d9597da0ef
[DOCS] Update security prereqs for delete async EQL API ( #75091 )
2021-07-12 08:49:55 -04:00
4e005c041c
[DOCS] EQL: Fix delete async EQL search snippet ( #75093 )
...
The delete async EQL search API doesn't support the `keep_alive` query parameter.
2021-07-07 16:49:22 -04:00
3971522c65
[DOCS] EQL: Document cross-cluster search support ( #74995 ) ( #75045 )
...
Closes #74842 .
2021-07-07 09:41:07 -04:00
dd302dcfef
EQL: [Docs] Add documentation for the CircuitBreaker ( #74897 )
...
Add documentation for the newly introduced CircuitBreaker, which is
used to restrict the memory usage for an EQL sequence query to avoid
OutOfMemory exceptions.
Follows: #74381
2021-07-07 09:20:25 +02:00
845446aec3
[DOCS] EQL: Remove erroneous CSS reference
2021-07-01 17:05:44 -04:00
70764de4b6
[DOCS] Move EQL APIs to separate page ( #74846 )
...
In preparation for #74845 , we need to create formal API reference documentation for our SQL APIs.
Due to the number of SQL APIs, we'll likely need to create a separate nested page for them. For parity, this PR moves
our EQL APIs to a separate page as well. Previously, they were listed under our search APIs.
2021-07-01 13:59:35 -04:00
d522c28533
[DOCS] Reword EQL limitations intro.
2021-07-01 10:24:32 -04:00
c7d59f0a4d
[DOCS] EQL: Note EQL uses `fields` parameter ( #74194 )
2021-06-16 13:01:02 -04:00
975ae227fc
[DOCS] Fix typo in modulo example
2021-06-03 08:21:29 -04:00
5729bb8d49
[DOCS] Update alias references ( #73427 )
...
Updates several `index aliases` references to `aliases`.
2021-05-27 16:00:57 -04:00
39a0314d30
[DOCS] Update alias xrefs ( #73380 )
...
Updates several internal 'alias' xrefs to point to the aliases guide rather than
API docs.
2021-05-25 16:19:00 -04:00
dc1bf6eff9
[DOCS] EQL: Note CCS is not supported ( #72975 )
2021-05-12 09:19:29 -04:00
965baad5c4
[DOCS] EQL: Update tiebreaker docs for implicit tiebreaker ( #72808 )
2021-05-06 14:48:46 -04:00
44f3551786
[DOCS] EQL: Use ECS example in EQL syntax docs ( #72414 )
2021-04-28 14:02:12 -04:00
889197f8d0
[DOCS] Fix formatting
2021-04-28 11:40:33 -04:00
13179c71b6
[DOCS] EQL: Shorten response snippets ( #72330 )
...
Shortens several lengthy response snippets to better highlight the
relevant parts.
2021-04-27 16:02:45 -04:00
f8d2578ede
[DOCS] EQL: Remove wildcard function ( #72121 )
2021-04-22 15:49:07 -04:00
3f2eb32afc
[DOCS] Sync EQL docs with `fields` param updates ( #72008 )
2021-04-21 09:13:27 -04:00
6dfd92c46f
[DOCS] Focus retrieving selected fields on fields parameter ( #71506 )
...
* [DOCS] Focus retrieving selected fields on fields parameter
* Incorporating changes from reviews
* Adding clarifications from review feedback
* Slight wording revisions.
* Clarify language around format parameter and move text out of callout.
2021-04-20 15:11:35 -04:00
07fade1d27
[DOCS] EQL/SQL: Document `runtime_fields` parameter ( #71487 )
2021-04-19 09:15:12 -04:00
de228ee153
[DOCS] Reorder EQL sections. Remove duplicated content. ( #71477 )
2021-04-08 10:45:33 -04:00
f41320616c
[DOCS] Refactor data stream setup tutorial ( #71074 )
2021-03-31 17:28:55 -04:00
693807a6d3
[DOCS] Fix double spaces ( #71082 )
2021-03-31 09:57:47 -04:00
fdbea16e15
[DOCS] Move EQL event category section ( #70955 )
...
Combines the basic syntax and event category sections for better visibility.
2021-03-29 09:40:34 -04:00
6504b541e9
[DOCS] EQL: Use data streams in docs ( #70822 )
2021-03-25 09:41:06 -04:00
321f46e187
[DOCS] EQL: Document Unicode escape sequences ( #70694 )
2021-03-23 08:10:03 -04:00
cbfe969634
[DOCS] EQL: Remove unneded words in escape sequence table
2021-03-22 16:45:49 -04:00
75b0917ca1
[DOCS] Fix EQL heading levels ( #70255 )
...
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
2021-03-10 14:20:22 -05:00
5bf7a0a995
[DOCS] Add fields param xref
2021-03-08 16:40:11 -05:00
783769d8d9
[DOCS] Add `fields` parameter to EQL search API ( #69634 )
2021-03-01 12:00:27 -05:00
593cac391d
[DOCS] Make whitespace consistent in JSON snippets
2021-02-25 16:12:47 -05:00
3ff1a17a79
[DOCS] EQL: Document field existence checks ( #69614 )
2021-02-25 12:04:22 -05:00
8e09c3d7bd
[DOCS] EQL: Clarify support for text fields ( #69229 )
2021-02-18 18:57:49 -05:00
31fc59efdf
[DOCS] Fix capitalization for Query DSL ( #69236 )
2021-02-18 18:57:19 -05:00
13a077bd59
[DOCS] EQL: Update differences from Endgame EQL syntax ( #69124 )
2021-02-17 10:11:51 -05:00
5eb0a9528a
[DOCS] EQL: Document `like` and `regex` keywords ( #68932 ) ( #69052 )
2021-02-16 11:34:03 -05:00
293fcd4c41
[DOCS] EQL: Minor doc fixes ( #68927 )
2021-02-11 13:44:01 -05:00
6521d2af27
Introduce eql search status API ( #68065 )
...
Introduce eql search status API,
that reports the status of eql stored or async search.
GET _eql/search/status/<id>
The API is restricted to the monitoring_user role.
For a running eql search, a response has the following format:
{
"id" : <id>,
"is_running" : true,
"is_partial" : true,
"start_time_in_millis" : 1611690235000,
"expiration_time_in_millis" : 1611690295000
}
For a completed eql search, a response has the following format:
{
"id" : <id>,
"is_running" : false,
"is_partial" : false,
"expiration_time_in_millis" : 1611690295000,
"completion_status" : 200
}
Closes #66955
2021-02-11 09:30:13 -05:00
babf3eb081
[DOCS] EQL: Remove duplicate case-sensitivity info ( #68860 )
2021-02-10 14:27:29 -05:00
6378c57ca0
[DOCS] EQL: Add `filter_path` param to EQL search API docs ( #68537 )
2021-02-04 13:39:01 -05:00
ab3f8f5067
[DOCS] EQL: Add case-insensitive `~` operator ( #68217 )
...
Documents the case-insensitive `~` operator for `in` and string functions.
Relates to #67869 and #68176
2021-01-29 13:50:57 -05:00
c4ab89f3f7
[DOCS] EQL: Add security privileges to EQL search docs ( #68017 )
2021-01-27 16:25:05 -05:00
cb3e0051e0
[DOCS] Make cat API verbose query param explicit ( #67300 )
2021-01-11 17:19:23 -05:00
14b381a2ad
[DOCS] EQL: Change `result_position` default to `tail` ( #66550 )
2020-12-18 08:38:45 -05:00
9b3bb56179
[DOCS] EQL: Move to GA ( #65955 )
2020-12-09 08:48:23 -05:00
6a09df8520
[DOCS] EQL: Add diagrams for sequence matching ( #65898 )
2020-12-07 07:55:38 -05:00
ef6fb59ec3
[DOCS] EQL: Document how sequence queries handle matches ( #65794 )
...
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
2020-12-04 09:34:38 -05:00
2044caa667
[DOCS] EQL: Document ? wildcard ( #65698 )
2020-12-03 12:14:38 -05:00
bcea87f3a3
[DOCS] Fix EQL syntax formatting ( #65711 )
2020-12-02 08:51:39 -05:00
1c3ddf8ff1
[DOCS] EQL: Flatten EQL syntax headings ( #65693 )
2020-12-01 12:56:12 -05:00
James Rodewig
Marios Trivyzas
Adam Locke
Mayya Sharipova
Howard