c5df35eba1
[DOCS] EQL: Document unsupported var comparison ( #58941 )
...
ES EQL queries do not support the comparison of a variable, such as
a field value, to another variable.
This adds a related para and example to the EQL syntax docs.
2020-07-08 08:54:22 -04:00
7c23933ec7
[DOCS] EQL: Document `maxspan` keyword ( #58931 )
2020-07-08 08:52:36 -04:00
2be9db01c8
[DOCS] Replace `datatype` with `data type` ( #58972 )
2020-07-07 13:52:10 -04:00
b5e374d958
[DOCS] Change Beats links to refactored getting started docs ( #58790 )
2020-07-02 17:10:09 -07:00
f18e136400
[DOCS] Fix xref format in async EQL search docs
2020-06-30 09:36:08 -04:00
cc3bd3974f
[DOCS] EQL: Document `head` and `tail` pipes ( #58673 )
2020-06-30 08:35:37 -04:00
29da275b0a
[DOCS] EQL: Remove fields from EQL search response ( #58667 )
2020-06-29 09:19:07 -04:00
d6731d659d
Update JSON results in EQL docs
2020-06-27 09:45:50 +03:00
4521ca3367
EQL: Add Head/Tail pipe support ( #58536 )
...
Introduce pipe support, in particular head and tail
(which can also be chained).
2020-06-27 09:08:03 +03:00
d14b7d5399
[DOCS] EQL: Remove references to partial async EQL results ( #58548 )
...
Removes references to partial results from the async EQL search docs.
If an EQL search does not complete during the `wait_for_completion_timeout`
timeout period, it returns no results.
2020-06-26 10:27:30 -04:00
662cf81bbc
[DOCS] Fix EQL search snippet for tiebreaker example ( #58545 )
2020-06-25 09:23:50 -04:00
07874ec357
[DOCS] EQL: Document search API's `tiebreaker_field` param ( #57935 )
2020-06-25 08:44:34 -04:00
7f5b72741e
[DOCS] EQL: Correct EQL search API's `size` param def
...
The `size` parameter can be used to limit matching events or sequences.
2020-06-10 10:13:18 -04:00
6d7acd0d94
[DOCS] EQL: Document delete async search API ( #57732 )
2020-06-05 12:45:09 -04:00
d197a85ee5
Merge remote-tracking branch 'elastic/master' into feature/async-eql
2020-06-04 15:50:40 -04:00
b30cc2b399
[DOCS] EQL: Add `dev` admonition to EQL pages ( #57531 ) ( #57534 )
...
Adds the `dev` admonition to EQL features, which are in development
under a feature flag.
2020-06-02 11:04:56 -04:00
982f168fd8
[DOCS] EQL: Add `dev` admonition to EQL pages ( #57531 )
...
Adds the `dev` admonition to EQL features, which are in development
under a feature flag.
2020-06-02 10:47:53 -04:00
34c4505a2f
[DOCS] EQL: Fix hits param for sequences ( #57410 ) ( #57525 )
2020-06-02 09:38:21 -04:00
f1b8df93cd
[DOCS] EQL: Fix hits param for sequences ( #57410 )
2020-06-02 09:22:14 -04:00
8b9293b3bf
[DOCS] Replace docdir attribute with es-repo-dir ( #57489 )
2020-06-01 15:55:05 -07:00
78146bbca9
[DOCS] EQL: Document get async EQL search API ( #57366 )
2020-05-30 08:42:30 -04:00
39df45e156
Fix EQL doc tests after master merge
2020-05-27 09:19:50 -04:00
a301eab85b
Merge remote-tracking branch 'elastic/master' into feature/async-eql
2020-05-27 08:55:02 -04:00
8a086ba05d
[DOCS] EQL: Fix whitespace in EQL snippet
2020-05-19 17:04:20 -04:00
c13c7aa681
[DOCS] EQL: Add sequence example to tutorial ( #56965 )
...
Adds an example using the sequence syntax to the 'Run an EQL search'
tutorial.
Supplements other examples added with #56721
2020-05-19 15:59:18 -04:00
27cab68912
[DOCS] Add leading slashes to EQL API examples
2020-05-19 15:38:04 -04:00
a3b55d477b
[DOCS] EQL: Fix merge conflict in search API docs
2020-05-19 12:54:41 -04:00
0b557e4c93
[DOCS] EQL: Fix API example headings
2020-05-18 16:28:57 -04:00
dd2ac8ea04
Merge remote-tracking branch 'elastic/master' into feature/async-eql
2020-05-15 15:32:55 -04:00
19699af81e
[DOCS] EQL: Document `case_sensitive` param ( #56697 )
2020-05-15 09:21:11 -04:00
7c679614cd
[DOCS] EQL: Align comments in `between` fn examples
2020-05-15 09:20:27 -04:00
aa6c4928e8
[DOCS] EQL: Remove references to arrays/multi-value fields ( #56772 )
2020-05-15 09:08:02 -04:00
949a2927ed
[DOCS] EQL: Document `number` function ( #56770 )
...
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
2020-05-14 15:22:04 -04:00
aee5618001
[DOCS] EQL: Document async search submits ( #56704 )
2020-05-14 11:54:15 -04:00
15431f2447
[DOCS] EQL: Document sequences ( #56721 )
...
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
2020-05-14 11:01:07 -04:00
fcebd4fd02
EQL: Adds an ability to start an asynchronous EQL search ( #56631 )
...
Adds support for async searches to eql search API. This commit is limited to
only submitting search API requests and doesn't provide APIs to get results
nor delete the results. These functions will be added in follow up PRs.
Relates to #49638
2020-05-13 09:50:15 -04:00
918ef65c67
[DOCS] Sort EQL search API params alphabetically
2020-05-12 13:51:53 -04:00
883bb29152
[DOCS] EQL: Document math functions ( #55810 )
...
Documents the following EQL functions:
* `add`
* `divide`
* `module`
* `multiply`
* `subtract`
2020-05-07 08:53:08 -04:00
c7ac7e005c
[DOCS] EQL: Document `concat` function ( #56239 )
...
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
2020-05-05 16:41:59 -04:00
038c20b256
[DOCS] EQL: Add collapsible sections to EQL tutorial docs ( #56235 )
...
Adds collapsible sections to the snippet examples of the EQL tutorial
docs.
Also adds a leading slash to EQL API snippet examples.
2020-05-05 16:29:11 -04:00
80f503257b
[DOCS] EQL: Add collapsible sections to EQL search API response ( #56232 )
...
Add collapsible sections to the response parameter docs
of the EQL search API.
Also clarifies some language regarding documents and
events.
2020-05-05 15:59:19 -04:00
7156f40d46
[DOCS] EQL: Document `match` function ( #56134 )
2020-05-05 11:48:40 -04:00
e12419b276
[DOCS] EQL: Document nested field support ( #56138 )
...
Notes that you cannot use EQL in ES to search the values of `nested`
fields or their sub-fields. However, indices containing `nested` field
mappings are otherwise supported.
2020-05-05 11:26:20 -04:00
a7729c8e31
[DOCS] EQL: Remove case sensitivity from function docs ( #55063 )
...
Per #54411 , we plan to handle case sensitivity via a parameter for the
EQL search API (with the possible exception of the `between` function).
This removes references and examples related to case sensitivity from
the EQL functions docs.
2020-05-05 09:25:55 -04:00
991899ed47
[DOCS] EQL: Add advantages to overview ( #53452 )
...
Adds a concise list of EQL advantages, based on the "EQL Advantages"
section in the [EQL for the masses][0] blog post.
The intent is to inform users how EQL could benefit at a high level.
[0]: https://www.elastic.co/blog/eql-for-the-masses
Co-Authored-By: Ross Wolf <31489089+rw-access@users.noreply.github.com>
2020-04-30 12:57:32 -04:00
6c26c4b768
[DOCS] EQL: Correct `cidrMatch` function heading ( #55935 )
2020-04-29 10:01:20 -04:00
8918eefa9e
[DOCS] Update attribute for multi arg footnotes ( #55860 )
2020-04-29 08:57:21 -04:00
c69eda2d6a
[DOCS] EQL: Fix whitespace in `stringContains` docs
2020-04-27 15:52:16 -04:00
cde5fc1ac5
[DOCS] EQL: Document `stringContains` function ( #54968 )
2020-04-24 14:53:29 -04:00
32317a6910
[DOCS] Document EQL search REST API ( #52384 )
2020-04-24 14:25:33 -04:00
James Rodewig
DeDe Morton
Costin Leau
Costin Leau
Igor Motov
Lisa Cawley