使用NEST從elasticsearch查詢現有的索引

Question

我們有一個與kibana的elasticsearch安裝，我想知道如果我可以使用NEST寫一個查詢來顯示一個.Net程序的日誌文件嗎？

我已經嘗試創建一個簡單的LogMessage POCO類來提取消息，但沒有成功。

[ElasticsearchType(IdProperty = "Id")] 
public class LogMessage 
{ 
    public Guid? Id { get; set; } 

    public Source Source { get; set; } 
} 

public class Source 
{ 
    public String Message { get; set; } 
} 

該搜索代碼非常簡單。

var local = new Uri("http://servername:9200"); 
var settings = new ConnectionSettings(local); 
var elastic = new ElasticClient(settings); 
var request = new SearchRequest 
      { 
       From = 0, 
       Size = 10, 
      }; 

var r = elastic.Search<LogMessage>(request); 

1. 應該我LogMessage類是什麼樣的？

在kibana中的事件如下所示。我們使用serilog將消息記錄到elasticsearch服務器

{ 
    "_index": "oxyb-01-2016.08", 
    "_type": "logevent", 
    "_id": "AVbfrnje902hsaMqv0p2", 
    "_score": 1, 
    "_source": { 
    "@timestamp": "2016-08-31T18:19:26.9228089+10:00", 
    "level": "Debug", 
    "messageTemplate": "Simple message", 
    "message": "Simple message", 
    "fields": { 
     "Session": "AP2016831/08/2016 6:10:19 PM", 
     "TX": "TX123-001 None", 
     "ExecutionTime": 523792, 
     "MethodTime": 109, 
     "TransactionId": "6058862c-3f45-4956-8992-eb34eba0fa9b", 
     "Workorder": "WoAP70906YY0831031604526", 
    }, 
    "renderings": { 
     "0": [ 
     { 
      "Format": "0.00", 
      "Rendering": "0.00" 
     } 
     ] 
    } 
    }, 
    "fields": { 
    "@timestamp": [ 
     1472631566922 
    ] 
    } 
} 

Answer 1

來源是在響應

"_source": { 
    "@timestamp": "2016-08-31T18:19:26.9228089+10:00", 
    "level": "Debug", 
    "messageTemplate": "Simple message", 
    "message": "Simple message", 
    "fields": { 
     "Session": "AP2016831/08/2016 6:10:19 PM", 
     "TX": "TX123-001 None", 
     "ExecutionTime": 523792, 
     "MethodTime": 109, 
     "TransactionId": "6058862c-3f45-4956-8992-eb34eba0fa9b", 
     "Workorder": "WoAP70906YY0831031604526", 
    }, 
    "renderings": { 
     "0": [ 
     { 
      "Format": "0.00", 
      "Rendering": "0.00" 
     } 
     ] 
    } 
    }, 

的_source物業內的一切讓你LogMessage類型應爲每個的這些屬性。它看起來像fields可以包含任意鍵？如果是這樣的話，你可能想把它映射爲Dictionary<string, object>;如果情況並非如此，則將其映射爲特定的POCO類型。在最簡單的情況下，像這樣的一個映射將工作

[ElasticsearchType(Name = "logevent")] 
public class LogMessage 
{ 
    [JsonProperty("@timestamp")] 
    public DateTimeOffset Timestamp {get; set; } 

    public string Level {get; set; } 

    public string MessageTemplate {get; set; } 

    public string Message {get; set; } 

    public Dictionary<string, object> Fields {get; set; } 

    public Dictionary<string, object[]> Renderings {get; set; } 
} 

我們可以測試這個作品具有下列

void Main() 
{ 
    var client = new ElasticClient(); 

    var json = @"{ 
    ""@timestamp"": ""2016-08-31T18:19:26.9228089+10:00"", 
    ""level"": ""Debug"", 
    ""messageTemplate"": ""Simple message"", 
    ""message"": ""Simple message"", 
    ""fields"": { 
     ""Session"": ""AP2016831/08/2016 6:10:19 PM"", 
     ""TX"": ""TX123-001 None"", 
     ""ExecutionTime"": 523792, 
     ""MethodTime"": 109, 
     ""TransactionId"": ""6058862c-3f45-4956-8992-eb34eba0fa9b"", 
     ""Workorder"": ""WoAP70906YY0831031604526"", 
    }, 
    ""renderings"": { 
     ""0"": [ 
      { 
      ""Format"": ""0.00"", 
      ""Rendering"": ""0.00"" 
     } 
     ] 
    } 
    }"; 

    LogMessage log = null; 

    using (var stream = new MemoryStream(Encoding.UTF8.GetBytes(json))) 
    log = client.Serializer.Deserialize<LogMessage>(stream); 

    // do something with log 
} 

預期