Hello!
Sorry this was overlooked. We need to promote the elastic-common-schema tag more, it seems. Make sure you apply the tag, any time you have an ECS related question 
What problems are you encountering with your grok patterns? The obvious one I could guess is about field nesting. All fields in ECS should be nested, no dots in key names. Dots are used as a shorthand to represent the nesting. So in your grok you can get nested fields using square brackets, like %{IPORHOST:[url][domain]}. Here's a more fleshed out example
Is ECS dead already?
Not at all 