Elastic Introduces Elastic Common Schema (ECS) to Enable Uniform Data Modeling

Simplifies Search and Analytics Across Diverse Data Sources
2 April 2019

Contact information

Deborah Wiltshire

Elastic Corporate Communications

Mountain View, Calif. - 2 April 2019 -

Elastic N.V. (NYSE: ESTC), the company behind Elasticsearch and the Elastic Stack, announced the general availability of version 1.0 of the Elastic Common Schema (ECS), an open source specification developed with support from the Elastic user community that provides a consistent and customizable way for users to structure their event data in Elasticsearch. ECS facilitates the unified analysis of data from diverse sources so that content such as dashboards and machine learning jobs can be applied more broadly, searches can be crafted more efficiently, and field names can be recalled by analysts more easily.

"As our users continue to store new and more diverse data in Elasticsearch, such as logs, metrics, and security events from cloud resources, hosts, services, and network devices, the ability to ask questions that span across these sources becomes even more important," said Shay Banon, founder and CEO of Elastic. "The Elastic Common Schema provides a shared language for our community of users to understand their data, collaborate to develop resources across the Stack, and more quickly drill down to identify a potential attacker or determine the root cause of an operational issue."

Implementing ECS simplifies the analysis of disparate data sources, supporting a wide range of use cases, including logging, security analytics, and application performance monitoring. When fully adopted, ECS helps users to more easily visualize, search, drill down, and pivot through their data. ECS also streamlines the implementation of automated analysis methods, including machine learning-based anomaly detection and alerting.

ECS also streamlines the development of analytics content. Instead of creating new searches and dashboards each time an organization adds a data source with a new format, users can continue leveraging ECS-aware searches and dashboards. ECS also makes it far easier for organizations to directly adopt analytics content from other parties that use ECS, whether Elastic, a partner, or an open source project.

Kibana dashboard enabled by ECS that visualizes multiple sources of network data

"Corelight's goal is to provide organizations access to key data, particularly for network traffic monitoring, which is fundamental to enterprise security," said Allen Male, Director of Strategic Alliances and Partners for Corelight. "Upon learning about the new Elastic Common Schema, we appreciated its power and began working to support it. These joint efforts help customers make use of enhanced capabilities that reduce their security risk without additional analyst effort."

"I think ECS is really great for analysts who need to build a cohesive story across many different sources," said Bradford Dabbs, Solutions Engineer at Perched. "It gives users who are just getting started exploring a new data set a baseline for where to start. They may not know much about their data yet, but if they align with ECS as they start extracting fields, it will save them a lot of headaches when it comes time to use the data."

"ECS helps our team know what everything means," said Tomas Chytil, Product Manager at Tieto. "Reducing this complexity should improve both the productivity of our developers and the focus of our end-users."

Learn More

About Elastic

Elastic is a search company. As the creators of the Elastic Stack (Elasticsearch, Kibana, Beats, and Logstash), Elastic builds self-managed and SaaS offerings that make data usable in real time and at scale for search, logging, security, and analytics use cases.

Elastic and associated marks are trademarks or registered trademarks of Elastic N.V. and its subsidiaries. All other company and product names may be trademarks of their respective owners.