From d247e8f7a697f377967f5857133c8088f1fdcf78 Mon Sep 17 00:00:00 2001 From: James Rodewig Date: Tue, 12 May 2020 13:49:22 -0400 Subject: [PATCH] [DOCS] Sort EQL search API params alphabetically --- docs/reference/eql/eql-search-api.asciidoc | 50 +++++++++++----------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/docs/reference/eql/eql-search-api.asciidoc b/docs/reference/eql/eql-search-api.asciidoc index 15ebac268fe..063e66de200 100644 --- a/docs/reference/eql/eql-search-api.asciidoc +++ b/docs/reference/eql/eql-search-api.asciidoc @@ -84,13 +84,6 @@ include::{docdir}/rest-api/common-parms.asciidoc[tag=index-ignore-unavailable] [[eql-search-api-request-body]] ==== {api-request-body-title} -`query`:: -(Required, string) -<> query you wish to run. -+ -IMPORTANT: This parameter supports a subset of EQL syntax. See -<>. - `event_category_field`:: (Required*, string) Field containing the event classification, such as `process`, `file`, or @@ -100,6 +93,31 @@ Defaults to `event.category`, as defined in the {ecs-ref}/ecs-event.html[Elastic Common Schema (ECS)]. If an index does not contain the `event.category` field, this value is required. +`filter`:: +(Optional, <>) +Query, written in query DSL, used to filter the events on which the EQL query +runs. + +`implicit_join_key_field`:: +(Optional, string) +Reserved for future use. + +`query`:: +(Required, string) +<> query you wish to run. ++ +IMPORTANT: This parameter supports a subset of EQL syntax. See +<>. + +`search_after`:: +(Optional, string) +Reserved for future use. + +`size`:: +(Optional, integer or float) +Maximum number of matching events to return. Defaults to `50`. Values must be +greater than `0`. + [[eql-search-api-timestamp-field]] `timestamp_field`:: + @@ -116,24 +134,6 @@ milliseconds since the https://en.wikipedia.org/wiki/Unix_time[Unix epoch], in ascending order. -- -`implicit_join_key_field`:: -(Optional, string) -Reserved for future use. - -`filter`:: -(Optional, <>) -Query, written in query DSL, used to filter the events on which the EQL query -runs. - -`search_after`:: -(Optional, string) -Reserved for future use. - -`size`:: -(Optional, integer or float) -Maximum number of matching events to return. Defaults to `50`. Values must be -greater than `0`. - [role="child_attributes"] [[eql-search-api-response-body]] ==== {api-response-body-title}