Email fields in ECS 1.5

I have some email fields that i'm indexing. My problem is, fields like CC, Subject ...; don't seem to fit in ECS (Elastic Common Schema).

Is ELK team willing to add these fiels in next ECS versions ? or should I use custom fields to achieve my goal.

Thank you in advance for your answer.

I believe you'd like something like this?

1 Like

Hi @sidahmed - welcome to the community!

You are correct that as of ECS 1.5.0 there are no field sets defined specific to email. Please free to add any suggestions or use case details to the ongoing GitHub discussion @dadoonet linked above.

You're welcome to add custom fields to your events to suit your needs. It is also welcome to nest existing ECS fields within your custom fields to give your events the same consistency and feel as the rest of ECS.

1 Like

Thank you for both your answers. I'll take a look at your suggestions.