The Elastic Common Schema is a community-driven effort to provide consistent semantic meaning to datasets so that data from disparate sources can be meaningfully used together. In Logstash 8.0, ECS compatibility is on-by-default — this is a pretty major change to how many plugins operate.

In this talk, we outline the rationale behind the transition and also highlight how to opt-OUT of the transition with a simple pipeline setting.

Reference links:

• Demo scripts: https://github.com/yaauie/p2ecs-demo