Logging with Serilog, Elastic Stack, and Kibana

dazevedo

Daniel Azevedo

Posted on November 25, 2024

Logging with Serilog, Elastic Stack, and Kibana

Hi devs
As developers, we’ve all faced those moments when a bug surfaces, and we’re left sifting through vague error messages or outdated log files. This is where Serilog, the Elastic Stack, and Kibana come to the rescue, providing robust, real-time logging and monitoring solutions. In this post, I’ll break down what these tools are, how they complement each other, and why they should be part of your toolkit.


What is Serilog?

Serilog is a structured logging library for .NET that allows developers to log messages in a way that’s easy to query and analyze. Instead of treating logs as simple text files, Serilog logs are structured objects, which makes them more powerful when integrated with log storage and search solutions like Elastic Stack.

Key Features of Serilog:

  • Structured Logs: Log detailed data (e.g., JSON) instead of plain text.
  • Sink Flexibility: Log to multiple destinations such as files, databases, Elasticsearch, or even the console.
  • Easy Integration: Works seamlessly with .NET applications, including ASP.NET Core.

What is the Elastic Stack?

The Elastic Stack (formerly ELK Stack) consists of:

  1. Elasticsearch: A search engine to store and query logs.
  2. Logstash: A data processing pipeline to ingest logs from various sources.
  3. Kibana: A visualization tool to analyze and monitor your logs.

When combined with Serilog, the Elastic Stack becomes a powerful logging and monitoring solution, giving developers insights into application performance and error tracking in real-time.


The Role of Kibana

Kibana is the front-end of the Elastic Stack. It allows you to:

  • Visualize logs through intuitive dashboards.
  • Monitor trends with charts and graphs.
  • Query logs in real-time with flexible search options.
  • Set up alerts for anomalies or critical issues.

By using Kibana, developers and operations teams can quickly identify issues and gain insights to improve their systems.


How They Work Together

  1. Application Logs with Serilog:

    Use Serilog in your .NET application to generate structured logs.

  2. Forward Logs to ElasticSearch:

    Configure Serilog to send logs directly to Elasticsearch (Elastic Stack’s log storage engine).

  3. Visualize and Analyze in Kibana:

    Use Kibana to create dashboards, set up alerts, and drill into the logs for detailed insights.


Hands-On Example

Let’s see how to set up Serilog and integrate it with the Elastic Stack and Kibana.

Step 1: Install Serilog Packages

Install the required NuGet packages:

dotnet add package Serilog.AspNetCore  
dotnet add package Serilog.Sinks.Elasticsearch  
Enter fullscreen mode Exit fullscreen mode

Step 2: Configure Serilog

In your .NET Core application, configure Serilog to send logs to Elasticsearch:

using Serilog;  
using Serilog.Sinks.Elasticsearch;  

public class Program  
{  
    public static void Main(string[] args)  
    {  
        Log.Logger = new LoggerConfiguration()  
            .Enrich.FromLogContext()  
            .WriteTo.Console()  
            .WriteTo.Elasticsearch(new ElasticsearchSinkOptions(new Uri("http://localhost:9200"))  
            {  
                AutoRegisterTemplate = true,  
                IndexFormat = "myapp-logs-{0:yyyy.MM.dd}"  
            })  
            .CreateLogger();  

        try  
        {  
            Log.Information("Starting the application");  
            CreateHostBuilder(args).Build().Run();  
        }  
        catch (Exception ex)  
        {  
            Log.Fatal(ex, "Application start-up failed");  
        }  
        finally  
        {  
            Log.CloseAndFlush();  
        }  
    }  

    public static IHostBuilder CreateHostBuilder(string[] args) =>  
        Host.CreateDefaultBuilder(args)  
            .UseSerilog()  
            .ConfigureWebHostDefaults(webBuilder =>  
            {  
                webBuilder.UseStartup<Startup>();  
            });  
}  
Enter fullscreen mode Exit fullscreen mode

Step 3: Run Elasticsearch and Kibana

Start Elasticsearch and Kibana using Docker:

docker run -d --name elasticsearch -p 9200:9200 -e "discovery.type=single-node" elasticsearch:8.5.0  
docker run -d --name kibana -p 5601:5601 --link elasticsearch kibana:8.5.0  
Enter fullscreen mode Exit fullscreen mode

Step 4: Configure Kibana

  • Access Kibana at http://localhost:5601.
  • Navigate to the Index Management section to create an index pattern for myapp-logs-*.
  • Use the Discover tab to search and filter logs in real time.
  • Create visualizations in the Dashboard tab to monitor trends or key metrics.

Step 5: Explore Logs in Kibana

Once the logs start flowing into Elasticsearch, you can use Kibana to analyze them with filters, timelines, and visualizations. For example:

  • Debugging: Drill down into error logs to pinpoint issues.
  • Performance Metrics: Use dashboards to monitor request rates or response times.
  • Alerting: Set thresholds and receive alerts for critical log events.

Why Use Serilog with Elastic Stack and Kibana?

  1. Better Debugging: Understand what’s happening in your application with detailed, structured logs.
  2. Real-Time Monitoring: Use Kibana to track logs and metrics instantly.
  3. Scalability: Handle logs from multiple microservices seamlessly.
  4. Proactive Alerts: Avoid surprises by setting up alerts for anomalies or failures.

Wrapping Up

Combining Serilog, Elastic Stack, and Kibana is a game-changer for logging and monitoring in modern applications. This stack not only helps you track issues but also equips you with the insights needed to optimize your systems proactively.

Keep coding!

💖 💪 🙅 🚩
dazevedo
Daniel Azevedo

Posted on November 25, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related