IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Using ECS
editUsing ECS
editECS fields follow a series of guidelines, to ensure a consistent and predictable feel, across various use cases.
If you’re new to ECS and would like an introduction on implementing and using the schema, check out the Getting Started guide.
Whether you’re trying to recall a field name, implementing a solution that follows ECS, or proposing a change to the schema, the Guidelines and Best Practices and Conventions will help get you there.
If you’re wondering how to best capture event details that don’t map to existing ECS fields, head over to Custom Fields.
Mapping network events provides a detailed walk-through of how to best map and categorize an example network event to the schema.