ab3f8f5067
[DOCS] EQL: Add case-insensitive `~` operator ( #68217 )
...
Documents the case-insensitive `~` operator for `in` and string functions.
Relates to #67869 and #68176
2021-01-29 13:50:57 -05:00
c4ab89f3f7
[DOCS] EQL: Add security privileges to EQL search docs ( #68017 )
2021-01-27 16:25:05 -05:00
cb3e0051e0
[DOCS] Make cat API verbose query param explicit ( #67300 )
2021-01-11 17:19:23 -05:00
14b381a2ad
[DOCS] EQL: Change `result_position` default to `tail` ( #66550 )
2020-12-18 08:38:45 -05:00
9b3bb56179
[DOCS] EQL: Move to GA ( #65955 )
2020-12-09 08:48:23 -05:00
6a09df8520
[DOCS] EQL: Add diagrams for sequence matching ( #65898 )
2020-12-07 07:55:38 -05:00
ef6fb59ec3
[DOCS] EQL: Document how sequence queries handle matches ( #65794 )
...
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
2020-12-04 09:34:38 -05:00
2044caa667
[DOCS] EQL: Document ? wildcard ( #65698 )
2020-12-03 12:14:38 -05:00
bcea87f3a3
[DOCS] Fix EQL syntax formatting ( #65711 )
2020-12-02 08:51:39 -05:00
1c3ddf8ff1
[DOCS] EQL: Flatten EQL syntax headings ( #65693 )
2020-12-01 12:56:12 -05:00
ac1dbb7ffd
[DOCS] EQL: Remove outdated wildcard ref ( #65684 )
2020-12-01 11:30:17 -05:00
a18b87ddc1
[DOCS] Flatten EQL syntax headings ( #65497 )
2020-11-25 10:30:24 -05:00
b9ee0b3b48
[DOCS] EQL: Add lookup support to `:` operator ( #65262 )
2020-11-24 10:48:41 -05:00
ce644909dc
[DOCS] EQL: Add wildcard support to `:` operator ( #65237 )
2020-11-19 08:26:13 -05:00
36d308bc23
[DOCS] EQL: Update docs for null tiebreakers ( #65078 )
2020-11-17 09:31:49 -05:00
254807956f
[DOCS] EQL: Document result_position param ( #65075 )
2020-11-17 09:07:51 -05:00
fb1936bed1
[DOCS] EQL: Fix tiebreaker field docs ( #64671 )
...
Corrects the EQL docs to remove `event.sequence` as the default `tiebreaker_field` value.
2020-11-06 09:05:18 -05:00
b2b676d7d6
[DOCS] Remove italics formatting
2020-11-03 15:49:52 -05:00
1ea83359bb
[DOCS] Fix case for 'Boolean' ( #64299 )
2020-10-29 09:04:43 -04:00
1c0380dc21
[DOCS] EQL: Fix operator docs ( #64286 )
2020-10-28 10:27:17 -04:00
5953a90505
[DOCS] Remove unneeded words in EQL docs
2020-10-24 20:27:34 -04:00
4c22ca3eed
[DOCS] Tighten async EQL copy ( #64106 )
2020-10-24 14:14:30 -04:00
f6bce6194f
[DOCS] Tighten EQL copy ( #64081 )
2020-10-24 10:49:05 -04:00
3deebc2804
[DOCS] Fix typo
2020-10-19 14:44:12 -04:00
71aaa4ae0a
[DOCS] EQL: Update `allow_no_indices` default ( #63748 )
...
Co-authored-by: Adam Locke <adam.locke@elastic.co>
2020-10-19 12:14:23 -04:00
505b03768a
[DOCS] Reword EQL intro
2020-10-14 10:02:45 -04:00
c6a13d1cee
[DOCS] EQL: Remove `match` fn ( #63271 )
2020-10-14 09:57:29 -04:00
857c2d1cd4
[DOCS] Update `ignore_unavailable` default for EQL search API ( #63210 )
2020-10-14 09:36:11 -04:00
f41de1bdce
[DOCS] EQL: Add `:` operator, remove wildcard operator ( #63195 )
2020-10-14 09:06:37 -04:00
8527183f91
[DOCS] EQL: Remove Endgame EQL refs ( #63636 )
2020-10-14 08:34:11 -04:00
d7c5d37697
[DOCS] Remove unneeded word in EQL docs
2020-10-13 13:56:56 -04:00
e0cc841a60
[DOCS] EQL: Document multi-value field support ( #63622 )
2020-10-13 12:26:07 -04:00
04c8ad3ced
[DOCS] EQL: Move to beta ( #63284 )
2020-10-12 08:55:16 -04:00
0aa0811aba
[DOCS] Make EQL case-sensitive by default ( #63270 )
2020-10-05 15:29:48 -04:00
7550e0664c
Remove case_sensitive request option ( #63218 )
...
Make EQL case sensitive by default and adapt some of the string functions
Remove the case sensitive option from Between string function
Add case_insensitive option to term and wildcard queries usage
2020-10-05 16:53:25 +03:00
cb9e61fae5
[DOCS] EQL: Update grammary for escaped event categories ( #63202 )
2020-10-02 15:03:29 -04:00
daef606de7
[DOCS] EQL: Replace ?"..." with """...""" for raw strings ( #63191 )
2020-10-02 11:20:24 -04:00
1b878c8775
[DOCS] EQL: Reorganize EQL syntax sections ( #63179 )
2020-10-02 09:46:27 -04:00
15d4d9597c
[DOCS] EQL: date_nanos timestamp is not supported ( #63101 )
2020-09-30 17:31:24 -04:00
d8cfd569e6
[DOCS] Document escaped backticks for identifiers ( #63079 )
2020-09-30 11:56:23 -04:00
844558069b
[DOCS] EQL: Clarify EQL docs ( #62961 )
2020-09-28 15:29:35 -04:00
acac14a35f
[DOCS] EQL: Note = is not an equality operator
2020-09-22 13:54:19 -04:00
ad5ae4d887
EQL: Remove support for `=` for comparisons ( #62756 )
...
Since `=` is rarely used and is undocumented we its support for
equality comparisons keeping `==` as the only option. `=` is now only
used for assignments like in `maxspan=10m`.
Closes : #62650
2020-09-22 17:37:37 +02:00
74ffbe7dcc
[DOCS] EQL: Style fixes
2020-09-21 19:43:19 -04:00
79a0a6406a
[DOCS] EQL: Style fixes
2020-09-21 18:41:21 -04:00
543919cea7
[DOCS] EQL: Improve regsvr32 misuse explanation ( #62722 )
...
Expands the introduction to better explain what regsvr32 misuse is and
how it works at a high level.
2020-09-21 18:36:35 -04:00
6b36be281a
[DOCS] EQL: Disallow chained comparisons ( #62570 )
2020-09-18 08:26:48 -04:00
0e1aa14bc8
[DOCS] EQL: Remove support for single quote strings ( #62479 )
2020-09-17 09:19:04 -04:00
86a0f15733
[DOCS] EQL: Use consistent string notation ( #62472 )
2020-09-16 11:29:52 -04:00
db52f8485b
[DOCS] EQL: Clarify wildcard operator
2020-09-16 11:05:00 -04:00
James Rodewig
Howard
Andrei Stefan
Marios Trivyzas