使用NEST从elasticsearch查询现有索引

时间:2016-08-31 14:36:25

标签: kibana nest serilog elasticsearch-net

我们有一个带kibana的elasticsearch安装,我想知道我是否可以使用NEST编写查询来显示日志文件.Net程序?

我尝试创建一个简单的LogMessage POCO类来提取消息但没有成功。 

[ElasticsearchType(IdProperty = "Id")]
public class LogMessage
{
    public Guid? Id { get; set; }

    public Source Source { get; set; }
}

public class Source
{
    public String Message { get; set; }
}

搜索代码非常简单。

var local = new Uri("http://servername:9200");
var settings = new ConnectionSettings(local);
var elastic = new ElasticClient(settings);
var request = new SearchRequest
            {
                From = 0,
                Size = 10,
            };

var r = elastic.Search<LogMessage>(request);
  1. 我的LogMessage类应该是什么样的?

    2. kibana中的事件如下所示。我们使用serilog将消息记录到elasticsearch服务器

    {
  "_index": "oxyb-01-2016.08",
  "_type": "logevent",
  "_id": "AVbfrnje902hsaMqv0p2",
  "_score": 1,
  "_source": {
    "@timestamp": "2016-08-31T18:19:26.9228089+10:00",
    "level": "Debug",
    "messageTemplate": "Simple message",
    "message": "Simple message",
    "fields": {
      "Session": "AP2016831/08/2016 6:10:19 PM",
      "TX": "TX123-001 None",
      "ExecutionTime": 523792,
      "MethodTime": 109,
      "TransactionId": "6058862c-3f45-4956-8992-eb34eba0fa9b",
      "Workorder": "WoAP70906YY0831031604526",
    },
    "renderings": {
      "0": [
        {
          "Format": "0.00",
          "Rendering": "0.00"
        }
      ]
    }
  },
  "fields": {
    "@timestamp": [
      1472631566922
    ]
  }
}

1 个答案:

答案 0 :(得分:2)

源是响应中_source属性中的所有内容

  "_source": {
    "@timestamp": "2016-08-31T18:19:26.9228089+10:00",
    "level": "Debug",
    "messageTemplate": "Simple message",
    "message": "Simple message",
    "fields": {
      "Session": "AP2016831/08/2016 6:10:19 PM",
      "TX": "TX123-001 None",
      "ExecutionTime": 523792,
      "MethodTime": 109,
      "TransactionId": "6058862c-3f45-4956-8992-eb34eba0fa9b",
      "Workorder": "WoAP70906YY0831031604526",
    },
    "renderings": {
      "0": [
        {
          "Format": "0.00",
          "Rendering": "0.00"
        }
      ]
    }
  },

因此,您的LogMessage类型应具有每种类型的属性。看起来fields可以包含任意键吗?如果是这种情况,您可能希望将其映射为Dictionary<string, object>;如果不是这样,那么也将它映射为特定的POCO类型。在最简单的情况下,这样的映射将起作用

[ElasticsearchType(Name = "logevent")]
public class LogMessage
{
    [JsonProperty("@timestamp")]
    public DateTimeOffset Timestamp {get; set; }

    public string Level {get; set; }

    public string MessageTemplate {get; set; }

    public string Message {get; set; }

    public Dictionary<string, object> Fields {get; set; }

    public Dictionary<string, object[]> Renderings {get; set; }
}

我们可以通过以下

按预期测试它 
void Main()
{
    var client = new ElasticClient();

    var json = @"{
    ""@timestamp"": ""2016-08-31T18:19:26.9228089+10:00"",
    ""level"": ""Debug"",
    ""messageTemplate"": ""Simple message"",
    ""message"": ""Simple message"",
    ""fields"": {
      ""Session"": ""AP2016831/08/2016 6:10:19 PM"",
      ""TX"": ""TX123-001 None"",
      ""ExecutionTime"": 523792,
      ""MethodTime"": 109,
      ""TransactionId"": ""6058862c-3f45-4956-8992-eb34eba0fa9b"",
      ""Workorder"": ""WoAP70906YY0831031604526"",
    },
    ""renderings"": {
        ""0"": [
          {
          ""Format"": ""0.00"",
          ""Rendering"": ""0.00""
        }
      ]
    }
  }";

  LogMessage log = null;

  using (var stream = new MemoryStream(Encoding.UTF8.GetBytes(json)))
    log = client.Serializer.Deserialize<LogMessage>(stream);

  // do something with log
}
相关问题
最新问题