Elastic Common Schema: How to Migrate Your Data

Mathieu Martin

Senior Software Engineer

Elastic

Mike Paquette

Security 产品管理高级总监

Elastic

Whether you’re into security analytics, operations analytics, APM, or a different use case altogether, you know that efficient and effective centralized analysis of data from diverse sources requires a common data model to simplify cross-source analysis and correlation.

The Elastic Common Schema (ECS) is an open source specification, developed with support from the Elastic user community. ECS defines a common set of fields to be used when storing event data in Elasticsearch, such as logs and metrics.

You’ve heard about ECS and decided that it makes sense to adopt it. Great! So what’s next? You’re probably wondering how to get your new events transformed into ECS format. You also may want to know what to do with events that have already been indexed in Elasticsearch, but not in ECS format. In this video, we’ll cover all these topics and more.

Highlights:

• A brief review of ECS concepts and field sets
• Migrating Beats-generated events to ECS
• Migrating events generated by other data sources to ECS

Additional Resources:

• Slides for this webinar
• Watch our Introducing the Elastic Common Schema video
• Read our Introducing the Elastic Common Schema blog
• Read the ECS reference documentation
• Check out the ECS GitHub repository to dig into schema details, ask a question, or even join the community by reading the contribution guide