This directory contains the definitions for generating ecs files (templates, docs, etc). The subset format allows us to specify a subset of the ecs schema as well as custom definition to use when generating files.
For example, if you wanted to create a mapping file that only contained host.os.platform you would create a subset file as follows:
host:
fields:
os:
fields:
platform:
fields: "*"Or this shorthand (more info on that in this PR: elastic/ecs#805)
host:
fields:
os:
fields:
platform: {}To generate the ecs files, you will need to clone the ecs repo.
Once you have that cloned, you'll need to install the python package requirements.txt under the scripts directory.
The scripts/generator.py script is used to generate the files. The scripts allows the flags:
-
--outto point to the location to write the generated files -
--includeto point to thecustom_schemasdirectory or wherever your additional schema is located -
--subsetin glob format to point to the subset files to use
cd ecs
python scripts/generator.py --out ../gen --include ../endpoint-app-team/custom_schemas --subset ../endpoint-app-team/custom_subsets/elastic_endpoint/events/*The generated files will be in ../gen
To generate the event schema files in schemas follow the instructions in the event_schema_generator