[DOCS] EQL: date_nanos timestamp is not supported (#63101) (#63103)

This commit is contained in:
James Rodewig 2020-09-30 17:45:00 -04:00 committed by GitHub
parent 8c6e197f51
commit 700bfb156d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 4 deletions

View File

@ -260,8 +260,8 @@ Events in the API response are sorted by this field's value, converted to
milliseconds since the {wikipedia}/Unix_time[Unix epoch], in
ascending order.
The timestamp field is typically mapped as a <<date,`date`>> or
<<date_nanos,`date_nanos`>> field.
The timestamp field should be mapped as a <<date,`date`>>. The
<<date_nanos,`date_nanos`>> field type is not supported.
--
[[eql-search-api-wait-for-completion-timeout]]

View File

@ -405,8 +405,9 @@ in the search request using the `timestamp_field` or `event_category_field`
parameters.
The event category field is typically mapped as a field type in the
<<keyword,`keyword`>> family. The timestamp field is typically mapped as a
<<date,`date`>> or <<date_nanos,`date_nanos`>> field.
<<keyword,`keyword`>> family. The timestamp field should be mapped as a
<<date,`date`>> field type. <<date_nanos,`date_nanos`>> timestamp fields are not
supported.
NOTE: You cannot use a <<nested,`nested`>> field or the sub-fields of a `nested`
field as the timestamp or event category field. See <<eql-nested-fields>>.