root
/
elasticsearch
mirror of https://github.com/elastic/elasticsearch.git
1
0
Fork 0
Code Issues Actions 1 Packages Projects Releases Wiki Activity
59,930 Commits 501 Branches 435 Tags 2.6 GiB
Commit Graph

62 Commits

Author SHA1 Message Date
James Rodewig 3971522c65
[DOCS] EQL: Document cross-cluster search support (#74995) (#75045) 
Closes #74842.
 2021-07-07 09:41:07 -04:00
James Rodewig d522c28533 [DOCS] Reword EQL limitations intro. 2021-07-01 10:24:32 -04:00
James Rodewig c7d59f0a4d
[DOCS] EQL: Note EQL uses `fields` parameter (#74194) 2021-06-16 13:01:02 -04:00
James Rodewig dc1bf6eff9
[DOCS] EQL: Note CCS is not supported (#72975) 2021-05-12 09:19:29 -04:00
James Rodewig 44f3551786
[DOCS] EQL: Use ECS example in EQL syntax docs (#72414) 2021-04-28 14:02:12 -04:00
James Rodewig fdbea16e15
[DOCS] Move EQL event category section (#70955) 
Combines the basic syntax and event category sections for better visibility.
 2021-03-29 09:40:34 -04:00
James Rodewig 321f46e187
[DOCS] EQL: Document Unicode escape sequences (#70694) 2021-03-23 08:10:03 -04:00
James Rodewig cbfe969634 [DOCS] EQL: Remove unneded words in escape sequence table 2021-03-22 16:45:49 -04:00
James Rodewig 3ff1a17a79
[DOCS] EQL: Document field existence checks (#69614) 2021-02-25 12:04:22 -05:00
James Rodewig 8e09c3d7bd
[DOCS] EQL: Clarify support for text fields (#69229) 2021-02-18 18:57:49 -05:00
James Rodewig 13a077bd59
[DOCS] EQL: Update differences from Endgame EQL syntax (#69124) 2021-02-17 10:11:51 -05:00
James Rodewig 5eb0a9528a
[DOCS] EQL: Document `like` and `regex` keywords (#68932) (#69052) 2021-02-16 11:34:03 -05:00
James Rodewig 293fcd4c41
[DOCS] EQL: Minor doc fixes (#68927) 2021-02-11 13:44:01 -05:00
James Rodewig babf3eb081
[DOCS] EQL: Remove duplicate case-sensitivity info (#68860) 2021-02-10 14:27:29 -05:00
James Rodewig ab3f8f5067
[DOCS] EQL: Add case-insensitive `~` operator (#68217) 
Documents the case-insensitive `~` operator for `in` and string functions.

Relates to #67869 and #68176
 2021-01-29 13:50:57 -05:00
James Rodewig 9b3bb56179
[DOCS] EQL: Move to GA (#65955) 2020-12-09 08:48:23 -05:00
James Rodewig 6a09df8520
[DOCS] EQL: Add diagrams for sequence matching (#65898) 2020-12-07 07:55:38 -05:00
James Rodewig ef6fb59ec3
[DOCS] EQL: Document how sequence queries handle matches (#65794) 
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
 2020-12-04 09:34:38 -05:00
James Rodewig 2044caa667
[DOCS] EQL: Document ? wildcard (#65698) 2020-12-03 12:14:38 -05:00
Howard bcea87f3a3
[DOCS] Fix EQL syntax formatting (#65711) 2020-12-02 08:51:39 -05:00
James Rodewig 1c3ddf8ff1
[DOCS] EQL: Flatten EQL syntax headings (#65693) 2020-12-01 12:56:12 -05:00
James Rodewig a18b87ddc1
[DOCS] Flatten EQL syntax headings (#65497) 2020-11-25 10:30:24 -05:00
James Rodewig b9ee0b3b48
[DOCS] EQL: Add lookup support to `:` operator (#65262) 2020-11-24 10:48:41 -05:00
James Rodewig ce644909dc
[DOCS] EQL: Add wildcard support to `:` operator (#65237) 2020-11-19 08:26:13 -05:00
James Rodewig b2b676d7d6 [DOCS] Remove italics formatting 2020-11-03 15:49:52 -05:00
James Rodewig 1c0380dc21
[DOCS] EQL: Fix operator docs (#64286) 2020-10-28 10:27:17 -04:00
James Rodewig c6a13d1cee
[DOCS] EQL: Remove `match` fn (#63271) 2020-10-14 09:57:29 -04:00
James Rodewig f41de1bdce
[DOCS] EQL: Add `:` operator, remove wildcard operator (#63195) 2020-10-14 09:06:37 -04:00
James Rodewig 8527183f91
[DOCS] EQL: Remove Endgame EQL refs (#63636) 2020-10-14 08:34:11 -04:00
James Rodewig e0cc841a60
[DOCS] EQL: Document multi-value field support (#63622) 2020-10-13 12:26:07 -04:00
James Rodewig 04c8ad3ced
[DOCS] EQL: Move to beta (#63284) 2020-10-12 08:55:16 -04:00
James Rodewig 0aa0811aba
[DOCS] Make EQL case-sensitive by default (#63270) 2020-10-05 15:29:48 -04:00
James Rodewig cb9e61fae5
[DOCS] EQL: Update grammary for escaped event categories (#63202) 2020-10-02 15:03:29 -04:00
James Rodewig daef606de7
[DOCS] EQL: Replace ?"..." with """...""" for raw strings (#63191) 2020-10-02 11:20:24 -04:00
James Rodewig 1b878c8775
[DOCS] EQL: Reorganize EQL syntax sections (#63179) 2020-10-02 09:46:27 -04:00
James Rodewig d8cfd569e6
[DOCS] Document escaped backticks for identifiers (#63079) 2020-09-30 11:56:23 -04:00
James Rodewig 844558069b
[DOCS] EQL: Clarify EQL docs (#62961) 2020-09-28 15:29:35 -04:00
James Rodewig acac14a35f [DOCS] EQL: Note = is not an equality operator 2020-09-22 13:54:19 -04:00
James Rodewig 6b36be281a
[DOCS] EQL: Disallow chained comparisons (#62570) 2020-09-18 08:26:48 -04:00
James Rodewig 0e1aa14bc8
[DOCS] EQL: Remove support for single quote strings (#62479) 2020-09-17 09:19:04 -04:00
James Rodewig db52f8485b [DOCS] EQL: Clarify wildcard operator 2020-09-16 11:05:00 -04:00
James Rodewig 9e325bb810 [DOCS] EQL: Make operator refs consistent 2020-09-16 11:03:09 -04:00
James Rodewig 7274b42a14 [DOCS] EQL: Move comparison operator defs 2020-09-16 10:54:02 -04:00
James Rodewig b5fc25cf1f
[DOCS] Remove collapsible examples in EQL syntax docs (#62220) 2020-09-10 09:39:17 -04:00
James Rodewig 21deb3b7ea
[DOCS] EQL: Clarify until keyword docs (#61794) 2020-09-01 13:37:24 -04:00
James Rodewig 904c866060 [DOCS] Fix EQL syntax admon 2020-08-26 13:39:23 -04:00
James Rodewig dca46c29ff
[DOCS] Refactor EQL docs (#60700) 
Changes:

* Moves sample data to reusable rest test
* Combines EQL index, requirements, and run a search pages
* Combines EQL syntax and limitations pages
* Adds related redirects
 2020-08-05 10:11:02 -04:00
James Rodewig d250f94374
[DOCS] Fix syntax and wording in EQL docs (#59623) 2020-07-15 14:27:02 -04:00
James Rodewig 25c6a125c5
[DOCS] EQL: Document `until` keyword support (#59320) 2020-07-13 08:42:27 -04:00
James Rodewig 747e61508a
[DOCS] EQL: Prepare docs for release (#59259) 
Changes:

* Swaps the `dev` admonitions for `experimental` admonitions
* Removes `ifdef` statements preventing the docs from appearing in
  released branches
 2020-07-13 08:40:38 -04:00