1ceafb4d00
[DOCS] Remove italics formatting
2020-11-03 15:50:18 -05:00
a2b18e9ab9
[DOCS] Fix case for 'Boolean' ( #64299 ) ( #64342 )
2020-10-29 10:05:57 -04:00
22e931ed72
[DOCS] EQL: Fix operator docs ( #64286 ) ( #64290 )
2020-10-28 10:44:22 -04:00
bec3eca234
[DOCS] Remove unneeded words in EQL docs
2020-10-24 20:28:23 -04:00
f19f170811
[DOCS] Tighten async EQL copy ( #64106 ) ( #64108 )
2020-10-24 14:28:43 -04:00
d6143bb49d
[DOCS] Tighten EQL copy ( #64081 ) ( #64104 )
2020-10-24 11:09:51 -04:00
3369216087
[DOCS] Fix typo
2020-10-19 14:44:43 -04:00
af9e96d681
[DOCS] EQL: Update `allow_no_indices` default ( #63748 ) ( #63891 )
...
Co-authored-by: Adam Locke <adam.locke@elastic.co>
2020-10-19 12:31:22 -04:00
bd7633482b
[DOCS] EQL: Remove `match` fn ( #63271 ) ( #63677 )
2020-10-14 10:13:00 -04:00
5fc25442c4
[DOCS] Reword EQL intro
2020-10-14 10:03:21 -04:00
f9adb36d7d
[DOCS] Update `ignore_unavailable` default for EQL search API ( #63210 ) ( #63674 )
2020-10-14 09:56:46 -04:00
5de05ba69c
[DOCS] EQL: Add `:` operator, remove wildcard operator ( #63195 ) ( #63666 )
2020-10-14 09:31:20 -04:00
e4b4351a43
[DOCS] EQL: Remove Endgame EQL refs ( #63636 ) ( #63664 )
2020-10-14 08:48:56 -04:00
8455cf8ff0
[DOCS] Remove unneeded word in EQL docs
2020-10-13 13:57:41 -04:00
086df0636e
[DOCS] EQL: Document multi-value field support ( #63622 ) ( #63633 )
2020-10-13 12:44:48 -04:00
9c170706dd
[DOCS] EQL: Move to beta ( #63284 ) ( #63552 )
2020-10-12 09:12:26 -04:00
a8bf9a6a91
[DOCS] Make EQL case-sensitive by default ( #63270 ) ( #63280 )
2020-10-05 15:49:48 -04:00
76bba601ab
Remove case_sensitive request option ( #63218 ) ( #63244 )
...
Make EQL case sensitive by default and adapt some of the string functions
Remove the case sensitive option from Between string function
Add case_insensitive option to term and wildcard queries usage
(cherry picked from commit 7550e0664c8c2f1f13519036c759b1e76345551f)
2020-10-05 22:04:42 +03:00
ade91a2d9d
[DOCS] EQL: Update syntax for escaped event categories ( #63202 ) ( #63208 )
2020-10-02 15:19:12 -04:00
a22b90d3cc
[DOCS] EQL: Replace ?"..." with """...""" for raw strings ( #63191 ) ( #63198 )
2020-10-02 14:03:58 -04:00
099e5d00cc
[DOCS] EQL: Reorganize EQL syntax sections ( #63179 ) ( #63184 )
2020-10-02 10:25:32 -04:00
700bfb156d
[DOCS] EQL: date_nanos timestamp is not supported ( #63101 ) ( #63103 )
2020-09-30 17:45:00 -04:00
e91e5ff6d7
[DOCS] Document escaped backticks for identifiers ( #63079 ) ( #63084 )
2020-09-30 12:26:20 -04:00
fa98e30c81
[DOCS] EQL: Clarify EQL docs ( #62961 ) ( #62980 )
2020-09-28 15:46:30 -04:00
2366c1443b
[DOCS] EQL: Note = is not an equality operator
2020-09-22 13:54:38 -04:00
7b2010de81
[DOCS] Fix EQL search API example
2020-09-22 12:09:38 -04:00
21d5236173
[DOCS] EQL: Style fixes
2020-09-21 19:44:21 -04:00
00bfc2d684
[7.x] [DOCS] EQL: Improve regsvr32 misuse explanation ( #62722 ) ( #62738 )
...
* [DOCS] EQL: Improve regsvr32 misuse explanation (#62722 )
Expands the introduction to better explain what regsvr32 misuse is and
how it works at a high level.
* [DOCS] EQL: Style fixes
2020-09-21 19:02:10 -04:00
9d6f94ffa3
[DOCS] EQL: Disallow chained comparisons ( #62570 ) ( #62625 )
2020-09-18 08:47:27 -04:00
cd953272cd
[DOCS] EQL: Remove support for single quote strings ( #62479 ) ( #62543 )
2020-09-17 09:34:40 -04:00
f347f0207f
[DOCS] EQL: Use consistent string notation ( #62472 ) ( #62477 )
2020-09-16 11:43:37 -04:00
e92b237dd5
[DOCS] EQL: Clarify wildcard operator
2020-09-16 11:05:29 -04:00
ed072404ff
[DOCS] EQL: Make operator refs consistent
2020-09-16 11:03:48 -04:00
65bb679c56
[DOCS] EQL: Move comparison operator defs
2020-09-16 10:54:31 -04:00
9b10d0b3af
[DOCS] EQL: Add xrefs to EQL intro
2020-09-16 10:44:01 -04:00
3ab28e84c6
[DOCS] EQL: Update keyword family field types ( #62254 ) ( #62310 )
...
Updates several keyword/constant keyword references to use any field type in the
keyword family.
2020-09-14 09:51:34 -04:00
c9d2d4b306
[DOCS] Remove collapsible examples in EQL syntax docs ( #62220 ) ( #62226 )
2020-09-10 10:55:00 -04:00
8613bde780
[DOCS] Combine keyword family docs ( #61662 ) ( #61813 )
2020-09-01 15:32:56 -04:00
fd976e668c
[DOCS] EQL: Clarify until keyword docs ( #61794 ) ( #61808 )
2020-09-01 13:56:51 -04:00
8a6ecd5bfc
[DOCS] Fix EQL syntax admon
2020-08-26 13:39:42 -04:00
20053bfd8c
[DOCS] Remove dupe EQl fn/pipe TOC
2020-08-26 12:45:09 -04:00
5ad0ce49e1
[DOCS] Remove response params for #61428 ( #61524 ) ( #61534 )
2020-08-25 11:17:56 -04:00
bff3c7470e
EQL: Replace SearchHit in response with Event ( #61428 ) ( #61522 )
...
The building block of the eql response is currently the SearchHit. This
is a problem since it is tied to an actual search, and thus has scoring,
highlighting, shard information and a lot of other things that are not
relevant for EQL.
This becomes a problem when doing sequence queries since the response is
not generated from one search query and thus there are no SearchHits to
speak of.
Emulating one is not just conceptually incorrect but also problematic
since most of the data is missed or made-up.
As such this PR introduces a simple class, Event, that maps nicely to
the terminology while hiding the ES internals (the use of SearchHit or
GetResult/GetResponse depending on the API used).
Fix #59764
Fix #59779
Co-authored-by: Igor Motov <igor@motovs.org>
(cherry picked from commit 997376fbe6ef2894038968842f5e0635731ede65)
2020-08-25 17:32:42 +03:00
439fa46735
[DOCS] Remove collapsible sections in EQL fn docs ( #61498 ) ( #61499 )
2020-08-24 14:41:27 -04:00
2b852388c5
[DOCS] Fix hyphenation for "time series" ( #61472 ) ( #61481 )
2020-08-24 11:18:07 -04:00
039b306e7d
[DOCS] Fix EQL threat detection example ( #61367 ) ( #61373 )
2020-08-20 10:45:01 -04:00
5de0f19cc3
EQL: Return sequence join keys in the original type ( #61268 ) ( #61282 )
...
(cherry picked from commit d54957d61faa0d502387656e3cace594017b6ea0)
2020-08-18 19:37:15 +03:00
60876a0e32
[DOCS] Replace Wikipedia links with attribute ( #61171 ) ( #61209 )
2020-08-17 11:27:04 -04:00
290adcd25e
[DOCS] Reword in EQL threat detection example
2020-08-14 15:50:58 -04:00
3fef26bfb0
[DOCS] EQL: Add threat detection example ( #59105 ) ( #61161 )
2020-08-14 13:40:44 -04:00
James Rodewig
Andrei Stefan
Costin Leau