elastic/ecs v8.2.0

ECS 8.2.0

on GitHub

What's new in ECS 8.2

Beta additions to the schema

The linux event model fields

Proposed in RFC 0030, this release introduces a variety of new beta fields that model a linux event model in order to drive Session view in Kibana.

The container.* metrics fieldset

Proposed in RFC 0025, this release introduces a beta container.* field set. These additional container metric fields capture container CPU, memory, disk and network performance information.

Tooling improvements

In 8.2, ECS has introduced a new optional field definition attribute: pattern. The pattern attribute holds a regular expression (regex) which expresses the expected constraint on a string field's value. This field is intended to be utilized in automated testing for validation of the values populating ECS fields.

Changelog

Schema Changes

Added

• Add beta container.* metric fields. #1789
• Add six new syslog fields to log.syslog.*. #1793
• Added faas.id, faas.name and faas.version fields as beta. #1796
• Added linux event model beta fields and reuses to support RFC 0030. #1842, #1847, #1884
• Added threat.feed.dashboard_id, threat.feed.description, threat.feed.name, threat.feed.reference fields. #1844

Improvements

• email.* field set now GA. #1794, #1841

Tooling and Artifact Changes

Added

• Adding optional field attribute, pattern. #1834
• Added support for re-using a fieldset as an array. #1838
• Added --force-docs option to generator. #1879

Improvements

• Update refs from master to main in USAGE.md etc #1658
• Clean up trailing spaces and additional newlines in schemas #1667
• Use higher compression as default in composable index template settings. #1712