How to integrate elk with log4.net and mssql

1. I want to integrate log4.net with elk, such that the data from log4.net can be displayed on the kibana.
   How can we do? what should installed on the clients?
2. I want to send the MS SQL data to elk, how can we send the data and displayed on the kibana?

Can you suggest me what to install on the clients and what configs should be done

1. Logstash has numerous input plugins that are capable of receiving events over the network via various protocols. For example, I'm sure there are appenders (or whatever they're called in log4net) for sending via TCP or UDP. Alternatively, have log4net write logs to a local file and use Filebeat to ship the contents of that file. More reliable but also more infrastructure to deal with.
2. You mean you want to index the actual data in the MS SQL database? Have a look at the jdbc input plugin.

We recently converted our log4net (and elmah) logging from MSSQL to elastic. This library made the process very simple: https://github.com/urielha/log4stash. It can write to elastic directly or to logstash via the es_bulk input with very minimal changes to your log4net.config. https://github.com/jptoto/log4net.ElasticSearch is a similar library we looked at, but not the one we used.

Hi Stephen - you mentioned being able to send to logstash using the es_bulk input? Can you give me more info on that? I cant seem to find any reference to it on the net but would prefer to send my log4stash logs to logstash first.

Thanks

With the log4stash library we just had to add an elasticsearch appender block to our log4net.config. Something like below where the LOGSTASH_END_POINT is the host or load balancer for you logstash instances.

<appender name="ElasticSearchAppender" type="log4net.ElasticSearch.ElasticSearchAppender, log4stash">
<threshold value="ERROR"/>
<Server>LOGSTASH_END_POINT</Server>
<Port>8080</Port>
<Bulksize>100</Bulksize>
<ElasticFilters>
  <Add>
    <Key>indexname</Key>
    <Value>INDEX_NAME</Value>
  </Add>
  <kv />
</ElasticFilters>