Costin Leau
679619c798
EQL: Improve retrieval of results ( #59552 )
...
Instead of retrieving an entire SearchHit, get just a reference and
postpone the document retrieval when assembling the final results.
Remove sort information from results to make them consistent.
Move TumblingWindow under the sequence package.
Co-authored-by: James Rodewig <james.rodewig@elastic.co>
(cherry picked from commit bccfbcd81f2f1d3552e95e4a9ee2618fb3059bd9)
2020-07-14 23:53:57 +03:00
James Rodewig
896d0ffd9b
[DOCS] EQL: Prepare docs for release ( #59259 ) ( #59407 )
...
Changes:
* Swaps the `dev` admonitions for `experimental` admonitions
* Removes `ifdef` statements preventing the docs from appearing in
released branches
2020-07-13 09:04:15 -04:00
James Rodewig
9d5c091f7a
[DOCS] Add data streams to EQL search docs ( #58611 ) ( #59404 )
2020-07-13 09:03:55 -04:00
Andrei Stefan
c0e0bca84c
Remove search_after and implicit_join_key_field ( #59232 ) ( #59280 )
...
(cherry picked from commit 6ede6c59eff321b9fedad30e19508b9e4f788b54)
2020-07-09 12:34:01 +03:00
James Rodewig
93a5eb0688
[DOCS] EQL: Document `size` limit for pipes ( #59085 ) ( #59236 )
...
Changes:
* Documents the `size` default as `10`.
* Updates `size` param def to note its relation to pipes.
* Updates the `head` and `tail` pipe docs to modify sequences.
* Documents the `fetch_size` parameter.
Relates to #59014 and #59063
2020-07-08 12:22:57 -04:00
James Rodewig
770f9f11af
[DOCS] Fix xref format in async EQL search docs
2020-06-30 09:37:47 -04:00
James Rodewig
735a3f344d
[DOCS] EQL: Remove fields from EQL search response ( #58667 ) ( #58669 )
2020-06-29 09:34:20 -04:00
Costin Leau
3c81b91474
EQL: Add Head/Tail pipe support ( #58536 )
...
Introduce pipe support, in particular head and tail
(which can also be chained).
(cherry picked from commit 4521ca3367147d4d6531cf0ab975d8d705f400ea)
(cherry picked from commit d6731d659d012c96b19879d13cfc9e1eaf4745a4)
2020-06-27 09:49:14 +03:00
James Rodewig
c613e0915a
[DOCS] EQL: Document search API's `tiebreaker_field` param ( #57935 ) ( #58540 )
2020-06-26 09:25:24 -04:00
Igor Motov
20af856abd
[7.x] EQL: Adds an ability to execute an asynchronous EQL search ( #58192 )
...
Adds async support to EQL searches
Closes #49638
Co-authored-by: James Rodewig james.rodewig@elastic.co
2020-06-25 14:11:57 -04:00
James Rodewig
44c3bb29e2
[DOCS] EQL: Correct EQL search API's `size` param def
...
The `size` parameter can be used to limit matching events or sequences.
2020-06-10 10:12:54 -04:00
James Rodewig
641ed484d8
[DOCS] EQL: Add `dev` admonition to EQL pages ( #57531 ) ( #57533 )
...
Adds the `dev` admonition to EQL features, which are in development
under a feature flag.
2020-06-02 11:03:12 -04:00
James Rodewig
fd6dabf158
[DOCS] EQL: Fix hits param for sequences ( #57410 ) ( #57524 )
2020-06-02 09:38:00 -04:00
Lisa Cawley
db5bf92acf
[7.x][DOCS] Replace docdir attribute with es-repo-dir ( #57489 ) ( #57494 )
2020-06-01 16:42:53 -07:00
James Rodewig
cc43d67eb1
[DOCS] Add leading slashes to EQL API examples
2020-05-19 15:38:37 -04:00
James Rodewig
22f54ba205
[DOCS] EQL: Fix API example headings
2020-05-18 16:29:29 -04:00
James Rodewig
c50f86fbba
[DOCS] EQL: Document `case_sensitive` param ( #56697 ) ( #56818 )
2020-05-15 11:47:19 -04:00
James Rodewig
2921747b23
[7.x] [DOCS] EQL: Document sequences ( #56721 ) ( #56774 )
...
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
2020-05-14 11:51:40 -04:00
James Rodewig
d247e8f7a6
[DOCS] Sort EQL search API params alphabetically
2020-05-12 13:52:18 -04:00
James Rodewig
dac4ed282e
[DOCS] EQL: Add collapsible sections to EQL tutorial docs ( #56235 )
...
Adds collapsible sections to the snippet examples of the EQL tutorial
docs.
Also adds a leading slash to EQL API snippet examples.
2020-05-05 16:29:51 -04:00
James Rodewig
e7df8b388e
[DOCS] EQL: Add collapsible sections to EQL search API response ( #56232 )
...
Add collapsible sections to the response parameter docs
of the EQL search API.
Also clarifies some language regarding documents and
events.
2020-05-05 16:01:55 -04:00
James Rodewig
c1b0548db0
[DOCS] Document EQL search REST API ( #52384 )
2020-04-24 15:36:01 -04:00