Allow "message" field to be excluded (#55)

trentm · felixbarny · web-flow · commit aaf458815b39 · 2021-03-24T09:08:26.000-07:00
Some logging libraries (pino for node.js, log4j2 for java) can produce
log records with no message field. ECS' schema does not *require*
"message" and filebeat will injest log records without a message field.

Co-authored-by: Felix Barnsteiner &lt;felixbarny@users.noreply.github.com&gt;
diff --git a/spec/README.md b/spec/README.md
@@ -1,12 +1,12 @@
 # Specification
 
-The specification aims to keep uniformity accross the libraries and to provide a human digestible output while producing a structured format.
+The specification aims to keep uniformity across the libraries and to provide a human digestible output while producing a structured format.
 
 The ordering of the next three keys must be respected in every ecs-logging library (unless the logging framework makes this impossible):
 
 1. `@timestamp`, base field
 2. `log.level`, log field
-3. `message`, base field
+3. `message`, base field (if present)
 
 With the fourth key, `ecs.version` ([core](https://www.elastic.co/guide/en/ecs/current/ecs-ecs.html) field) in the [ND-JSON](https://github.com/ndjson/ndjson-spec) output, we define the *minimum viable product* (MVP) for a log line.
 `ecs.version` must be present in case of appenders that are not adding the `ecs.version` automatically.
@@ -19,6 +19,16 @@ All other keys are not subjected to an order until decided differently and can h
 
 The following example highlights the minimum set of keys in a ND-JSON output.
 
+```json
+{
+    "@timestamp": "2016-05-23T08:05:34.853Z",
+    "log.level": "NOTICE",
+    "ecs.version": "1.4.0"
+}
+```
+
+Most log records will include a "message" field:
+
 ```json
 {
     "@timestamp": "2016-05-23T08:05:34.853Z",
@@ -28,6 +38,7 @@ The following example highlights the minimum set of keys in a ND-JSON output.
 }
 ```
 
+
 ### A richer Event Context
 
 The following example describes a richer set of fields in an event that has not an error context (see [here](#example-error-event)). The mapping can of the example is taken from `ecs-logging-java` and can be found [here](https://github.com/elastic/ecs-logging-java#mapping).
diff --git a/spec/spec.json b/spec/spec.json
@@ -31,9 +31,13 @@
         },
         "message": {
             "type": "string",
-            "required": true,
+            "required": false,
             "index": 2,
-            "url": "https://www.elastic.co/guide/en/ecs/current/ecs-base.html"
+            "url": "https://www.elastic.co/guide/en/ecs/current/ecs-base.html",
+            "comment": [
+                "A message field is typically included in all log records, but some logging libraries allow records with no message.",
+                "That's typically the case for libraries that allow for structured logging."
+            ]
         },
         "ecs.version": {
             "type": "string",
