Commit Graph

4 Commits

Author SHA1 Message Date
James Rodewig e3d3c3400c [DOCS] Update EQL default event category and timestamp values (#53102)
Updates the documented default `event_category_field` and `timestamp_field`
values for the EQL search API. Also updates related guidance in the
EQL requirement docs.

Relates to #53073.
2020-03-04 09:17:37 -05:00
James Rodewig bcb68c860c [DOCS] Reorganize EQL requirements page 2020-03-03 07:02:30 -05:00
James Rodewig 20453d3ac8 [DOCS] Add basic EQL search tutorial docs (#51574)
I plan to add additional sections to this page with future PRs:

* Specify timestamp and event type fields
* Specify a join key field
* Filter using query DSL
* Paginate a large response

See #51057.
2020-02-12 08:42:09 -05:00
James Rodewig 65f49d0bba [DOCS] Add top-level EQL docs page. Adds EQL requirements page. (#51334)
* Creates a top-level page for EQL in the ES reference.
   This page contains a high-level introduction and will include a nav for other EQL docs pages as they're built.

* Creates a requirements page.
  This page outlines the fields needed to use EQL in ES.
2020-01-27 16:04:47 -05:00