Skip to content

ECS 1.0.0
Compare
Choose a tag to compare
@webmat webmat released this 06 Mar 16:12
· 28 commits to 1.0 since this release
v1.0.0
1d8756c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

ECS is turning 1.0.0!

We've clarified a few field descriptions and examples, based on your feedback and questions.

Breaking changes

  • Remove the user.group keyword field, introduced in #204. Instead,
    the group field set can be nested at user.group. #308

Bugfixes

  • Field set name "group" was being used as a leaf field at user.group, instead
    of being a nesting of the field set. This goes against a driving principle of ECS,
    and has been corrected. #308
  • Replaced incorrect examples in cloud.provider. #330, #348
  • Changed the url.port type to long. #339

Added

  • Added pointer in description of http field set to url field set. #330
  • Added an optional short field description. #330

Improvements

  • Clarified the definition of the host fields #325
  • Clarified the difference between @timestamp and event.created. #329
  • Make phrasing of lowercasing directive more relevant, no matter where it's shown. #332
  • Specify the object_type for field labels. #331
  • Loosen up definition of geo field set. Not necessarily geo-ip based, since geo.name. #333
  • Clarified guidelines on ID fields. #349
Assets 2
Loading