diff --git a/docs/reference/eql/search.asciidoc b/docs/reference/eql/search.asciidoc
index b61a2da6359..9a31453ccb2 100644
--- a/docs/reference/eql/search.asciidoc
+++ b/docs/reference/eql/search.asciidoc
@@ -279,7 +279,7 @@ prior one.
 GET /sec_logs/_eql/search
 {
   "query": """
-    sequence  by agent.id
+    sequence by agent.id
       [ file where file.name == "cmd.exe" ]
       [ process where stringContains(process.name, "regsvr32") ]
   """