The Elastic Common Schema (ECS) defines a common set of fields for ingesting data into Elasticsearch. A common schema helps you correlate data from sources like logs and metrics or IT operations analytics and security analytics.
The ECS reference is published on the main Elastic documentation website. Visit the official ECS Reference Documentation.
Please review the tooling usage guide to get started using the tools provided in this repo.
If you're looking to contribute to ECS, you're invited to look at our contribution guide. Substantial changes to ECS are completed through our RFC process.
Various kinds of files or programs can be generated based on ECS. You can learn more in generated/README.md
The main branch of this repository should never be considered an official release of ECS. You can browse official releases of ECS here.
The ECS team publishes improvements to the schema by following Semantic Versioning. Generally major ECS releases are planned to be aligned with major Elastic Stack releases.
This software is licensed under the Apache License, version 2 ("ALv2"), quoted below.
Copyright 2018-2021 Elasticsearch https://www.elastic.co
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.