Whether you’re into security analytics, operations analytics, APM, or a different use case altogether, you know that efficient and effective centralized analysis of data from diverse sources requires a common data model to simplify cross-source analysis and correlation.
The Elastic Common Schema (ECS) is an open source specification, developed with support from the Elastic user community. ECS defines a common set of fields to be used when storing event data in Elasticsearch, such as logs and metrics.
You’ve heard about ECS and decided that it makes sense to adopt it. Great! So what’s next? You’re probably wondering how to get your new events transformed into ECS format. You also may want to know what to do with events that have already been indexed in Elasticsearch, but not in ECS format. In this video, we’ll cover all these topics and more.
- A brief review of ECS concepts and field sets
- Migrating Beats-generated events to ECS
- Migrating events generated by other data sources to ECS
- Slides for this webinar
- Watch our Introducing the Elastic Common Schema video
- Read our Introducing the Elastic Common Schema blog
- Read the ECS reference documentation
- Check out the ECS GitHub repository to dig into schema details, ask a question, or even join the community by reading the contribution guide
Lead Developer of ECS
Director of Product, Security Market