honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[DOCS] EQL: Fix whitespace in EQL snippet

This commit is contained in:
James Rodewig 2020-05-19 17:04:20 -04:00
parent f6d2688de2
commit cc12361a82
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/reference/eql/search.asciidoc
View File

@ -279,7 +279,7 @@ prior one.
GET /sec_logs/_eql/search GET /sec_logs/_eql/search
{ {
"query": """ "query": """
sequence by agent.id sequence by agent.id
[ file where file.name == "cmd.exe" ] [ file where file.name == "cmd.exe" ]
[ process where stringContains(process.name, "regsvr32") ] [ process where stringContains(process.name, "regsvr32") ]
""" """