Schema is an enumerated list of schema used for a parser. It cannot be given with a yaml schema.

Table: Schema

ParameterTypeRequiredDefaultStabilityDescription
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Oct 6, 2025
ECS_EXTENDED   PreviewThe schema type is Elastic Common Schema extended.
ORIGINAL_CPS   PreviewIndicates Crowdstrike Parsing Standard is used.