From b54133399e0d6ce4766b26fde3e75be94444841f Mon Sep 17 00:00:00 2001
From: James Rodewig <40268737+jrodewig@users.noreply.github.com>
Date: Tue, 17 Nov 2020 10:41:06 -0500
Subject: [PATCH] [DOCS] EQL: Document result_position param (#65075) (#65135)

---
 docs/reference/eql/eql-search-api.asciidoc | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/docs/reference/eql/eql-search-api.asciidoc b/docs/reference/eql/eql-search-api.asciidoc
index 64643e896fb..8067a3002fa 100644
--- a/docs/reference/eql/eql-search-api.asciidoc
+++ b/docs/reference/eql/eql-search-api.asciidoc
@@ -146,6 +146,7 @@ used.
 ====
 --
 
+[role="child_attributes"]
 [[eql-search-api-request-body]]
 ==== {api-request-body-title}
 
@@ -229,6 +230,26 @@ If both parameters are specified, only the query parameter is used.
 (Required, string)
 <<eql-syntax,EQL>> query you wish to run.
 
+`result_position`::
+(Optional, enum)
+Set of matching events or sequences to return.
++
+.Valid values for `result_position`
+[%collapsible%open]
+====
+`head`::
+(Default)
+Return the earliest matches, similar to the {wikipedia}/Head_(Unix)[Unix head
+command].
+
+`tail`::
+Return the most recent matches, similar to the {wikipedia}/Tail_(Unix)[Unix tail
+command].
+====
++
+NOTE: This parameter may change the set of returned hits. However, it does not
+change the sort order of hits in the response.
+
 `size`::
 (Optional, integer or float)
 For <<eql-basic-syntax,basic queries>>, the maximum number of matching events to