Observability and security solutions can now leverage a consistently defined data schema for automation of data correlation and analysis. Operations now spends more time understanding the issue, finding root cause, and optimizing operations versus spending time on unnecessary data transformations.

What is Elastic Common Schema (ECS)?

Elastic Common Schema (ECS), an open source (Apache 2.0) specification, is developed with support from the Elastic user community to define a common set of fields to be used when storing event data in Elasticsearch. The goal of ECS is to enable and encourage users of Elasticsearch to normalize their event data, so that they can better analyze, visualize, and correlate the data represented in their events. ECS is the foundation of Elastic Observability and Security solutions and is a proven and widely adopted schema that has evolved and grown over the years since its inception in 2019.

What are OpenTelemetry and OpenTelemetry Semantic Conventions?

OpenTelemetry (OTel) is an open source project providing a collection of specifications, tools, APIs, and SDKs that can be used to generate, collect, process, and export telemetry data (metrics, logs, and traces) to understand software performance and behavior. It has become the second highest velocity project in the CNCF ecosystem.

OpenTelemetry’s Semantic Conventions (SemConv) specify common names for different kinds of operations and data. The benefit of using OpenTelemetry’s SemConv is in following a common naming scheme that can be standardized across a codebase, libraries, and platforms for OTel end users. Additionally, another big benefit is the decoupling of vendor-specific semantics. Thus with OpenTelemetry’s SemConv, data users resolve the vendor lock-in of their data. So, they can easily move between observability solutions (and security solutions with the ECS contribution) without the need to adapt their data collection.

How does the ECS contribution help OpenTelemetry?

OpenTelemetry’s greatest need is to accelerate the definition of schema for describing log and security events. Contributors to ECS have already defined a unified and well-accepted set of logging semantic conventions, which can be adopted in OTel. ECS is widely used to structure logs consumed in observability and security use cases.

The combination will accelerate the integration of vendor-created logging and OTel component logs (for example, OTel Collector Logs Receivers and Processors). The goal is to define vendor-agnostic semantic conventions for the most popular types of systems and support vendor-created or open source components (for example, HTTP access logs, network logs, system access/authentication logs) extending OTel correlation to these new signals. Users will also benefit from using turnkey log integrations that will be fully recognized by OTel-compatible observability and security products and services.

The maturity of ECS for Security is a great opportunity to improve the utility of data collected with OpenTelemetry for security use cases. Incorporating ECS will enable OTel producers to structure security events.

Will there be any changes to the licensing for ECS?

There will not be any changes to ECS licensing. ECS is Apache 2.0 licensed, as is OpenTelemetry.

Does Elastic support OpenTelemetry today?

Elastic supports OTel natively. Elastic users can send OTel data directly from applications or through the OTel collector into Elastic APM, which processes both OTel SemConv and ECS. With this native OTel support, all Elastic APM capabilities are available with OTel. See Elastic documentation to learn more about OTel integration.

Enterprise Search

Observability

Security

Elastic Cloud

Elastic (ELK) Stack

Elastic 8.8 released

Upgrade the Elastic Stack

Documentation

We're hiring

Power of Elastic

Improving digital customer experiences

Evolving the DevOps lifecycle

Security without limits

Public Sector

Financial Services

Telecommunications

Healthcare

Technology

Retail and Ecommerce

Media and Entertainment

Manufacturing and Automotive

Leveraging observability

Enterprise Search

Observability

Security

Getting started

Support

Contact us

Jaguar Land Rover

Emirates NBD

Zurich Insurance

Documentation

Blogs

Training

Events

Community

Consulting

Driving quantified success with Elastic Enterprise Search

Get started with Elasticsearch

Observability Engineer training

About

Careers

Press

Partners

Investor Relations

Elastic Excellence Awards

Why now is the time to move critical databases to the cloud

Enterprise Search

Observability

Security

Elastic Cloud

Elastic (ELK) Stack

Elastic 8.8 released

Upgrade the Elastic Stack

Documentation

We're hiring

Power of Elastic

Improving digital customer experiences

Evolving the DevOps lifecycle

Security without limits

Public Sector

Financial Services

Telecommunications

Healthcare

Technology

Retail and Ecommerce

Media and Entertainment

Manufacturing and Automotive

Enterprise Search

Observability

Security

Getting started

Support

Contact us

Jaguar Land Rover

Emirates NBD

Zurich Insurance

Documentation

Blogs

Training