Skip to content

ECS 8.2.0
Compare
Choose a tag to compare
@kgeller kgeller released this 03 May 17:55
· 8 commits to 8.2 since this release
v8.2.0
11a817f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

What's new in ECS 8.2

Beta additions to the schema

The linux event model fields

Proposed in RFC 0030, this release introduces a variety of new beta fields that model a linux event model in order to drive Session view in Kibana.

The container.* metrics fieldset

Proposed in RFC 0025, this release introduces a beta container.* field set. These additional container metric fields capture container CPU, memory, disk and network performance information.

Tooling improvements

In 8.2, ECS has introduced a new optional field definition attribute: pattern. The pattern attribute holds a regular expression (regex) which expresses the expected constraint on a string field's value. This field is intended to be utilized in automated testing for validation of the values populating ECS fields.

Changelog

Schema Changes

Added

  • Add beta container.* metric fields. #1789
  • Add six new syslog fields to log.syslog.*. #1793
  • Added faas.id, faas.name and faas.version fields as beta. #1796
  • Added linux event model beta fields and reuses to support RFC 0030. #1842, #1847, #1884
  • Added threat.feed.dashboard_id, threat.feed.description, threat.feed.name, threat.feed.reference fields. #1844

Improvements

Tooling and Artifact Changes

Added

  • Adding optional field attribute, pattern. #1834
  • Added support for re-using a fieldset as an array. #1838
  • Added --force-docs option to generator. #1879

Improvements

  • Update refs from master to main in USAGE.md etc #1658
  • Clean up trailing spaces and additional newlines in schemas #1667
  • Use higher compression as default in composable index template settings. #1712
Assets 2
Loading