Include took_millis field in the default ECS schema for ES Slow Logs

[TristanMa]

Hi Team,

Per my slack convo with @tommyers-elastic I wanted to request that the took_millis field be added to the default ECS mapping for ES Slow Logs to allow for our end users to perform aggregations on their slow logs without having to reindex or change the default index template for Slow Logs to update the current elasticsearch.slowlog.tookfrom keyword to init

Current ECS Mapping for Slow Logs: https://docs.elastic.co/en/integrations/elasticsearch#slowlog Default Slow Log Output: https://www.elastic.co/guide/en/elasticsearch/reference/current/index-modules-slowlog.html#_identifying_search_slow_log_origin

Older Request from the Filebeat Module for Slow Logs with similar request: https://github.com/elastic/beats/issues/15088

[botelastic[bot]]

Hi! We just realized that we haven't looked into this issue in a while. We're sorry! We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1. Thank you for your contribution!