Hello there,
we want to use the ECS log format for our new applications. We already use datastreams with index templates and predefined mappings and I was wondering if we need to write a new mapping for ECS or if there is an existing mapping for all ECS fields that can be used?
On the other hand: Is it even necessary to provide a mapping for ECS or does elasticsearch detect it "automagically" if there is a field with "ecs.version"?
Glad for any help or advice! Thanks!
We have mappings that can be used to dynamically map data to ECS. You would create an index template from it containing the mappings and then apply that to your data streams.
There has been some discussion of this but it hasn't happened yet. Optionally use ECS conventions for dynamic mappings · Issue #85692 · elastic/elasticsearch · GitHub
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.