Hi,
I want to migrate ECS. my current project log system is below
my sample data in kibana is
{
"_index": "winlogbeat-6.6.1-2020.04.16",
"_type": "doc",
"_id": "ayaGg3EBM9cZYkQ41G7F",
"_version": 1,
"_score": null,
"_source": {
"@timestamp": "2020-04-16T15:06:22.000Z",
"type": "wineventlog",
"tags": [
"vfde-st1-oil",
"oil",
"Eventlogs"
],
"beat": {
"name": "vfdest1app1",
"hostname": "vfdest1app1",
"version": "6.6.1"
},
"keywords": [
"Classic"
],
"source_name": "WCFProxy",
"opcode": "Info",
"record_number": "96655853",
"level": "Warning",
"host": {
"name": "vfdest1app1"
},
"event_id": 0,
"message": "[I01_SearchCustomer] Error occured while sending metrics. System.Net.WebException: The underlying connection was closed: The connection was closed unexpectedly.\n at System.Net.WebClient.UploadDataInternal(Uri address, String method, Byte[] data, WebRequest& request)\n at System.Net.WebClient.UploadData(Uri address, String method, Byte[] data)\n at Metrics.InfluxDB.Adapters.InfluxdbHttpWriter.WriteToTransport(Byte[] bytes)",
"event_data": {
"param1": "[I01_SearchCustomer] Error occured while sending metrics. System.Net.WebException: The underlying connection was closed: The connection was closed unexpectedly.\n at System.Net.WebClient.UploadDataInternal(Uri address, String method, Byte[] data, WebRequest& request)\n at System.Net.WebClient.UploadData(Uri address, String method, Byte[] data)\n at Metrics.InfluxDB.Adapters.InfluxdbHttpWriter.WriteToTransport(Byte[] bytes)"
},
"log_name": "Application",
"computer_name": "vfdest1app1.dynacommercelab.com"
},
"fields": {
"@timestamp": [
"2020-04-16T15:06:22.000Z"
]
},
"sort": [
1587049582000
]
}
ELK version is 6.5. how can I implement ECS here? is it applicable in elk version 6.*. because when I tried a demo in my local with elk version 7.6, I can see this kind of logs
{
"_index": "logstash-2020.04.16-000001",
"_type": "_doc",
"_id": "Qn3JgnEBHPoQW-P2PFG_",
"_version": 1,
"_score": null,
"_source": {
"ecs": {
"version": "1.4.0"
},
"log": {
"offset": 6225,
"file": {
"path": "/Applications/XAMPP/xamppfiles/logs/access_log"
}
},
"input": {
"type": "log"
},
"host": {
"id": "58F3EB84-30F4-5DEF-B9D2-02705BF2403E",
"name": "DynaCommerces-MacBook-Pro.local",
"architecture": "x86_64",
"os": {
"platform": "darwin",
"kernel": "19.3.0",
"version": "10.15.3",
"name": "Mac OS X",
"family": "darwin",
"build": "19D76"
},
"hostname": "DynaCommerces-MacBook-Pro.local"
},
"container": {
"id": "access_log"
},
"message": "::1 - - [16/Apr/2020:17:09:16 +0530] \"GET /dashboard/images/favicon.png HTTP/1.1\" 200 2508",
"tags": [
"_grokparsefailure",
"_geoip_lookup_failure"
],
"@timestamp": "2020-04-16T11:39:17.213Z",
"@version": "1",
"agent": {
"ephemeral_id": "dd55171b-95a0-416f-baa0-e093209dde1d",
"id": "55702d48-8015-446a-b833-972797967855",
"version": "7.6.2",
"hostname": "DynaCommerces-MacBook-Pro.local",
"type": "filebeat"
}
},
"fields": {
"@timestamp": [
"2020-04-16T11:39:17.213Z"
]
},
"sort": [
1587037157213
]
}
how can i update my old logs with this current ECS logs structure.
thanks in advance!!