or install with the .NET CLI

dotnet add package Elastic.CommonSchema.Serilog --version ${ecs-logging-dotnet.version}

or nuget CLI

Install-Package Elastic.CommonSchema.Serilog -Version ${ecs-logging-dotnet.version}

Use the ECS integrationedit

Serilog Text Formatter

EcsTextFormatter is an ITextFormatter implementation in Elastic.CommonSchema.Serilog that formats Serilog events into a JSON representation that adheres to the Elastic Common Schema specification.

It can be configured in conjunction with a Serilog Sink. To configure with the file sink for example, first install Serilog.Sinks.File nuget package

Install-Package Serilog.Sinks.File

Then configure the file sink to use EcsTextFormatter:

var logger = new LoggerConfiguration()
    .WriteTo.File(new EcsTextFormatter(), "/path/to/log.txt")
    .CreateLogger();

Now, when logging events

logger.Information("Checkout contains {ItemCount} items", 12); 

log a message with the information level

Each Serilog log event will be formatted as single line JSON in the file /path/to/log.txt.

Step 2: Enable APM log correlation (optional)edit

If you are using the Elastic APM .NET agent, log correlation can be configured to inject trace id fields into log events.

Step 3: Configure Filebeatedit

  1. Follow the Filebeat quick start
  2. Add the following configuration to your filebeat.yaml file.

filebeat.yaml.

filebeat.inputs:
- type: log
  paths: /path/to/logs.json
  json.keys_under_root: true
  json.overwrite_keys: true
  json.add_error_key: true
  json.expand_keys: true

For more information, see the Filebeat reference.