honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[DOCS] EQL: Remove `match` fn (#63271) (#63677)

This commit is contained in:
James Rodewig 2020-10-14 10:13:00 -04:00 committed by GitHub
parent 5fc25442c4
commit bd7633482b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
docs/reference/eql/functions.asciidoc
View File

@ -547,66 +547,6 @@ field data types:
*Returns:* integer or `null` *Returns:* integer or `null`
[discrete]
[[eql-fn-match]]
=== `match`
Returns `true` if a source string matches one or more provided regular
expressions. Matching is case-sensitive.
*Example*
[source,eql]
----
match("explorer.exe", "[a-z]*?.exe") // returns true
match("explorer.exe", "[a-z]*?.exe", "[1-9]") // returns true
match("explorer.exe", "[1-9]") // returns false
match("explorer.exe", "") // returns false
// process.name = "explorer.exe"
match(process.name, "[a-z]*?.exe") // returns true
match(process.name, "[a-z]*?.exe", "[1-9]") // returns true
match(process.name, "[1-9]") // returns false
match(process.name, "") // returns false
// null handling
match(null, "[a-z]*?.exe") // returns null
----
*Syntax*
[source,txt]
----
match(<source>, <reg_exp>[, ...])
----
*Parameters*
`<source>`::
+
--
(Required, string or `null`)
Source string. If `null`, the function returns `null`.
If using a field as the argument, this parameter supports only the following
field data types:
* A type in the <<keyword,`keyword`>> family
* <<text,`text`>> field with a <<keyword,`keyword`>> sub-field
--
`<reg_exp>`::
+
--
(Required{multi-arg-ref}, string)
Regular expression used to match the source string. For supported syntax, see
<<regexp-syntax>>.
https://docs.oracle.com/javase/tutorial/essential/regex/pre_char_classes.html[Predefined
character classes] are not supported.
Fields are not supported as arguments.
--
*Returns:* boolean or `null`
[discrete] [discrete]
[[eql-fn-modulo]] [[eql-fn-modulo]]
=== `modulo` === `modulo`

2
docs/reference/eql/syntax.asciidoc
View File

@ -726,6 +726,8 @@ three double quotes (`"""`) instead.
*** {eql-ref}/functions.html#arrayCount[`arrayCount`] *** {eql-ref}/functions.html#arrayCount[`arrayCount`]
*** {eql-ref}/functions.html#arraySearch[`arraySearch`] *** {eql-ref}/functions.html#arraySearch[`arraySearch`]
** The {eql-ref}//functions.html#match[`match`] function
** {eql-ref}/joins.html[Joins] ** {eql-ref}/joins.html[Joins]
** {eql-ref}/basic-syntax.html#event-relationships[Lineage-related keywords]: ** {eql-ref}/basic-syntax.html#event-relationships[Lineage-related keywords]: