Using ECS

edit

ECS fields follow a series of guidelines, to ensure a consistent and predictable feel, across various use cases.

If you’re new to ECS and would like an introduction on implementing and using the schema, check out the Getting Started guide.

Whether you’re trying to recall a field name, implementing a solution that follows ECS, or proposing a change to the schema, the Guidelines and Best Practices and Conventions will help get you there.

If you’re wondering how to best capture event details that don’t map to existing ECS fields, head over to Custom Fields.

Mapping network events provides a detailed walk-through of how to best map and categorize an example network event to the schema.