ECS Fields

edit

Meta-information specific to ECS.

ECS Field Details

edit
Field Description Level

ecs.version

ECS version this event conforms to. ecs.version is a required field and must exist in all events.

When querying across multiple indices — which may conform to slightly different ECS versions — this field lets integrations adjust to the schema version of the events.

type: keyword

example: 1.0.0

core