The Elastic Common Schema (ECS) defines a common set of fields for ingesting data into Elasticsearch. A common schema helps you correlate data from sources like logs and metrics or IT operations analytics and security analytics.
This repositroy conatins some modifications as opposed to the original repo. This includes sections in the generator scripts which generate OpenSearch compatible index templates. Due to some differences in the APIs and available field types within OpenSearch, I adopted the build process to handle the differences and do some conversions. This makes it possible to get some future schema updates from the repo easily.
Changes in field types:
| ECS => Elasticsearch | Opensearch |
|---|---|
| constant_keyword | keyword |
| wildcard | keyword |
| flattened | object |
| version | keyword |
These changes will lead to some differences in performance and search options.
The ECS reference is published on the main Elastic documentation website. Visit the official ECS Reference Documentation.
Please review the tooling usage guide to get started using the tools provided in this repo.
If you're looking to contribute to ECS, you're invited to look at our contribution guide. Substantial changes to ECS are completed through our RFC process.
Various kinds of files or programs can be generated based on ECS. You can learn more in generated/README.md
The main branch of this repository should never be considered an official release of ECS. You can browse official releases of ECS here.
The ECS team publishes improvements to the schema by following Semantic Versioning. Generally major ECS releases are planned to be aligned with major Elastic Stack releases.
This software is licensed under the Apache License, version 2 ("ALv2"), quoted below.
Copyright 2018-2021 Elasticsearch https://www.elastic.co
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.