Introducing the Elastic Common Schema
Whether you’re conducting security analytics, operations analytics, or a different use case altogether, you likely perform centralized analysis of data from diverse sources. Wouldn’t it be useful if you could apply a common data model to all that data to simplify the cross-source analysis and correlation? Say hello to the Elastic Common Schema!
The Elastic Common Schema (ECS) defines a common set of fields and naming guidelines for ingesting data into Elasticsearch, helping you correlate data from diverse vendors and technologies (e.g., Apache web logs, Cisco NetFlow, Tanium endpoint events). Whether you’re searching your data, exploring it with Kibana, configuring a machine learning job, or configuring an alert, ECS will enhance your productivity and power.
This webinar will include:
- An overview of ECS and its benefits
- A demo for implementing ECS
- Best practices for using ECS for your data
- View the ECS GitHub repository to find a list of standard fields, a contribution guide, and more
Mike joined Elastic in 2016 from Prelert, where he'd been VP of Products for Prelert's machine learning technology. Mike's focus at Elastic is to help users and customers succeed with security-related applications of the Elastic Stack. Starting his career as an ASIC designer, Mike has led the development of SIEM, network IPS, DDoS Defense, and network monitoring solutions. Mike is a co-author of a patent on DDoS protection.
Developer in the Logstash Integrations team. I've been programming for about 25 years, but people tell me I look young, so I don't mind too much. Proud father of a pirate and a princess. Dad jokes and puns aficionado.
Nicolas Ruflin is a software engineer on the Observability team. He is passionate about automating everything through software and embraces the constancy of change in the field. When not pondering engineering problems, he enjoys doing all kinds of sports, particularly handball.