diff --git a/CHANGELOG.next.md b/CHANGELOG.next.md
index 53326e13b3..e55b04329d 100644
--- a/CHANGELOG.next.md
+++ b/CHANGELOG.next.md
@@ -16,6 +16,7 @@
 * Added `.nat.ip` and `.nat.port` to `source`, `destination`, `client` and `server`. #491
 * Added `as` fields for Autonomous System information (i.e. ASN). #341
 * Added `process.thread.name` field. #517
+* Added `log.logger` field. #521
 
 ### Improvements
 
diff --git a/code/go/ecs/log.go b/code/go/ecs/log.go
index 11f3ab8feb..492319a8b8 100644
--- a/code/go/ecs/log.go
+++ b/code/go/ecs/log.go
@@ -34,4 +34,8 @@ type Log struct {
 	// This field is not indexed and doc_values are disabled so it can't be
 	// queried but the value can be retrieved from `_source`.
 	Original string `ecs:"original"`
+
+	// The name of the logger inside an application. This is usually the name
+	// of the class which initialized the logger, or can be a custom name.
+	Logger string `ecs:"logger"`
 }
diff --git a/docs/field-details.asciidoc b/docs/field-details.asciidoc
index 0a9c58eb89..cbdba72a43 100644
--- a/docs/field-details.asciidoc
+++ b/docs/field-details.asciidoc
@@ -1842,6 +1842,17 @@ example: `err`
 
 // ===============================================================
 
+| log.logger
+| The name of the logger inside an application. This is usually the name of the class which initialized the logger, or can be a custom name.
+
+type: keyword
+
+example: `org.elasticsearch.bootstrap.Bootstrap`
+
+| core
+
+// ===============================================================
+
 | log.original
 | This is the original log message and contains the full log message before splitting it up in multiple parts.
 
diff --git a/generated/beats/fields.ecs.yml b/generated/beats/fields.ecs.yml
index 59fe6ddde0..e775db6cec 100644
--- a/generated/beats/fields.ecs.yml
+++ b/generated/beats/fields.ecs.yml
@@ -1378,6 +1378,13 @@
 
         Some examples are `warn`, `error`, `i`.'
       example: err
+    - name: logger
+      level: core
+      type: keyword
+      ignore_above: 1024
+      description: The name of the logger inside an application. This is usually the
+        name of the class which initialized the logger, or can be a custom name.
+      example: org.elasticsearch.bootstrap.Bootstrap
     - name: original
       level: core
       type: keyword
diff --git a/generated/csv/fields.csv b/generated/csv/fields.csv
index c6fb2d2db6..56f46cb973 100644
--- a/generated/csv/fields.csv
+++ b/generated/csv/fields.csv
@@ -179,6 +179,7 @@ http.response.bytes,long,extended,1437,1.1.0-dev
 http.response.status_code,long,extended,404,1.1.0-dev
 http.version,keyword,extended,1.1,1.1.0-dev
 log.level,keyword,core,err,1.1.0-dev
+log.logger,keyword,core,org.elasticsearch.bootstrap.Bootstrap,1.1.0-dev
 log.original,keyword,core,Sep 19 08:26:10 localhost My log,1.1.0-dev
 network.application,keyword,extended,aim,1.1.0-dev
 network.bytes,long,core,368,1.1.0-dev
diff --git a/generated/ecs/ecs_flat.yml b/generated/ecs/ecs_flat.yml
index 1ccb6835ef..1b6b9e5b45 100644
--- a/generated/ecs/ecs_flat.yml
+++ b/generated/ecs/ecs_flat.yml
@@ -1966,6 +1966,17 @@ log.level:
   order: 0
   short: Log level of the log event.
   type: keyword
+log.logger:
+  description: The name of the logger inside an application. This is usually the name
+    of the class which initialized the logger, or can be a custom name.
+  example: org.elasticsearch.bootstrap.Bootstrap
+  flat_name: log.logger
+  ignore_above: 1024
+  level: core
+  name: logger
+  order: 2
+  short: Name of the logger.
+  type: keyword
 log.original:
   description: 'This is the original log message and contains the full log message
     before splitting it up in multiple parts.
diff --git a/generated/ecs/ecs_nested.yml b/generated/ecs/ecs_nested.yml
index 25c2064a24..303d9db342 100644
--- a/generated/ecs/ecs_nested.yml
+++ b/generated/ecs/ecs_nested.yml
@@ -2255,6 +2255,17 @@ log:
       order: 0
       short: Log level of the log event.
       type: keyword
+    logger:
+      description: The name of the logger inside an application. This is usually the
+        name of the class which initialized the logger, or can be a custom name.
+      example: org.elasticsearch.bootstrap.Bootstrap
+      flat_name: log.logger
+      ignore_above: 1024
+      level: core
+      name: logger
+      order: 2
+      short: Name of the logger.
+      type: keyword
     original:
       description: 'This is the original log message and contains the full log message
         before splitting it up in multiple parts.
diff --git a/generated/elasticsearch/6/template.json b/generated/elasticsearch/6/template.json
index 3976add917..022ab93eb8 100644
--- a/generated/elasticsearch/6/template.json
+++ b/generated/elasticsearch/6/template.json
@@ -858,6 +858,10 @@
               "ignore_above": 1024, 
               "type": "keyword"
             }, 
+            "logger": {
+              "ignore_above": 1024, 
+              "type": "keyword"
+            }, 
             "original": {
               "doc_values": false, 
               "ignore_above": 1024, 
diff --git a/generated/elasticsearch/7/template.json b/generated/elasticsearch/7/template.json
index d901f896dc..3a2b853572 100644
--- a/generated/elasticsearch/7/template.json
+++ b/generated/elasticsearch/7/template.json
@@ -857,6 +857,10 @@
             "ignore_above": 1024, 
             "type": "keyword"
           }, 
+          "logger": {
+            "ignore_above": 1024, 
+            "type": "keyword"
+          }, 
           "original": {
             "doc_values": false, 
             "ignore_above": 1024, 
diff --git a/generated/legacy/template.json b/generated/legacy/template.json
index c728fecef3..392bc223f1 100644
--- a/generated/legacy/template.json
+++ b/generated/legacy/template.json
@@ -555,6 +555,10 @@
               "ignore_above": 1024,
               "type": "keyword"
             },
+            "logger": {
+              "ignore_above": 1024,
+              "type": "keyword"
+            },
             "original": {
               "doc_values": false,
               "ignore_above": 1024,
diff --git a/schema.json b/schema.json
index 4298180e8e..bfc0d4a708 100644
--- a/schema.json
+++ b/schema.json
@@ -1326,6 +1326,16 @@
         "required": false, 
         "type": "keyword"
       }, 
+      "log.logger": {
+        "description": "The name of the logger inside an application. This is usually the name of the class which initialized the logger, or can be a custom name.", 
+        "example": "org.elasticsearch.bootstrap.Bootstrap", 
+        "footnote": "", 
+        "group": 2, 
+        "level": "core", 
+        "name": "log.logger", 
+        "required": false, 
+        "type": "keyword"
+      }, 
       "log.original": {
         "description": "This is the original log message and contains the full log message before splitting it up in multiple parts.\nIn contrast to the `message` field which can contain an extracted part of the log message, this field contains the original, full log message. It can have already some modifications applied like encoding or new lines removed to clean up the log message.\nThis field is not indexed and doc_values are disabled so it can't be queried but the value can be retrieved from `_source`.", 
         "example": "Sep 19 08:26:10 localhost My log", 
diff --git a/schemas/log.yml b/schemas/log.yml
index 2a0a5e235c..3bc05c30a2 100644
--- a/schemas/log.yml
+++ b/schemas/log.yml
@@ -35,3 +35,11 @@
 
         This field is not indexed and doc_values are disabled so it can't be
         queried but the value can be retrieved from `_source`.
+
+    - name: logger
+      level: core
+      type: keyword
+      example: org.elasticsearch.bootstrap.Bootstrap
+      short: Name of the logger.
+      description: >
+        The name of the logger inside an application. This is usually the name of the class which initialized the logger, or can be a custom name.