How to add @timestamp field to Audit.Net event before sending into ElasticSearch

Question

I am using Audit.Net with ElasticSearch DataProvider to store API logs into an Elastic index.

And I need to implement Elastic search ILM on that index, but to do this a "@timestamp" field need to be set in the root of the document that elastic index receives.

So how can I edit the Event data to add this "@timestamp" field before sending data from my application api logs to ElasticSearch?

score 0 · Answer 1 · answered Sep 30 '22 at 05:29

Didn't tested this, but you could try setting a Custom Field on a Custom Action, for example:

Audit.Core.Configuration.AddCustomAction(ActionType.OnScopeCreated, scope =>
{
    scope.SetCustomField("@timestamp", DateTime.UtcNow);
});

That should be serialized as a field on the root object.

How to add @timestamp field to Audit.Net event before sending into ElasticSearch

1 Answers1