github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-06-28 17:34:17 -04:00
Code Issues Projects Releases Packages Wiki Activity
58439 commits 511 branches 439 tags 2.4 GiB
Commit graph

185 commits

Author SHA1 Message Date
Adam Locke
6dfd92c46f
[DOCS] Focus retrieving selected fields on fields parameter (#71506) 
* [DOCS] Focus retrieving selected fields on fields parameter

* Incorporating changes from reviews

* Adding clarifications from review feedback

* Slight wording revisions.

* Clarify language around format parameter and move text out of callout.
 2021-04-20 15:11:35 -04:00
James Rodewig
07fade1d27
[DOCS] EQL/SQL: Document runtime_fields parameter (#71487) 2021-04-19 09:15:12 -04:00
James Rodewig
de228ee153
[DOCS] Reorder EQL sections. Remove duplicated content. (#71477) 2021-04-08 10:45:33 -04:00
James Rodewig
f41320616c
[DOCS] Refactor data stream setup tutorial (#71074) 2021-03-31 17:28:55 -04:00
James Rodewig
693807a6d3
[DOCS] Fix double spaces (#71082) 2021-03-31 09:57:47 -04:00
James Rodewig
fdbea16e15
[DOCS] Move EQL event category section (#70955) 
Combines the basic syntax and event category sections for better visibility.
 2021-03-29 09:40:34 -04:00
James Rodewig
6504b541e9
[DOCS] EQL: Use data streams in docs (#70822) 2021-03-25 09:41:06 -04:00
James Rodewig
321f46e187
[DOCS] EQL: Document Unicode escape sequences (#70694) 2021-03-23 08:10:03 -04:00
James Rodewig
cbfe969634 [DOCS] EQL: Remove unneded words in escape sequence table 2021-03-22 16:45:49 -04:00
James Rodewig
75b0917ca1
[DOCS] Fix EQL heading levels (#70255) 
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
 2021-03-10 14:20:22 -05:00
James Rodewig
5bf7a0a995 [DOCS] Add fields param xref 2021-03-08 16:40:11 -05:00
James Rodewig
783769d8d9
[DOCS] Add fields parameter to EQL search API (#69634) 2021-03-01 12:00:27 -05:00
James Rodewig
593cac391d [DOCS] Make whitespace consistent in JSON snippets 2021-02-25 16:12:47 -05:00
James Rodewig
3ff1a17a79
[DOCS] EQL: Document field existence checks (#69614) 2021-02-25 12:04:22 -05:00
James Rodewig
8e09c3d7bd
[DOCS] EQL: Clarify support for text fields (#69229) 2021-02-18 18:57:49 -05:00
James Rodewig
31fc59efdf
[DOCS] Fix capitalization for Query DSL (#69236) 2021-02-18 18:57:19 -05:00
James Rodewig
13a077bd59
[DOCS] EQL: Update differences from Endgame EQL syntax (#69124) 2021-02-17 10:11:51 -05:00
James Rodewig
5eb0a9528a
[DOCS] EQL: Document like and regex keywords (#68932) (#69052) 2021-02-16 11:34:03 -05:00
James Rodewig
293fcd4c41
[DOCS] EQL: Minor doc fixes (#68927) 2021-02-11 13:44:01 -05:00
Mayya Sharipova
6521d2af27
Introduce eql search status API (#68065) 
Introduce eql search status API,
that reports the status of eql stored or async search.

GET _eql/search/status/<id>

The API is restricted to the monitoring_user role.

For a running eql search, a response has the following format:

{
  "id" : <id>,
  "is_running" : true,
  "is_partial" : true,
  "start_time_in_millis" : 1611690235000,
  "expiration_time_in_millis" : 1611690295000
}

For a completed eql search, a response has the following format:

{
  "id" : <id>,
  "is_running" : false,
  "is_partial" : false,
  "expiration_time_in_millis" : 1611690295000,
  "completion_status" : 200
}

Closes #66955
 2021-02-11 09:30:13 -05:00
James Rodewig
babf3eb081
[DOCS] EQL: Remove duplicate case-sensitivity info (#68860) 2021-02-10 14:27:29 -05:00
James Rodewig
6378c57ca0
[DOCS] EQL: Add filter_path param to EQL search API docs (#68537) 2021-02-04 13:39:01 -05:00
James Rodewig
ab3f8f5067
[DOCS] EQL: Add case-insensitive ~ operator (#68217) 
Documents the case-insensitive `~` operator for `in` and string functions.

Relates to #67869 and #68176
 2021-01-29 13:50:57 -05:00
James Rodewig
c4ab89f3f7
[DOCS] EQL: Add security privileges to EQL search docs (#68017) 2021-01-27 16:25:05 -05:00
James Rodewig
cb3e0051e0
[DOCS] Make cat API verbose query param explicit (#67300) 2021-01-11 17:19:23 -05:00
James Rodewig
14b381a2ad
[DOCS] EQL: Change result_position default to tail (#66550) 2020-12-18 08:38:45 -05:00
James Rodewig
9b3bb56179
[DOCS] EQL: Move to GA (#65955) 2020-12-09 08:48:23 -05:00
James Rodewig
6a09df8520
[DOCS] EQL: Add diagrams for sequence matching (#65898) 2020-12-07 07:55:38 -05:00
James Rodewig
ef6fb59ec3
[DOCS] EQL: Document how sequence queries handle matches (#65794) 
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
 2020-12-04 09:34:38 -05:00
James Rodewig
2044caa667
[DOCS] EQL: Document ? wildcard (#65698) 2020-12-03 12:14:38 -05:00
Howard
bcea87f3a3
[DOCS] Fix EQL syntax formatting (#65711) 2020-12-02 08:51:39 -05:00
James Rodewig
1c3ddf8ff1
[DOCS] EQL: Flatten EQL syntax headings (#65693) 2020-12-01 12:56:12 -05:00
James Rodewig
ac1dbb7ffd
[DOCS] EQL: Remove outdated wildcard ref (#65684) 2020-12-01 11:30:17 -05:00
James Rodewig
a18b87ddc1
[DOCS] Flatten EQL syntax headings (#65497) 2020-11-25 10:30:24 -05:00
James Rodewig
b9ee0b3b48
[DOCS] EQL: Add lookup support to : operator (#65262) 2020-11-24 10:48:41 -05:00
James Rodewig
ce644909dc
[DOCS] EQL: Add wildcard support to : operator (#65237) 2020-11-19 08:26:13 -05:00
James Rodewig
36d308bc23
[DOCS] EQL: Update docs for null tiebreakers (#65078) 2020-11-17 09:31:49 -05:00
James Rodewig
254807956f
[DOCS] EQL: Document result_position param (#65075) 2020-11-17 09:07:51 -05:00
James Rodewig
fb1936bed1
[DOCS] EQL: Fix tiebreaker field docs (#64671) 
Corrects the EQL docs to remove `event.sequence` as the default `tiebreaker_field` value.
 2020-11-06 09:05:18 -05:00
James Rodewig
b2b676d7d6 [DOCS] Remove italics formatting 2020-11-03 15:49:52 -05:00
James Rodewig
1ea83359bb
[DOCS] Fix case for 'Boolean' (#64299) 2020-10-29 09:04:43 -04:00
James Rodewig
1c0380dc21
[DOCS] EQL: Fix operator docs (#64286) 2020-10-28 10:27:17 -04:00
James Rodewig
5953a90505 [DOCS] Remove unneeded words in EQL docs 2020-10-24 20:27:34 -04:00
James Rodewig
4c22ca3eed
[DOCS] Tighten async EQL copy (#64106) 2020-10-24 14:14:30 -04:00
James Rodewig
f6bce6194f
[DOCS] Tighten EQL copy (#64081) 2020-10-24 10:49:05 -04:00
James Rodewig
3deebc2804 [DOCS] Fix typo 2020-10-19 14:44:12 -04:00
James Rodewig
71aaa4ae0a
[DOCS] EQL: Update allow_no_indices default (#63748) 
Co-authored-by: Adam Locke <adam.locke@elastic.co>
 2020-10-19 12:14:23 -04:00
James Rodewig
505b03768a [DOCS] Reword EQL intro 2020-10-14 10:02:45 -04:00
James Rodewig
c6a13d1cee
[DOCS] EQL: Remove match fn (#63271) 2020-10-14 09:57:29 -04:00
James Rodewig
857c2d1cd4
[DOCS] Update ignore_unavailable default for EQL search API (#63210) 2020-10-14 09:36:11 -04:00