honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[DOCS] Sort EQL search API params alphabetically

This commit is contained in:
James Rodewig 2020-05-12 13:49:22 -04:00
parent c104c9a11b
commit d247e8f7a6
1 changed files with 25 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
docs/reference/eql/eql-search-api.asciidoc
View File

@ -84,13 +84,6 @@ include::{docdir}/rest-api/common-parms.asciidoc[tag=index-ignore-unavailable]
[[eql-search-api-request-body]] [[eql-search-api-request-body]]
==== {api-request-body-title} ==== {api-request-body-title}
`query`::
(Required, string)
<<eql-syntax,EQL>> query you wish to run.
+
IMPORTANT: This parameter supports a subset of EQL syntax. See
<<eql-unsupported-syntax>>.
`event_category_field`:: `event_category_field`::
(Required*, string) (Required*, string)
Field containing the event classification, such as `process`, `file`, or Field containing the event classification, such as `process`, `file`, or
@ -100,6 +93,31 @@ Defaults to `event.category`, as defined in the {ecs-ref}/ecs-event.html[Elastic
Common Schema (ECS)]. If an index does not contain the `event.category` field, Common Schema (ECS)]. If an index does not contain the `event.category` field,
this value is required. this value is required.
`filter`::
(Optional, <<query-dsl,query DSL object>>)
Query, written in query DSL, used to filter the events on which the EQL query
runs.
`implicit_join_key_field`::
(Optional, string)
Reserved for future use.
`query`::
(Required, string)
<<eql-syntax,EQL>> query you wish to run.
+
IMPORTANT: This parameter supports a subset of EQL syntax. See
<<eql-unsupported-syntax>>.
`search_after`::
(Optional, string)
Reserved for future use.
`size`::
(Optional, integer or float)
Maximum number of matching events to return. Defaults to `50`. Values must be
greater than `0`.
[[eql-search-api-timestamp-field]] [[eql-search-api-timestamp-field]]
`timestamp_field`:: `timestamp_field`::
+ +
@ -116,24 +134,6 @@ milliseconds since the https://en.wikipedia.org/wiki/Unix_time[Unix epoch], in
ascending order. ascending order.
-- --
`implicit_join_key_field`::
(Optional, string)
Reserved for future use.
`filter`::
(Optional, <<query-dsl,query DSL object>>)
Query, written in query DSL, used to filter the events on which the EQL query
runs.
`search_after`::
(Optional, string)
Reserved for future use.
`size`::
(Optional, integer or float)
Maximum number of matching events to return. Defaults to `50`. Values must be
greater than `0`.
[role="child_attributes"] [role="child_attributes"]
[[eql-search-api-response-body]] [[eql-search-api-response-body]]
==== {api-response-body-title} ==== {api-response-body-title}