root
/
elasticsearch
mirror of https://github.com/elastic/elasticsearch.git
1
0
Fork 0
Code Issues Actions 1 Packages Projects Releases Wiki Activity
53,920 Commits 501 Branches 435 Tags 2.6 GiB
Commit Graph

89 Commits

Author SHA1 Message Date
James Rodewig 441c3a21b1
[DOCS] Update my-index examples (#60132) 
Changes the following example index names to `my-index-000001` for consistency:

* `my-index`
* `my_index`
* `myindex`
 2020-07-27 14:46:39 -04:00
James Rodewig 2774cd6938
[DOCS] Swap `[float]` for `[discrete]` (#60124) 
Changes instances of `[float]` in our docs for `[discrete]`.

Asciidoctor prefers the `[discrete]` tag for floating headings:
https://asciidoctor.org/docs/asciidoc-asciidoctor-diffs/#blocks
 2020-07-23 11:48:22 -04:00
James Rodewig 861892add4
[DOCS] EQL: Remove collapsible sections from EQL search docs (#59819) 2020-07-20 08:50:19 -04:00
James Rodewig 5be36b41d4
[DOCS] EQL: Update EQL search response format (#59554) 2020-07-15 16:52:32 -04:00
James Rodewig d250f94374
[DOCS] Fix syntax and wording in EQL docs (#59623) 2020-07-15 14:27:02 -04:00
James Rodewig adc520b7c2 [DOCS] Note that EQL timestamp field can also be date_nanos 2020-07-15 09:53:43 -04:00
Costin Leau bccfbcd81f
EQL: Improve retrieval of results (#59552) 
Instead of retrieving an entire SearchHit, get just a reference and 
postpone the document retrieval when assembling the final results.
Remove sort information from results to make them consistent.
Move TumblingWindow under the sequence package.

Co-authored-by: James Rodewig <james.rodewig@elastic.co>
 2020-07-14 23:26:25 +03:00
James Rodewig 25c6a125c5
[DOCS] EQL: Document `until` keyword support (#59320) 2020-07-13 08:42:27 -04:00
James Rodewig 747e61508a
[DOCS] EQL: Prepare docs for release (#59259) 
Changes:

* Swaps the `dev` admonitions for `experimental` admonitions
* Removes `ifdef` statements preventing the docs from appearing in
  released branches
 2020-07-13 08:40:38 -04:00
James Rodewig 284ee85efd
[DOCS] Add data streams to EQL search docs (#58611) 2020-07-13 08:38:01 -04:00
Andrei Stefan 6ede6c59ef
Remove search_after and implicit_join_key_field (#59232) 2020-07-09 11:17:37 +03:00
James Rodewig 52bfe9eb9a
[DOCS] EQL: Document `size` limit for pipes (#59085) 
Changes:
* Documents the `size` default as `10`.
* Updates `size` param def to note its relation to pipes.
* Updates the `head` and `tail` pipe docs to modify sequences.
* Documents the `fetch_size` parameter.

Relates to #59014 and #59063
 2020-07-08 11:52:45 -04:00
James Rodewig c5df35eba1
[DOCS] EQL: Document unsupported var comparison (#58941) 
ES EQL queries do not support the comparison of a variable, such as
a field value, to another variable.

This adds a related para and example to the EQL syntax docs.
 2020-07-08 08:54:22 -04:00
James Rodewig 7c23933ec7
[DOCS] EQL: Document `maxspan` keyword (#58931) 2020-07-08 08:52:36 -04:00
James Rodewig 2be9db01c8
[DOCS] Replace `datatype` with `data type` (#58972) 2020-07-07 13:52:10 -04:00
DeDe Morton b5e374d958
[DOCS] Change Beats links to refactored getting started docs (#58790) 2020-07-02 17:10:09 -07:00
James Rodewig f18e136400 [DOCS] Fix xref format in async EQL search docs 2020-06-30 09:36:08 -04:00
James Rodewig cc3bd3974f
[DOCS] EQL: Document `head` and `tail` pipes (#58673) 2020-06-30 08:35:37 -04:00
James Rodewig 29da275b0a
[DOCS] EQL: Remove fields from EQL search response (#58667) 2020-06-29 09:19:07 -04:00
Costin Leau d6731d659d Update JSON results in EQL docs 2020-06-27 09:45:50 +03:00
Costin Leau 4521ca3367
EQL: Add Head/Tail pipe support (#58536) 
Introduce pipe support, in particular head and tail
(which can also be chained).
 2020-06-27 09:08:03 +03:00
James Rodewig d14b7d5399
[DOCS] EQL: Remove references to partial async EQL results (#58548) 
Removes references to partial results from the async EQL search docs.
If an EQL search does not complete during the `wait_for_completion_timeout`
timeout period, it returns no results.
 2020-06-26 10:27:30 -04:00
James Rodewig 662cf81bbc
[DOCS] Fix EQL search snippet for tiebreaker example (#58545) 2020-06-25 09:23:50 -04:00
James Rodewig 07874ec357
[DOCS] EQL: Document search API's `tiebreaker_field` param (#57935) 2020-06-25 08:44:34 -04:00
James Rodewig 7f5b72741e [DOCS] EQL: Correct EQL search API's `size` param def 
The `size` parameter can be used to limit matching events or sequences.
 2020-06-10 10:13:18 -04:00
James Rodewig 6d7acd0d94
[DOCS] EQL: Document delete async search API (#57732) 2020-06-05 12:45:09 -04:00
Igor Motov d197a85ee5 Merge remote-tracking branch 'elastic/master' into feature/async-eql 2020-06-04 15:50:40 -04:00
James Rodewig b30cc2b399
[DOCS] EQL: Add `dev` admonition to EQL pages (#57531) (#57534) 
Adds the `dev` admonition to EQL features, which are in development
under a feature flag.
 2020-06-02 11:04:56 -04:00
James Rodewig 982f168fd8
[DOCS] EQL: Add `dev` admonition to EQL pages (#57531) 
Adds the `dev` admonition to EQL features, which are in development
under a feature flag.
 2020-06-02 10:47:53 -04:00
James Rodewig 34c4505a2f
[DOCS] EQL: Fix hits param for sequences (#57410) (#57525) 2020-06-02 09:38:21 -04:00
James Rodewig f1b8df93cd
[DOCS] EQL: Fix hits param for sequences (#57410) 2020-06-02 09:22:14 -04:00
Lisa Cawley 8b9293b3bf
[DOCS] Replace docdir attribute with es-repo-dir (#57489) 2020-06-01 15:55:05 -07:00
James Rodewig 78146bbca9
[DOCS] EQL: Document get async EQL search API (#57366) 2020-05-30 08:42:30 -04:00
Igor Motov 39df45e156 Fix EQL doc tests after master merge 2020-05-27 09:19:50 -04:00
Igor Motov a301eab85b Merge remote-tracking branch 'elastic/master' into feature/async-eql 2020-05-27 08:55:02 -04:00
James Rodewig 8a086ba05d [DOCS] EQL: Fix whitespace in EQL snippet 2020-05-19 17:04:20 -04:00
James Rodewig c13c7aa681
[DOCS] EQL: Add sequence example to tutorial (#56965) 
Adds an example using the sequence syntax to the 'Run an EQL search'
tutorial.

Supplements other examples added with #56721
 2020-05-19 15:59:18 -04:00
James Rodewig 27cab68912 [DOCS] Add leading slashes to EQL API examples 2020-05-19 15:38:04 -04:00
James Rodewig a3b55d477b [DOCS] EQL: Fix merge conflict in search API docs 2020-05-19 12:54:41 -04:00
James Rodewig 0b557e4c93 [DOCS] EQL: Fix API example headings 2020-05-18 16:28:57 -04:00
Igor Motov dd2ac8ea04 Merge remote-tracking branch 'elastic/master' into feature/async-eql 2020-05-15 15:32:55 -04:00
James Rodewig 19699af81e
[DOCS] EQL: Document `case_sensitive` param (#56697) 2020-05-15 09:21:11 -04:00
James Rodewig 7c679614cd [DOCS] EQL: Align comments in `between` fn examples 2020-05-15 09:20:27 -04:00
James Rodewig aa6c4928e8
[DOCS] EQL: Remove references to arrays/multi-value fields (#56772) 2020-05-15 09:08:02 -04:00
James Rodewig 949a2927ed
[DOCS] EQL: Document `number` function (#56770) 
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
 2020-05-14 15:22:04 -04:00
James Rodewig aee5618001
[DOCS] EQL: Document async search submits (#56704) 2020-05-14 11:54:15 -04:00
James Rodewig 15431f2447
[DOCS] EQL: Document sequences (#56721) 
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
 2020-05-14 11:01:07 -04:00
Igor Motov fcebd4fd02
EQL: Adds an ability to start an asynchronous EQL search (#56631) 
Adds support for async searches to eql search API. This commit is limited to
only submitting search API requests and doesn't provide APIs to get results
nor delete the results. These functions will be added in follow up PRs.

Relates to #49638
 2020-05-13 09:50:15 -04:00
James Rodewig 918ef65c67 [DOCS] Sort EQL search API params alphabetically 2020-05-12 13:51:53 -04:00
James Rodewig 883bb29152
[DOCS] EQL: Document math functions (#55810) 
Documents the following EQL functions:

* `add`
* `divide`
* `module`
* `multiply`
* `subtract`
 2020-05-07 08:53:08 -04:00