Skip to content

ECS 1.0.0-beta2

Pre-release
Pre-release
Compare
Choose a tag to compare
@ruflin ruflin released this 11 Dec 19:06
13b6d29

This is the second 1.0.0 pre-release of ECS. From 1.0.0-beta2 to 1.0.0 GA, no further breaking changes and no additions or new fields are planned. All new contributions must go into the master branch.

Breaking changes

  • Changed device.* fields to observer.* fields to eliminate user confusion. #238
  • Rename network.total.bytes to network.bytes and network.total.packets
    to network.packets. #179
  • Remove network.inbound.bytes, network.inbound.packets,
    network.outbound.bytes and network.outbound.packets. #179
  • Changed the event.type definition to be only reserved. #242

Bugfixes

  • Fix obvious mistake in the definition of "source", where it said "destination"
    instead of "source". #211

Added

  • Add host.name field and clarify usage of host.hostname. #187
  • Add event.start and event.end date fields. #185
  • Add process.thread.id field. #200
  • Add host.name field and clarify usage of host.hostname.
  • Add event.start and event.end date fields.
  • Create new related field set with related.ip. #206
  • Add user.group field. #204
  • Create new group field set with group.id and group.name. #203
  • Add url.full field. #207
  • Add process.executable field. #209
  • Add process.working_directory and process.start. #215
  • Reintroduce http. #237
    • Move http.response.body to http.response.body.content. #239
    • Add http.request.body.content. #239
    • Add HTTP size metric fields. #239
  • Add user.full_name field. #201
  • Add network.community_id field. #208
  • Add fields geo.country_name and geo.region_iso_code. #214
  • Add event.kind and event.outcome. #242
  • Add client and server objects and fields. #236
  • Reintroduce a streamlined user_agent field set. #240, #262
  • Add geo.name for ad hoc location names. #248
  • Add event.timezone to allow for proper interpretation of incomplete timestamps. #258
  • Add fields source.address, destination.address, client.address, and
    server.address. #247
  • Add os.full to capture full OS name, including version. #259

Improvements

  • Improved the definition of the file fields #196
  • Improved the definition of the agent fields #192
  • Improve definition of events, logs, and metrics in event section #194
  • Improved the definition of network fields in intro section #197
  • Improved the definition of host fields #195
  • Improved the definitions for event.category and event.action. #242
  • Clarify the semantics of network.direction. #212
  • Add source.bytes, source.packets, destination.bytes and destination.packets. #179
  • Add a readme section to declare some top level field sets are reserved for
    future use. #257
  • Clarify that network.transport, network.type, network.application,
    and network.protocol must be lowercase. #251
  • Clarify that http.request.method must be lowercase. #251
  • Clarify that source/destination should be filled, even if client/server is
    being used. #265