7f5b72741e
[DOCS] EQL: Correct EQL search API's `size` param def
...
The `size` parameter can be used to limit matching events or sequences.
2020-06-10 10:13:18 -04:00
6d7acd0d94
[DOCS] EQL: Document delete async search API ( #57732 )
2020-06-05 12:45:09 -04:00
d197a85ee5
Merge remote-tracking branch 'elastic/master' into feature/async-eql
2020-06-04 15:50:40 -04:00
b30cc2b399
[DOCS] EQL: Add `dev` admonition to EQL pages ( #57531 ) ( #57534 )
...
Adds the `dev` admonition to EQL features, which are in development
under a feature flag.
2020-06-02 11:04:56 -04:00
982f168fd8
[DOCS] EQL: Add `dev` admonition to EQL pages ( #57531 )
...
Adds the `dev` admonition to EQL features, which are in development
under a feature flag.
2020-06-02 10:47:53 -04:00
34c4505a2f
[DOCS] EQL: Fix hits param for sequences ( #57410 ) ( #57525 )
2020-06-02 09:38:21 -04:00
f1b8df93cd
[DOCS] EQL: Fix hits param for sequences ( #57410 )
2020-06-02 09:22:14 -04:00
8b9293b3bf
[DOCS] Replace docdir attribute with es-repo-dir ( #57489 )
2020-06-01 15:55:05 -07:00
78146bbca9
[DOCS] EQL: Document get async EQL search API ( #57366 )
2020-05-30 08:42:30 -04:00
39df45e156
Fix EQL doc tests after master merge
2020-05-27 09:19:50 -04:00
a301eab85b
Merge remote-tracking branch 'elastic/master' into feature/async-eql
2020-05-27 08:55:02 -04:00
8a086ba05d
[DOCS] EQL: Fix whitespace in EQL snippet
2020-05-19 17:04:20 -04:00
c13c7aa681
[DOCS] EQL: Add sequence example to tutorial ( #56965 )
...
Adds an example using the sequence syntax to the 'Run an EQL search'
tutorial.
Supplements other examples added with #56721
2020-05-19 15:59:18 -04:00
27cab68912
[DOCS] Add leading slashes to EQL API examples
2020-05-19 15:38:04 -04:00
a3b55d477b
[DOCS] EQL: Fix merge conflict in search API docs
2020-05-19 12:54:41 -04:00
0b557e4c93
[DOCS] EQL: Fix API example headings
2020-05-18 16:28:57 -04:00
dd2ac8ea04
Merge remote-tracking branch 'elastic/master' into feature/async-eql
2020-05-15 15:32:55 -04:00
19699af81e
[DOCS] EQL: Document `case_sensitive` param ( #56697 )
2020-05-15 09:21:11 -04:00
7c679614cd
[DOCS] EQL: Align comments in `between` fn examples
2020-05-15 09:20:27 -04:00
aa6c4928e8
[DOCS] EQL: Remove references to arrays/multi-value fields ( #56772 )
2020-05-15 09:08:02 -04:00
949a2927ed
[DOCS] EQL: Document `number` function ( #56770 )
...
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
2020-05-14 15:22:04 -04:00
aee5618001
[DOCS] EQL: Document async search submits ( #56704 )
2020-05-14 11:54:15 -04:00
15431f2447
[DOCS] EQL: Document sequences ( #56721 )
...
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
2020-05-14 11:01:07 -04:00
fcebd4fd02
EQL: Adds an ability to start an asynchronous EQL search ( #56631 )
...
Adds support for async searches to eql search API. This commit is limited to
only submitting search API requests and doesn't provide APIs to get results
nor delete the results. These functions will be added in follow up PRs.
Relates to #49638
2020-05-13 09:50:15 -04:00
918ef65c67
[DOCS] Sort EQL search API params alphabetically
2020-05-12 13:51:53 -04:00
883bb29152
[DOCS] EQL: Document math functions ( #55810 )
...
Documents the following EQL functions:
* `add`
* `divide`
* `module`
* `multiply`
* `subtract`
2020-05-07 08:53:08 -04:00
c7ac7e005c
[DOCS] EQL: Document `concat` function ( #56239 )
...
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
2020-05-05 16:41:59 -04:00
038c20b256
[DOCS] EQL: Add collapsible sections to EQL tutorial docs ( #56235 )
...
Adds collapsible sections to the snippet examples of the EQL tutorial
docs.
Also adds a leading slash to EQL API snippet examples.
2020-05-05 16:29:11 -04:00
80f503257b
[DOCS] EQL: Add collapsible sections to EQL search API response ( #56232 )
...
Add collapsible sections to the response parameter docs
of the EQL search API.
Also clarifies some language regarding documents and
events.
2020-05-05 15:59:19 -04:00
7156f40d46
[DOCS] EQL: Document `match` function ( #56134 )
2020-05-05 11:48:40 -04:00
e12419b276
[DOCS] EQL: Document nested field support ( #56138 )
...
Notes that you cannot use EQL in ES to search the values of `nested`
fields or their sub-fields. However, indices containing `nested` field
mappings are otherwise supported.
2020-05-05 11:26:20 -04:00
a7729c8e31
[DOCS] EQL: Remove case sensitivity from function docs ( #55063 )
...
Per #54411 , we plan to handle case sensitivity via a parameter for the
EQL search API (with the possible exception of the `between` function).
This removes references and examples related to case sensitivity from
the EQL functions docs.
2020-05-05 09:25:55 -04:00
991899ed47
[DOCS] EQL: Add advantages to overview ( #53452 )
...
Adds a concise list of EQL advantages, based on the "EQL Advantages"
section in the [EQL for the masses][0] blog post.
The intent is to inform users how EQL could benefit at a high level.
[0]: https://www.elastic.co/blog/eql-for-the-masses
Co-Authored-By: Ross Wolf <31489089+rw-access@users.noreply.github.com>
2020-04-30 12:57:32 -04:00
6c26c4b768
[DOCS] EQL: Correct `cidrMatch` function heading ( #55935 )
2020-04-29 10:01:20 -04:00
8918eefa9e
[DOCS] Update attribute for multi arg footnotes ( #55860 )
2020-04-29 08:57:21 -04:00
c69eda2d6a
[DOCS] EQL: Fix whitespace in `stringContains` docs
2020-04-27 15:52:16 -04:00
cde5fc1ac5
[DOCS] EQL: Document `stringContains` function ( #54968 )
2020-04-24 14:53:29 -04:00
32317a6910
[DOCS] Document EQL search REST API ( #52384 )
2020-04-24 14:25:33 -04:00
d22240443c
[DOCS] EQL: Document `cidrMatch` function ( #54216 )
2020-04-24 13:34:14 -04:00
b58e95d25c
[DOCS] Add admonition for EQL exact matches on text fields ( #53402 )
...
Adds a important admonition to the EQL syntax page noting that
the equal (`==`) operator should not be used to match `text` field
values.
Relates to #52709 and #53020
2020-04-23 09:53:02 -04:00
881b214619
[DOCS] EQL: Document `indexOf` function ( #55071 )
2020-04-15 11:28:33 -04:00
9bb621be9d
[DOCS] Use consistent line breaks in EQL function docs
2020-04-14 10:15:49 -04:00
28ff719787
[DOCS] EQL: Document `string` function ( #55086 )
2020-04-13 11:23:01 -04:00
fa138ed1e5
[DOCS] EQL: Reword field support for EQL functions ( #55074 )
...
Changes boilerplate sentence of "If using a field as the argument, this
parameter only supports..." to "...this parameter supports only...".
The latter is a bit more clear and readable.
2020-04-10 15:31:20 -04:00
33dc417bd0
[DOCS] EQL: Document `wildcard` function ( #54086 )
2020-04-10 09:17:41 -04:00
7aef7b3ebc
[DOCS] EQL: Document `between` function ( #54950 )
2020-04-08 13:30:50 -04:00
7738ed40ff
[DOCS] EQL: Document `length` function ( #54225 )
2020-04-01 11:17:14 -04:00
e86e148ee4
[DOCS] EQL: Document `endsWith` function ( #54521 )
2020-04-01 10:13:47 -04:00
d614b7f358
[DOCS] EQL: Document `startsWith` function ( #54518 )
2020-04-01 09:15:53 -04:00
658a331245
[DOCS] EQL: Add search/index speed tip for functions ( #54346 )
...
EQL functions are an easy way for users to transform indexed data
at search time. However, using multiple functions can make
queries difficult to write and slows search speeds.
Users can circumvent this by indexing fields containing the transformed
data, but that usually slows index speeds.
This adds a related tip and example covering these tradeoffs.
2020-04-01 08:21:35 -04:00
James Rodewig
Igor Motov
Lisa Cawley