I am trying to get ElasticSearch configured correctly with ETW/Out-Of-Process logging. I have successfully installed the latest version of the Out-Of-Process logger and followed the steps outlined on the SLAB site.
My SemanticLogging-svc.xml looks like this:
<?xml version="1.0" encoding="utf-8" ?>
<configuration xmlns="http://schemas.microsoft.com/practices/2013/entlib/semanticlogging/etw"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://schemas.microsoft.com/practices/2013/entlib/semanticlogging/etw SemanticLogging-svc.xsd">
<!-- Optional settings for fine tuning performance and Trace Event Session identification-->
<traceEventService/>
<!-- Sinks reference definitons used by this host to listen ETW events -->
<sinks>
<elasticsearchSink instanceName="slabtest" connectionString="http://localhost:9200" name="out" index="outofprocessslab" type="test">
<sources>
<eventSource name="ServiceBaseEventSource" level="LogAlways"/>
</sources>
</elasticsearchSink>
<!-- The service identity should have security permissions to access the resource according to each event sink -->
<flatFileSink name="svcRuntime" fileName="SemanticLogging-svc.runtime.log" >
<sources>
<!-- The below settings shows a simple configuration sample for the buit-in non-transient fault tracing -->
<!-- Remove this eventSource if you'd like, and add your own configuration according to the documentation -->
<!-- The name attribute is from the EventSource.Name Property -->
<eventSource name="ServiceBaseEventSource" level="LogAlways"/>
</sources>
<!--[Add any built-in or custom formatter here if the sink supports text formatters]-->
<eventTextFormatter header="----------"/>
</flatFileSink>
<!--[Add any built-in or custom sink definition here]-->
</sinks>
</configuration>
However, when I attempt to start the service I get the following error message:
c:\slab-svc2\tools>SemanticLogging-svc.exe -c
Enterprise Library Semantic Logging Service v2.0.1406.1
Microsoft Enterprise Library
Microsoft Corporation
One or more errors occurred when loading the TraceEventService configuration file.
Configuration file: C:\Tools\slab-svc2\tools\SemanticLogging-svc.xml
The element 'sinks' has invalid child element 'elasticsearchSink'. List of possible elements expecte
d: 'flatFileSink, rollingFlatFileSink, windowsAzureTableSink, sqlDatabaseSink, consoleSink, customSi
nk' as well as any element in namespace '##other'.
Line number: 11, Line position: 7
I should also note that I have downloaded the FullScale180.SemanticLogging.Elasticsearch nuget package and placed it in the same directory as the executable. I came across a vague blog post saying that the ElasticSearch components of SLAB were now a community project which pointed me in that direction. But how do I configure this to work with the out of process service?
Thanks.
In case anybody is interested.... it seems SLAB Out-Of-Process Service 2.0 does not support ElasticSearch anymore. I solved this by rolling back to version 1.1.