github elastic/ecs v1.8.0
ECS 1.8.0
on GitHub

latest releases: v8.16.0, v8.11.0, v8.10.0...
3 years ago

In this release, two ECS RFCs are advancing. The multiple users in an event RFC proposed field reuses now appear in the ECS documentation as beta. The host metrics fields are also advancing and are available in the experimental schema and artifacts.

Accompanying the multiple user changes, the user.* fieldset adds ECS' first usage doc. The user usage page contains guidance on categorization, user ids, field reuse, and mapping examples.

The event categorization fields, with the initial set of allowed values, were introduced as beta in ECS 1.4.0. Over the past several ECS released, we've iterated and further fleshed out these fields and values. We're excited to announce that the event categorization fields are now generally available!

In addition to the event categorizations fields becoming GA, two additional event.category allowed values have also been introduced: registry and session.

A new field, os.type, is intended to ease filtering for Windows, Unix, Linux, and macOS events.

Finally, a component template and composable templates (per fieldset) have been added as generated artifacts. The legacy index templates for Elasticsearch 6.x and 7.x are still being maintained. More details covered here.

Changelog

Schema Changes

Bugfixes

  • Clean up event.reference description. #1181
  • Go code generator fails if scaled_float type is used. #1250

Added

  • Added event.category "registry". #1040
  • Added event.category "session". #1049
  • Added usage documentation for user fields. #1066
  • Added user fields at user.effective.*, user.target.* and user.changes.*. #1066
  • Added os.type. #1111

Improvements

  • Event categorization fields GA. #1067
  • Note [ and ] bracket characters may enclose a literal IPv6 address when populating url.domain. #1131
  • Reinforce the exclusion of the leading dot from url.extension. #1151

Deprecated

  • Deprecated host.user.* fields for removal at the next major. #1066

Tooling and Artifact Changes

Bugfixes

  • tracing fields should be at root of Beats fields.ecs.yml artifacts. #1164

Added

  • Added the path key when type is alias, to support the alias field type. #877
  • Added support for scaled_float's mandatory parameter scaling_factor. #1042
  • Added ability for --oss flag to fall back constant_keyword to keyword. #1046
  • Added support in the generated Go source go for wildcard, version, and constant_keyword data types. #1050
  • Added support for marking fields, field sets, or field reuse as beta in the documentation. #1051
  • Added support for constant_keyword's optional parameter value. #1112
  • Added component templates for ECS field sets. #1156, #1186, #1191
  • Added functionality for merging custom and core multi-fields. #982

Improvements

  • Make all fields linkable directly. #1148
  • Added a notice highlighting that the tracing fields are not nested under the
    namespace tracing. #1162
  • ES 6.x template data types will fallback to supported types. #1171, #1176, #1186
  • Add a documentation page discussing the experimental artifacts. #1189
Check out latest releases or
releases around elastic/ecs v1.8.0

Don't miss a new ecs release

NewReleases is sending notifications on new releases.

Get notifications