github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-06-29 09:54:06 -04:00
Code Issues Projects Releases Packages Wiki Activity
65465 commits 512 branches 439 tags 2.4 GiB
Commit graph

69 commits

Author SHA1 Message Date
James Rodewig
f56a0f4b66
[DOCS] Remove testenv annotations from doc snippet tests (#80023) 
Removes `testenv` annotations and related code. These annotations originally let you skip x-pack snippet tests in the docs. However, that's no longer possible.

Relates to #79309, #31619
 2021-11-05 18:38:50 -04:00
James Rodewig
a509205f52
[DOCS] EQL: Document optional fields (#80150) 
Adds new sections for optional fields and optional `by` fields. Also revises some existing content to define **join keys**.

Closes #79910

Relates to #79677
 2021-11-03 08:48:48 -04:00
James Rodewig
2aff5b290d
[DOCS] EQL: Update headings for syntax docs (#80100) 
Changes several H3s in the EQL syntax page to H4s. We previously bumped up several H4s to H3s to display them in the "On this page" TOC. With elastic/docs#2237, the TOC now displays H4s.

Relates to #65497.
 2021-10-29 17:06:54 -04:00
James Rodewig
2834b6d505
[DOCS] EQL: Consistently use 'statement' (#79020) 
* [DOCS] EQL: Consistently use 'statement'

We describe `with runs` as a 'statement.' This updates `with maxspan`
to use the same terminology.

* whitespace
 2021-10-12 20:17:22 -04:00
James Rodewig
e7ab7c82a7
[DOCS] Update runs syntax (#78922) 
Updates the EQL syntax docs for PR #78895.
 2021-10-11 10:40:10 -04:00
James Rodewig
c33e340a47
[DOCS] EQL: Document runs keyword (#78478) (#78518) 
Documents the `runs` keyword for running the same event criteria successively in a sequence query.

Relates to #75082.

# Conflicts:
#	docs/reference/release-notes/highlights.asciidoc
 2021-09-30 10:23:14 -04:00
James Rodewig
f02b10d68a
[DOCS] EQL: Remove multi-value field limitation (#76663) 
Changes:
* Removes the limitation for multi-value fields.
* Adds a recommendation to avoid complex expressions for Boolean comparisons to the `string` fn.

Relates to #76610.
 2021-08-19 09:20:48 -04:00
James Rodewig
3971522c65
[DOCS] EQL: Document cross-cluster search support (#74995) (#75045) 
Closes #74842.
 2021-07-07 09:41:07 -04:00
James Rodewig
d522c28533 [DOCS] Reword EQL limitations intro. 2021-07-01 10:24:32 -04:00
James Rodewig
c7d59f0a4d
[DOCS] EQL: Note EQL uses fields parameter (#74194) 2021-06-16 13:01:02 -04:00
James Rodewig
dc1bf6eff9
[DOCS] EQL: Note CCS is not supported (#72975) 2021-05-12 09:19:29 -04:00
James Rodewig
44f3551786
[DOCS] EQL: Use ECS example in EQL syntax docs (#72414) 2021-04-28 14:02:12 -04:00
James Rodewig
fdbea16e15
[DOCS] Move EQL event category section (#70955) 
Combines the basic syntax and event category sections for better visibility.
 2021-03-29 09:40:34 -04:00
James Rodewig
321f46e187
[DOCS] EQL: Document Unicode escape sequences (#70694) 2021-03-23 08:10:03 -04:00
James Rodewig
cbfe969634 [DOCS] EQL: Remove unneded words in escape sequence table 2021-03-22 16:45:49 -04:00
James Rodewig
3ff1a17a79
[DOCS] EQL: Document field existence checks (#69614) 2021-02-25 12:04:22 -05:00
James Rodewig
8e09c3d7bd
[DOCS] EQL: Clarify support for text fields (#69229) 2021-02-18 18:57:49 -05:00
James Rodewig
13a077bd59
[DOCS] EQL: Update differences from Endgame EQL syntax (#69124) 2021-02-17 10:11:51 -05:00
James Rodewig
5eb0a9528a
[DOCS] EQL: Document like and regex keywords (#68932) (#69052) 2021-02-16 11:34:03 -05:00
James Rodewig
293fcd4c41
[DOCS] EQL: Minor doc fixes (#68927) 2021-02-11 13:44:01 -05:00
James Rodewig
babf3eb081
[DOCS] EQL: Remove duplicate case-sensitivity info (#68860) 2021-02-10 14:27:29 -05:00
James Rodewig
ab3f8f5067
[DOCS] EQL: Add case-insensitive ~ operator (#68217) 
Documents the case-insensitive `~` operator for `in` and string functions.

Relates to #67869 and #68176
 2021-01-29 13:50:57 -05:00
James Rodewig
9b3bb56179
[DOCS] EQL: Move to GA (#65955) 2020-12-09 08:48:23 -05:00
James Rodewig
6a09df8520
[DOCS] EQL: Add diagrams for sequence matching (#65898) 2020-12-07 07:55:38 -05:00
James Rodewig
ef6fb59ec3
[DOCS] EQL: Document how sequence queries handle matches (#65794) 
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
 2020-12-04 09:34:38 -05:00
James Rodewig
2044caa667
[DOCS] EQL: Document ? wildcard (#65698) 2020-12-03 12:14:38 -05:00
Howard
bcea87f3a3
[DOCS] Fix EQL syntax formatting (#65711) 2020-12-02 08:51:39 -05:00
James Rodewig
1c3ddf8ff1
[DOCS] EQL: Flatten EQL syntax headings (#65693) 2020-12-01 12:56:12 -05:00
James Rodewig
a18b87ddc1
[DOCS] Flatten EQL syntax headings (#65497) 2020-11-25 10:30:24 -05:00
James Rodewig
b9ee0b3b48
[DOCS] EQL: Add lookup support to : operator (#65262) 2020-11-24 10:48:41 -05:00
James Rodewig
ce644909dc
[DOCS] EQL: Add wildcard support to : operator (#65237) 2020-11-19 08:26:13 -05:00
James Rodewig
b2b676d7d6 [DOCS] Remove italics formatting 2020-11-03 15:49:52 -05:00
James Rodewig
1c0380dc21
[DOCS] EQL: Fix operator docs (#64286) 2020-10-28 10:27:17 -04:00
James Rodewig
c6a13d1cee
[DOCS] EQL: Remove match fn (#63271) 2020-10-14 09:57:29 -04:00
James Rodewig
f41de1bdce
[DOCS] EQL: Add : operator, remove wildcard operator (#63195) 2020-10-14 09:06:37 -04:00
James Rodewig
8527183f91
[DOCS] EQL: Remove Endgame EQL refs (#63636) 2020-10-14 08:34:11 -04:00
James Rodewig
e0cc841a60
[DOCS] EQL: Document multi-value field support (#63622) 2020-10-13 12:26:07 -04:00
James Rodewig
04c8ad3ced
[DOCS] EQL: Move to beta (#63284) 2020-10-12 08:55:16 -04:00
James Rodewig
0aa0811aba
[DOCS] Make EQL case-sensitive by default (#63270) 2020-10-05 15:29:48 -04:00
James Rodewig
cb9e61fae5
[DOCS] EQL: Update grammary for escaped event categories (#63202) 2020-10-02 15:03:29 -04:00
James Rodewig
daef606de7
[DOCS] EQL: Replace ?"..." with """...""" for raw strings (#63191) 2020-10-02 11:20:24 -04:00
James Rodewig
1b878c8775
[DOCS] EQL: Reorganize EQL syntax sections (#63179) 2020-10-02 09:46:27 -04:00
James Rodewig
d8cfd569e6
[DOCS] Document escaped backticks for identifiers (#63079) 2020-09-30 11:56:23 -04:00
James Rodewig
844558069b
[DOCS] EQL: Clarify EQL docs (#62961) 2020-09-28 15:29:35 -04:00
James Rodewig
acac14a35f [DOCS] EQL: Note = is not an equality operator 2020-09-22 13:54:19 -04:00
James Rodewig
6b36be281a
[DOCS] EQL: Disallow chained comparisons (#62570) 2020-09-18 08:26:48 -04:00
James Rodewig
0e1aa14bc8
[DOCS] EQL: Remove support for single quote strings (#62479) 2020-09-17 09:19:04 -04:00
James Rodewig
db52f8485b [DOCS] EQL: Clarify wildcard operator 2020-09-16 11:05:00 -04:00
James Rodewig
9e325bb810 [DOCS] EQL: Make operator refs consistent 2020-09-16 11:03:09 -04:00
James Rodewig
7274b42a14 [DOCS] EQL: Move comparison operator defs 2020-09-16 10:54:02 -04:00