Elastic common schema (ECS) in an increasingly common way to represented indexed data.
Logstash has started the process for first class support via the grok filter and a ecs_compatiblity flag. The implementation is still a work in progress and the primary branch is here.
Elasticsearch ingest grok processor should also provide ECS compatible / better support for ECS data formats. For example: This diff illustrates the potential differences.
Elastic common schema (ECS) in an increasingly common way to represented indexed data.
Logstash has started the process for first class support via the grok filter and a
ecs_compatiblityflag. The implementation is still a work in progress and the primary branch is here.Elasticsearch ingest grok processor should also provide ECS compatible / better support for ECS data formats. For example: This diff illustrates the potential differences.