[DOCS] EQL: Remove wildcard function (#72121)

2025-06-28 17:34:17 -04:00 · 2021-04-22 15:49:07 -04:00 · 2021-04-22 15:49:07 -04:00 · f8d2578ede
commit f8d2578ede
parent 39fee5e908
3 changed files with 18 additions and 73 deletions
--- a/docs/reference/eql/functions.asciidoc
+++ b/docs/reference/eql/functions.asciidoc
@ -1022,76 +1022,3 @@ If using a field as the argument, this parameter supports only
 <<number,`numeric`>> field data types.

 *Returns:* integer, float, or `null`
-
-[discrete]
-[[eql-fn-wildcard]]
-=== `wildcard`
-
-Returns `true` if a source string matches one or more provided wildcard
-expressions. Matching is case-sensitive by default.
-
-*Example*
-[source,eql]
----
-// The * wildcard matches zero or more characters.
-// process.name = "regsvr32.exe"
-wildcard(process.name, "*regsvr32*")                // returns true
-wildcard(process.name, "*Regsvr32*")                // returns false
-wildcard(process.name, "*regsvr32*", "*explorer*")  // returns true
-wildcard(process.name, "*explorer*")                // returns false
-wildcard(process.name, "*explorer*", "*scrobj*")    // returns false
-
-// Make matching case-insensitive
-wildcard~(process.name, "*Regsvr32*")                // returns true
-
-// The ? wildcard matches exactly one character.
-// process.name = "regsvr32.exe"
-wildcard(process.name, "regsvr32.e?e")                  // returns true
-wildcard(process.name, "regsvr32.e?e", "e?plorer.exe")  // returns true
-wildcard(process.name, "regsvr32.exe?")                 // returns false
-wildcard(process.name, "e?plorer.exe")                  // returns false
-wildcard(process.name, "e?plorer.exe", "scrob?.dll")    // returns false
-
-// empty strings
-wildcard("", "*start*")                             // returns false
-wildcard("", "*")                                   // returns true
-wildcard("", "?")                                   // returns false
-wildcard("", "")                                    // returns true
-
-// null handling
-wildcard(null, "*regsvr32*")                        // returns null
-wildcard(process.name, null)                        // returns null
----
-
-*Syntax*
-[source,txt]
----
-wildcard(<source>, <wildcard_exp>[, ...])
----
-
-*Parameters*
-
-`<source>`::
-+
--
-(Required, string)
-Source string. If `null`, the function returns `null`.
-
-If using a field as the argument, this parameter supports only the following
-field data types:
-
-* A type in the <<keyword,`keyword`>> family
-* <<text,`text`>> field with a <<keyword,`keyword`>> sub-field
--
-
-`<wildcard_exp>`::
-+
--
-(Required{multi-arg-ref}, string)
-Wildcard expression used to match the source string. The `*` wildcard matches
-zero or more characters. The `?` wildcard matches exactly one character.
-
-If `null`, the function returns `null`. Fields are not supported as arguments.
--
-
-*Returns:* boolean