honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-02-10 15:05:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
54,348 Commits 7 Branches 6 Tags
Commit Graph

45 Commits

Author SHA1 Message Date
James Rodewig
196c2a52c1
[DOCS] EQL: Update docs for null tiebreakers (#65078) (#65138) 2020-11-17 10:42:10 -05:00
James Rodewig
b54133399e
[DOCS] EQL: Document result_position param (#65075) (#65135) 2020-11-17 10:41:06 -05:00
James Rodewig
a33e1e0f21
[DOCS] EQL: Fix tiebreaker field docs (#64671) (#64714) 
Corrects the EQL docs to remove `event.sequence` as the default `tiebreaker_field` value.
 2020-11-06 09:40:14 -05:00
James Rodewig
a2b18e9ab9
[DOCS] Fix case for 'Boolean' (#64299) (#64342) 2020-10-29 10:05:57 -04:00
James Rodewig
af9e96d681
[DOCS] EQL: Update allow_no_indices default (#63748) (#63891) 
Co-authored-by: Adam Locke <adam.locke@elastic.co>
 2020-10-19 12:31:22 -04:00
James Rodewig
f9adb36d7d
[DOCS] Update ignore_unavailable default for EQL search API (#63210) (#63674) 2020-10-14 09:56:46 -04:00
James Rodewig
e4b4351a43
[DOCS] EQL: Remove Endgame EQL refs (#63636) (#63664) 2020-10-14 08:48:56 -04:00
James Rodewig
9c170706dd
[DOCS] EQL: Move to beta (#63284) (#63552) 2020-10-12 09:12:26 -04:00
James Rodewig
a8bf9a6a91
[DOCS] Make EQL case-sensitive by default (#63270) (#63280) 2020-10-05 15:49:48 -04:00
James Rodewig
ade91a2d9d
[DOCS] EQL: Update syntax for escaped event categories (#63202) (#63208) 2020-10-02 15:19:12 -04:00
James Rodewig
700bfb156d
[DOCS] EQL: date_nanos timestamp is not supported (#63101) (#63103) 2020-09-30 17:45:00 -04:00
James Rodewig
7b2010de81 [DOCS] Fix EQL search API example 2020-09-22 12:09:38 -04:00
James Rodewig
3ab28e84c6
[DOCS] EQL: Update keyword family field types (#62254) (#62310) 
Updates several keyword/constant keyword references to use any field type in the
keyword family.
 2020-09-14 09:51:34 -04:00
James Rodewig
8613bde780
[DOCS] Combine keyword family docs (#61662) (#61813) 2020-09-01 15:32:56 -04:00
James Rodewig
5ad0ce49e1
[DOCS] Remove response params for #61428 (#61524) (#61534) 2020-08-25 11:17:56 -04:00
Costin Leau
bff3c7470e
EQL: Replace SearchHit in response with Event (#61428) (#61522) 
The building block of the eql response is currently the SearchHit. This
is a problem since it is tied to an actual search, and thus has scoring,
highlighting, shard information and a lot of other things that are not
relevant for EQL.
This becomes a problem when doing sequence queries since the response is
not generated from one search query and thus there are no SearchHits to
speak of.
Emulating one is not just conceptually incorrect but also problematic
since most of the data is missed or made-up.

As such this PR introduces a simple class, Event, that maps nicely to
the terminology while hiding the ES internals (the use of SearchHit or
GetResult/GetResponse depending on the API used).

Fix #59764
Fix #59779

Co-authored-by: Igor Motov <igor@motovs.org>
(cherry picked from commit 997376fbe6ef2894038968842f5e0635731ede65)
 2020-08-25 17:32:42 +03:00
Andrei Stefan
5de0f19cc3
EQL: Return sequence join keys in the original type (#61268) (#61282) 
(cherry picked from commit d54957d61faa0d502387656e3cace594017b6ea0)
 2020-08-18 19:37:15 +03:00
James Rodewig
60876a0e32
[DOCS] Replace Wikipedia links with attribute (#61171) (#61209) 2020-08-17 11:27:04 -04:00
James Rodewig
c0fa582df4
[DOCS] Make EQL example snippets more realistic (#60971) (#60974) 2020-08-11 12:01:31 -04:00
James Rodewig
a1c27b0833
[DOCS] Refactor EQL docs (#60700) (#60745) 
Changes:

* Moves sample data to reusable rest test
* Combines EQL index, requirements, and run a search pages
* Combines EQL syntax and limitations pages
* Adds related redirects
 2020-08-05 11:25:18 -04:00
James Rodewig
26d51089da
[DOCS] Replace twitter dataset in docs (#60604) (#60609) 2020-08-03 13:31:19 -04:00
James Rodewig
aba785cb6e
[DOCS] Update my-index examples (#60132) (#60248) 
Changes the following example index names to `my-index-000001` for consistency:

* `my-index`
* `my_index`
* `myindex`
 2020-07-27 15:58:26 -04:00
James Rodewig
43481441e9
[DOCS] EQL: Update EQL search response format (#59554) (#59668) 2020-07-15 17:23:48 -04:00
Costin Leau
679619c798 EQL: Improve retrieval of results (#59552) 
Instead of retrieving an entire SearchHit, get just a reference and
postpone the document retrieval when assembling the final results.
Remove sort information from results to make them consistent.
Move TumblingWindow under the sequence package.

Co-authored-by: James Rodewig <james.rodewig@elastic.co>
(cherry picked from commit bccfbcd81f2f1d3552e95e4a9ee2618fb3059bd9)
 2020-07-14 23:53:57 +03:00
James Rodewig
896d0ffd9b
[DOCS] EQL: Prepare docs for release (#59259) (#59407) 
Changes:

* Swaps the `dev` admonitions for `experimental` admonitions
* Removes `ifdef` statements preventing the docs from appearing in
  released branches
 2020-07-13 09:04:15 -04:00
James Rodewig
9d5c091f7a
[DOCS] Add data streams to EQL search docs (#58611) (#59404) 2020-07-13 09:03:55 -04:00
Andrei Stefan
c0e0bca84c
Remove search_after and implicit_join_key_field (#59232) (#59280) 
(cherry picked from commit 6ede6c59eff321b9fedad30e19508b9e4f788b54)
 2020-07-09 12:34:01 +03:00
James Rodewig
93a5eb0688
[DOCS] EQL: Document size limit for pipes (#59085) (#59236) 
Changes:
* Documents the `size` default as `10`.
* Updates `size` param def to note its relation to pipes.
* Updates the `head` and `tail` pipe docs to modify sequences.
* Documents the `fetch_size` parameter.

Relates to #59014 and #59063
 2020-07-08 12:22:57 -04:00
James Rodewig
770f9f11af [DOCS] Fix xref format in async EQL search docs 2020-06-30 09:37:47 -04:00
James Rodewig
735a3f344d
[DOCS] EQL: Remove fields from EQL search response (#58667) (#58669) 2020-06-29 09:34:20 -04:00
Costin Leau
3c81b91474 EQL: Add Head/Tail pipe support (#58536) 
Introduce pipe support, in particular head and tail
(which can also be chained).

(cherry picked from commit 4521ca3367147d4d6531cf0ab975d8d705f400ea)
(cherry picked from commit d6731d659d012c96b19879d13cfc9e1eaf4745a4)
 2020-06-27 09:49:14 +03:00
James Rodewig
c613e0915a
[DOCS] EQL: Document search API's tiebreaker_field param (#57935) (#58540) 2020-06-26 09:25:24 -04:00
Igor Motov
20af856abd
[7.x] EQL: Adds an ability to execute an asynchronous EQL search (#58192) 
Adds async support to EQL searches

Closes #49638

Co-authored-by: James Rodewig james.rodewig@elastic.co
 2020-06-25 14:11:57 -04:00
James Rodewig
44c3bb29e2 [DOCS] EQL: Correct EQL search API's size param def 
The `size` parameter can be used to limit matching events or sequences.
 2020-06-10 10:12:54 -04:00
James Rodewig
641ed484d8
[DOCS] EQL: Add dev admonition to EQL pages (#57531) (#57533) 
Adds the `dev` admonition to EQL features, which are in development
under a feature flag.
 2020-06-02 11:03:12 -04:00
James Rodewig
fd6dabf158
[DOCS] EQL: Fix hits param for sequences (#57410) (#57524) 2020-06-02 09:38:00 -04:00
Lisa Cawley
db5bf92acf
[7.x][DOCS] Replace docdir attribute with es-repo-dir (#57489) (#57494) 2020-06-01 16:42:53 -07:00
James Rodewig
cc43d67eb1 [DOCS] Add leading slashes to EQL API examples 2020-05-19 15:38:37 -04:00
James Rodewig
22f54ba205 [DOCS] EQL: Fix API example headings 2020-05-18 16:29:29 -04:00
James Rodewig
c50f86fbba
[DOCS] EQL: Document case_sensitive param (#56697) (#56818) 2020-05-15 11:47:19 -04:00
James Rodewig
2921747b23
[7.x] [DOCS] EQL: Document sequences (#56721) (#56774) 
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
 2020-05-14 11:51:40 -04:00
James Rodewig
d247e8f7a6 [DOCS] Sort EQL search API params alphabetically 2020-05-12 13:52:18 -04:00
James Rodewig
dac4ed282e [DOCS] EQL: Add collapsible sections to EQL tutorial docs (#56235) 
Adds collapsible sections to the snippet examples of the EQL tutorial
docs.

Also adds a leading slash to EQL API snippet examples.
 2020-05-05 16:29:51 -04:00
James Rodewig
e7df8b388e [DOCS] EQL: Add collapsible sections to EQL search API response (#56232) 
Add collapsible sections to the response parameter docs
of the EQL search API.

Also clarifies some language regarding documents and
events.
 2020-05-05 16:01:55 -04:00
James Rodewig
c1b0548db0
[DOCS] Document EQL search REST API (#52384) 2020-04-24 15:36:01 -04:00