From 9b10d0b3af356926bdefe54a1015290be1f5d1c5 Mon Sep 17 00:00:00 2001
From: James Rodewig <40268737+jrodewig@users.noreply.github.com>
Date: Wed, 16 Sep 2020 10:41:56 -0400
Subject: [PATCH] [DOCS] EQL: Add xrefs to EQL intro

---
 docs/reference/eql/eql.asciidoc | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/docs/reference/eql/eql.asciidoc b/docs/reference/eql/eql.asciidoc
index 34a0467f2bd..fc8890bc859 100644
--- a/docs/reference/eql/eql.asciidoc
+++ b/docs/reference/eql/eql.asciidoc
@@ -20,8 +20,8 @@ Many query languages allow you to match only single events. EQL lets you match a
 sequence of events across different event categories and time spans.
 
 * *EQL has a low learning curve.* +
-EQL syntax looks like other query languages. It lets you write and read queries
-intuitively, which makes for quick, iterative searching.
+<<eql-syntax,EQL syntax>> looks like other query languages. It lets you write
+and read queries intuitively, which makes for quick, iterative searching.
 
 * *We designed EQL for security use cases.* +
 While you can use EQL for any event-based data, we created EQL for threat
@@ -49,7 +49,8 @@ request. See <<specify-a-timestamp-or-event-category-field>>.
 [[run-an-eql-search]]
 == Run an EQL search
 
-You can use the <<eql-search-api,EQL search API>> to run an EQL search.
+You can use the <<eql-search-api,EQL search API>> to run an EQL search. For
+supported query syntax, see <<eql-syntax>>.
 
 The following request searches `my-index-000001` for events with an
 `event.category` of `process` and a `process.name` of `regsvr32.exe`. Each