@kvch: thank you so much for responding! for 3, in the libbeat fields.yml example that you linked to, you'll see this at the top level of the fields.yml file:
- key: ecs
description: ECS Fields.
description for? What impact do these values have on either (1) my filebeat configuration or (2) the setup of the elasticsearch index?
Finally, is there some way to specify that a dynamic mapping, like all fields not specified in the yaml be treated as unanalyzed?
For (1), yes, we figured, we just hate that we have to touch each logging index pattern for each application separately. Maybe there is a kibana API that lets us create the index patterns?