将所有内容记录到事件查看器的不良做法?
我搜索了这个并找不到答案。事件查看器可以保存多少个条目?
我正在尝试记录其余请求的发起,因为我有多个调用单个 api 的应用程序。我想使用 Serilog 在事件查看器中记录所有这些请求。
在生产中,我将能够在 Splunk 中提取这些统计数据。
将数百万个条目记录到事件查看器是一种不好的做法吗?实际上,我们每天可以有多达 200 万个来自不同来源的对该 Net WebAPi 的调用。
我想走数据库路线来记录这些信息,但我的数据库管理员说不行。无法从文件中提取此内容,因此这是不可能的。
Log.Logger = new LoggerConfiguration()
.WriteTo.EventLog("Sample App", manageEventSource: true)
.CreateLogger();
Log.Information("Hello, Windows Event Log!");
Log.CloseAndFlush();
private void CallApi()
{
Log.Information("Request originated from " + System.Environment.MachineName);
//Call Web Api below
}
I searched this and couldn't find an answer. How many entries can the event viewer hold?
I am trying to log the origination of a rest request as I have multiple applications that call a single api. I want to log all of these requests in the event viewer using Serilog.
In production I will be able to pull these stats in Splunk.
Is this bad practice to log millions of entries to the Event Viewer? We literally can have up to 2million calls perday from different sources to this Net WebAPi.
I wanted to go the db route to log this information but my db admin said no way. There is no way to pull this from files so that is out of the equation.
Log.Logger = new LoggerConfiguration()
.WriteTo.EventLog("Sample App", manageEventSource: true)
.CreateLogger();
Log.Information("Hello, Windows Event Log!");
Log.CloseAndFlush();
private void CallApi()
{
Log.Information("Request originated from " + System.Environment.MachineName);
//Call Web Api below
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我不鼓励客户通过 Windows 事件查看器传递 Splunk 日志。这主要是因为上下文经常丢失。更不用说 MS 为每个事件添加的额外开销,Splunk 必须存储或删除这些额外开销(额外的美元或时间)。
事件通常以 wineventlog:application 的形式进入 Splunk,这很好,但如果您有多个应用程序怎么办?您(可能)不希望它们全部以相同的方式处理,因此应该以保留原始信息的方式摄取它们。
将数据发送到 Splunk 的更好方法:
I discourage my customers from passing Splunk logs through the Windows event viewer. That's primarily because context often is lost. That's not to mention the extra overhead MS adds to each event, which Splunk will have to store or remove (extra $ or time).
Events typically come in to Splunk as wineventlog:application, which is fine, but what if you have multiple applications? You (probably) don't want them all processed the same way so they should be ingested in a way that preserves the original information.
Better ways to send data to Splunk: