OpenSearch/docs/reference/eql/limitations.asciidoc

[role="xpack"]
[testenv="basic"]
[[eql-limitations]]
== EQL limitations
++++
<titleabbrev>Limitations</titleabbrev>
++++

experimental::[]

[discrete]
[[eql-unsupported-syntax]]
=== Unsupported syntax

{es} supports a subset of {eql-ref}/index.html[EQL syntax]. {es} cannot run EQL
queries that contain:

* {eql-ref}/functions.html[Functions]

* {eql-ref}/joins.html[Joins]

* {eql-ref}/basic-syntax.html#event-relationships[Lineage-related keywords]:
** `child of`
** `descendant of`
** `event of`

* {eql-ref}/pipes.html[Pipes]

* {eql-ref}/sequences.html[Sequences]
[DOCS] Add EQL limitations page (#52001) Documents limitations for EQL in Elasticsearch. 2020-02-12 08:45:15 -05:00			`[role="xpack"]`
			`[testenv="basic"]`
			`[[eql-limitations]]`
			`== EQL limitations`
			`++++`
			`<titleabbrev>Limitations</titleabbrev>`
			`++++`

			`experimental::[]`

			`[discrete]`
			`[[eql-unsupported-syntax]]`
			`=== Unsupported syntax`

			`{es} supports a subset of {eql-ref}/index.html[EQL syntax]. {es} cannot run EQL`
			`queries that contain:`

			`* {eql-ref}/functions.html[Functions]`

			`* {eql-ref}/joins.html[Joins]`

			`* {eql-ref}/basic-syntax.html#event-relationships[Lineage-related keywords]:`
			** `child of`
			** `descendant of`
			** `event of`

			`* {eql-ref}/pipes.html[Pipes]`

			`* {eql-ref}/sequences.html[Sequences]`