honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-03-02 08:59:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

[DOCS] EQL: Fix whitespace in EQL snippet

Browse Source
This commit is contained in:
James Rodewig 2020-05-19 17:04:20 -04:00
parent f6d2688de2
commit cc12361a82
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/reference/eql/search.asciidoc
View File

@ -279,7 +279,7 @@ prior one.
GET /sec_logs/_eql/search
{
"query": """
sequence by agent.id
sequence by agent.id
[ file where file.name == "cmd.exe" ]
[ process where stringContains(process.name, "regsvr32") ]
"""