Skip to content

ECS grok patterns for ingest node grok processor #66528

Closed
#76885
Closed
ECS grok patterns for ingest node grok processor#66528
#76885
Assignees
danhermann
Labels
:Distributed/Ingest NodeExecution or management of Ingest Pipelines>enhancementTeam:Data Management (obsolete)DO NOT USE. This team no longer exists.
@jakelandis

Description

@jakelandis
jakelandis
opened on Dec 17, 2020

Elastic common schema (ECS) in an increasingly common way to represented indexed data.

Logstash has started the process for first class support via the grok filter and a ecs_compatiblity flag. The implementation is still a work in progress and the primary branch is here.

Elasticsearch ingest grok processor should also provide ECS compatible / better support for ECS data formats. For example: This diff illustrates the potential differences.

Metadata

Metadata

Assignees

Labels

:Distributed/Ingest NodeExecution or management of Ingest Pipelines>enhancementTeam:Data Management (obsolete)DO NOT USE. This team no longer exists.

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions