Elastic has released version 1.0 of its Elastic Common Schema (ECS) specification. Initially announced in February, ECS is an open-source specification that “provides a consistent and customizable way for users to structure their event data in Elasticsearch.”
ECS will enable data scientists to seamlessly analyze data from various sources. “ECS is designed to support uniform data modeling, enabling you to centrally analyze data from diverse sources with both interactive and automated techniques,” Elastic wrote in a post.
“As our users continue to store new and more diverse data in Elasticsearch, such as logs, metrics, and security events from cloud resources, hosts, services, and network devices, the ability to ask questions that span across these sources becomes even more important,” said Shay Banon, founder and CEO at Elastic. “The Elastic Common Schema provides a shared language for our community of users to understand their data, collaborate to develop resources across the Stack, and more quickly drill down to identify a potential attacker or determine the root cause of an operational issue.”
According to Elastic, ECS supports use cases such as logging, security analytics, and application performance monitoring. Once adopted, ECS users will be able to “more easily visualize, search, drill down, and pivot through their data.” It will also simplify the process of implementing automated analysis methods, such as anomaly detection and alerting.
In addition, ECS will simplify the process of creating new searching and dashboards. Every time a data source with a new format is added, users will be able to keep leveraging their existing searches and dashboards, the company explained.