- Elastic Common Schema (ECS) Reference: other versions:
- Overview
- Using ECS
- ECS Field Reference
- Base Fields
- Agent Fields
- Autonomous System Fields
- Client Fields
- Cloud Fields
- Container Fields
- Destination Fields
- DNS Fields
- ECS Fields
- Error Fields
- Event Fields
- File Fields
- Geo Fields
- Group Fields
- Hash Fields
- Host Fields
- HTTP Fields
- Log Fields
- Network Fields
- Observer Fields
- Organization Fields
- Operating System Fields
- Process Fields
- Related Fields
- Server Fields
- Service Fields
- Source Fields
- Tracing Fields
- URL Fields
- User Fields
- User agent Fields
- Migrating to ECS
- Additional Information
Base Fields
editBase Fields
editThe base field set contains all fields which are on the top level. These fields are common across all types of events.
Base Field Details
edit| Field | Description | Level |
|---|---|---|
@timestamp |
Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. type: date example: |
core |
labels |
Custom key/value pairs. Can be used to add meta information to events. Should not contain nested objects. All values are stored as keyword. Example: type: object example: |
core |
message |
For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. type: text example: |
core |
tags |
List of keywords used to tag each event. type: keyword example: |
core |
On this page