This is hopefully an easy question for the experts. We just started with an instance of Elasticsearch. And we need to add metadata to a big part of our content. Now the question is: which schema to use? We are aware that there is ECS (https://www.elastic.co/guide/en/ecs/current/index.html). But for the content where we have already metadata included, schema.org (https://schema.org/) is used. Can Elasticsearch easily process data from that schema, too? Are there any problems to be expected if we do not use ECS? What if schemas are "mixed"?
Thank you very much for any feedback.
Welcome!
Well it depends. If you just want to use elasticsearch without using Kibana applications or other builtin solutions like observability, security... Then you can use the schema you want.
If you would like to use for example Elastic SIEM, then you should use ECS schema. This is what Elastic tools are using.
You can think of using an ingest pipeline which renames your fields to the ECS model at index time on the fly.
Hi David, thanks for your answer.
So - if we are using schema.org for certain web content, and on Elasticsearch ESC, can ESC handle the information from schema.org? And what about Kibana? We are using (well we plan to use) the Kibana visualization dashboard ... Thanks again for any feedback.
If you are indexing web page content, there's no need IMO to use ECS.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.