You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/reference/scripting/grok-syntax.asciidoc
+17-1Lines changed: 17 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -11,7 +11,7 @@ fields.
11
11
12
12
[[grok-syntax]]
13
13
==== Grok patterns
14
-
The {stack} ships with numerous https://github.com/elastic/elasticsearch/blob/master/libs/grok/src/main/resources/patterns/grok-patterns[predefined grok patterns] that simplify working with grok. The syntax for reusing grok patterns
14
+
The {stack} ships with numerous https://github.com/elastic/elasticsearch/blob/master/libs/grok/src/main/resources/patterns/legacy/grok-patterns[predefined grok patterns] that simplify working with grok. The syntax for reusing grok patterns
15
15
takes one of the following forms:
16
16
17
17
[%autowidth]
@@ -49,6 +49,22 @@ can match this text by using the following grok expression:
49
49
%{NUMBER:duration} %{IP:client}
50
50
----
51
51
52
+
[[grok-ecs]]
53
+
==== Migrating to Elastic Common Schema (ECS)
54
+
55
+
To ease migration to the {ecs-ref}[Elastic Common Schema (ECS)], a new set of
56
+
ECS-compliant patterns is available in addition to the existing patterns. The
57
+
new ECS pattern definitions capture event field names that are compliant with
58
+
the schema.
59
+
60
+
The ECS pattern set has all of the pattern definitions from the legacy set, and
0 commit comments