ECS 1.0.0-beta2
Pre-release
Pre-release
This is the second 1.0.0 pre-release of ECS. From 1.0.0-beta2 to 1.0.0 GA, no further breaking changes and no additions or new fields are planned. All new contributions must go into the master branch.
Breaking changes
- Changed
device.*
fields toobserver.*
fields to eliminate user confusion. #238 - Rename
network.total.bytes
tonetwork.bytes
andnetwork.total.packets
tonetwork.packets
. #179 - Remove
network.inbound.bytes
,network.inbound.packets
,
network.outbound.bytes
andnetwork.outbound.packets
. #179 - Changed the
event.type
definition to be only reserved. #242
Bugfixes
- Fix obvious mistake in the definition of "source", where it said "destination"
instead of "source". #211
Added
- Add
host.name
field and clarify usage ofhost.hostname
. #187 - Add
event.start
andevent.end
date fields. #185 - Add
process.thread.id
field. #200 - Add
host.name
field and clarify usage ofhost.hostname
. - Add
event.start
andevent.end
date fields. - Create new
related
field set withrelated.ip
. #206 - Add
user.group
field. #204 - Create new
group
field set withgroup.id
andgroup.name
. #203 - Add
url.full
field. #207 - Add
process.executable
field. #209 - Add
process.working_directory
andprocess.start
. #215 - Reintroduce
http
. #237 - Add
user.full_name
field. #201 - Add
network.community_id
field. #208 - Add fields
geo.country_name
andgeo.region_iso_code
. #214 - Add
event.kind
andevent.outcome
. #242 - Add
client
andserver
objects and fields. #236 - Reintroduce a streamlined
user_agent
field set. #240, #262 - Add
geo.name
for ad hoc location names. #248 - Add
event.timezone
to allow for proper interpretation of incomplete timestamps. #258 - Add fields
source.address
,destination.address
,client.address
, and
server.address
. #247 - Add
os.full
to capture full OS name, including version. #259
Improvements
- Improved the definition of the file fields #196
- Improved the definition of the agent fields #192
- Improve definition of events, logs, and metrics in event section #194
- Improved the definition of network fields in intro section #197
- Improved the definition of host fields #195
- Improved the definitions for
event.category
andevent.action
. #242 - Clarify the semantics of
network.direction
. #212 - Add
source.bytes
,source.packets
,destination.bytes
anddestination.packets
. #179 - Add a readme section to declare some top level field sets are reserved for
future use. #257 - Clarify that
network.transport
,network.type
,network.application
,
andnetwork.protocol
must be lowercase. #251 - Clarify that
http.request.method
must be lowercase. #251 - Clarify that source/destination should be filled, even if client/server is
being used. #265