Fields reference

edit

This section lists Elastic Common Schema (ECS) fields the Logs and Infrastructure apps use to display data.

ECS is an open source specification that defines a standard set of fields to use when storing event data in Elasticsearch, such as logs and metrics.

Beat modules (for example, Filebeat modules) are ECS-compliant, so manual field mapping is not required, and all data is populated automatically in the Logs and Infrastructure apps. If you cannot use Beats, map your data to ECS fields (see how to map data to ECS). You can also try using the experimental ECS Mapper tool.