I’m trying to setup Serilog in order to send logs from ASP.NET Core WebAPI to the local instance of Amazon OpenSearch. I See logs on the console, but nothing is displayed in OpenSearch.
Installed 3rd party libraries:
- Serilog.AspNetCore (6.0.0-dev-00265)
- Serilog.Enrichers.Environment (2.2.1-dev-00787)
- Serilog.Sinks.Elasticsearch (9.0.0-beta7)
OpenSearch run via Development Docker Compose (without security plugin):
Program.cs
var logger = new LoggerConfiguration()
.WriteTo.Console()
.WriteTo.Elasticsearch(new ElasticsearchSinkOptions(new Uri("http://localhost:9200"))
{
AutoRegisterTemplate = true,
MinimumLogEventLevel = LogEventLevel.Information,
FailureCallback = FailureCallback,
EmitEventFailure = EmitEventFailureHandling.RaiseCallback | EmitEventFailureHandling.ThrowException
})
.CreateLogger();
builder.Logging.ClearProviders();
builder.Logging.AddSerilog(logger);
Controller class:
_logger.LogWarning("Example warning");
_logger.LogError("Example error");
FailureCallback
is empty. OpenSearch console doesn’t show any issue.
What might be wrong?
2
Answers
I’ve tried your setup and here are some results (note using only stable versions of software):
Docker-compose used:
Program.cs
There are few things that should help with troubleshooting
Serilog.Debugging.SelfLog.Enable(msg => Console.WriteLine(msg));
– will show real error from Serilog (most likely you will see SSL)ServicePointManager.ServerCertificateValidationCallback = (source, certificate, chain, sslPolicyErrors) => true;
– stop any SSL issues for now (you can fix them later)The next thing I catch is issue with [_type] field that is generated by Serilog and is not accepted by Elastic > v8.2, this most likely will happen because your buffer keep old records.
While latest beta version of Serilog adopted to use TypeName="_doc", AWS opensearch 2.0.1 have another bug with "compatibility.override_main_response_version=true" setting (see details here)
https://github.com/opensearch-project/OpenSearch/pull/3530 – basically I would suggest to rollback AWS OpenSearch to v2.
Afterwards it hopefully should work 🙂
The issue for me was that I hadn’t provided the value for the IndexFormat Property (in the
ElasticSearchSinkOptions
object). I had instead put this in the endpoint, as you should do if you insert data through REST. All in all, the below code solved the issue for me:Of course, you also need to setup OpenSearch correctly such that it can autoapply policies to your index, etc.