If i add my custom indices in data sources on elastic security
then how should i map field in ecs
Hey there @aditi_salunke -- welcome to the community! 
So when adding custom indices you'll want to use the Elastic Security ECS field reference as a guide for what fields are used in Elastic Security, and for help with the mapping I highly recommend checking out this blog post (for beats), this webinar for both beats/external events and the ecs-mapper tool.
Hope this is helpful, and look forward to hearing your feedback in using Elastic Security! 
Cheers!
Garrett
hi @spong thanks for the help.
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.