Daily Elastic Observability B(y|i)te What is the Elastic Common Schema? David Pilato (@dadoonet)

ECS: Elastic Common Schema • ECS is an open source specification ‒ https://www.elastic.co/guide/en/ecs/current/index.html ‒ https://github.com/elastic/ecs

Why ECS?

Why ECS?

source.ip Source fields capture details about the sender of a network exchange/packet. These fields are populated from a network event, packet, or other event containing details of a network transaction. https://www.elastic.co/guide/en/ecs/current/ecs-source.html

host.ip A host is defined as a general computing instance. ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes. https://www.elastic.co/guide/en/ecs/current/ecs-host.html

Contributing https://github.com/elastic/ecs/blob/master/schemas/host.yml

In action

Elastic Common Schema security analytics metrics monitoring infra logging apm