理解ECS(Elastic Common Schema)

• Elastic Common Schema

  The Elastic Common Schema (ECS) is an open source specification, developed with support from the Elastic user community.

  ECS defines a common set of fields to be used when storing event data in Elasticsearch, such as logs and metrics. ECS specifies field names and Elasticsearch datatypes for each field, and provides descriptions and example usage.

  The goal of ECS is to enable and encourage users of Elasticsearch to normalize their event data, so that they can better analyze, visualze, and correlate the data represented in their events.

  ECS enables and encourages users to normalize event data in order to better analyze, visualize, and correlate their events. Collected events can be normalized at ingest time, consistently searched across indices, and visualized predictably.