Commit Graph

31 Commits

Author SHA1 Message Date
James Rodewig 3ab28e84c6
[DOCS] EQL: Update keyword family field types (#62254) (#62310)
Updates several keyword/constant keyword references to use any field type in the
keyword family.
2020-09-14 09:51:34 -04:00
James Rodewig 8613bde780
[DOCS] Combine keyword family docs (#61662) (#61813) 2020-09-01 15:32:56 -04:00
James Rodewig 20053bfd8c [DOCS] Remove dupe EQl fn/pipe TOC 2020-08-26 12:45:09 -04:00
James Rodewig 439fa46735
[DOCS] Remove collapsible sections in EQL fn docs (#61498) (#61499) 2020-08-24 14:41:27 -04:00
James Rodewig 60876a0e32
[DOCS] Replace Wikipedia links with attribute (#61171) (#61209) 2020-08-17 11:27:04 -04:00
James Rodewig 896d0ffd9b
[DOCS] EQL: Prepare docs for release (#59259) (#59407)
Changes:

* Swaps the `dev` admonitions for `experimental` admonitions
* Removes `ifdef` statements preventing the docs from appearing in
  released branches
2020-07-13 09:04:15 -04:00
James Rodewig 6ed356ffc3
[DOCS] Replace `datatype` with `data type` (#58972) (#59184) 2020-07-07 14:59:35 -04:00
James Rodewig d8731853a3
[DOCS] EQL: Document `head` and `tail` pipes (#58673) (#58739) 2020-06-30 09:12:54 -04:00
James Rodewig 641ed484d8
[DOCS] EQL: Add `dev` admonition to EQL pages (#57531) (#57533)
Adds the `dev` admonition to EQL features, which are in development
under a feature flag.
2020-06-02 11:03:12 -04:00
James Rodewig 5e09762a27 [DOCS] EQL: Align comments in `between` fn examples 2020-05-15 09:20:45 -04:00
James Rodewig 24cd45345e [DOCS] EQL: Remove references to arrays/multi-value fields (#56772) 2020-05-15 09:09:07 -04:00
James Rodewig 2a943a58a4
[DOCS] EQL: Document `number` function (#56770)
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
2020-05-14 15:44:04 -04:00
James Rodewig 8e005db3e6
[DOCS] EQL: Document math functions (#55810) (#56337)
Documents the following EQL functions:

* `add`
* `divide`
* `module`
* `multiply`
* `subtract`
2020-05-07 09:18:43 -04:00
James Rodewig 8686200a32 [DOCS] EQL: Document `concat` function (#56239)
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
2020-05-05 16:45:29 -04:00
James Rodewig cd3663e5fa
[DOCS] EQL: Document `match` function (#56134) 2020-05-05 12:03:02 -04:00
James Rodewig 4dfdd46dc3 [DOCS] EQL: Remove case sensitivity from function docs (#55063)
Per #54411, we plan to handle case sensitivity via a parameter for the
EQL search API (with the possible exception of the `between` function).

This removes references and examples related to case sensitivity from
the EQL functions docs.
2020-05-05 09:26:49 -04:00
James Rodewig 65b47d20a6 [DOCS] Update attribute for multi arg footnotes (#55860) 2020-04-29 10:25:36 -04:00
James Rodewig 1808a1f36b [DOCS] EQL: Correct `cidrMatch` function heading (#55935) 2020-04-29 10:02:06 -04:00
James Rodewig c16b1edae0 [DOCS] EQL: Fix whitespace in `stringContains` docs 2020-04-27 15:53:59 -04:00
James Rodewig 5981412bf7
[DOCS] EQL: Document `stringContains` function (#54968) 2020-04-24 15:09:05 -04:00
James Rodewig e4ebe55d04
[DOCS] EQL: Document `cidrMatch` function (#54216) (#55739) 2020-04-24 14:01:11 -04:00
James Rodewig 4f2ab96f38 [DOCS] EQL: Document `indexOf` function (#55071) 2020-04-15 11:29:50 -04:00
James Rodewig 3fbd8b371f [DOCS] Use consistent line breaks in EQL function docs 2020-04-14 10:17:45 -04:00
James Rodewig 57d6493e29 [DOCS] EQL: Document `string` function (#55086) 2020-04-13 11:23:45 -04:00
James Rodewig 2655dfa2fe [DOCS] EQL: Reword field support for EQL functions (#55074)
Changes boilerplate sentence of "If using a field as the argument, this
parameter only supports..." to "...this parameter supports only...".

The latter is a bit more clear and readable.
2020-04-10 15:33:29 -04:00
James Rodewig c440754784 [DOCS] EQL: Document `wildcard` function (#54086) 2020-04-10 09:18:29 -04:00
James Rodewig 964cf565c9
[DOCS] EQL: Document `between` function (#54950) 2020-04-08 13:49:15 -04:00
James Rodewig 4982b720ef
[DOCS] EQL: Document `length` function (#54225) 2020-04-01 11:35:36 -04:00
James Rodewig b43eb5ac32
[DOCS] EQL: Document `endsWith` function (#54521) 2020-04-01 10:43:37 -04:00
James Rodewig 95622d8782
[DOCS] EQL: Document `startsWith` function (#54518) (#54578) 2020-04-01 09:30:27 -04:00
James Rodewig 30a32040d3
[DOCS] EQL: Document `substring` function (#53867)
Adds documentation for the EQL `substring` function.

Supporting changes:

* Creates a new "EQL function reference" page
* Updates the title of the "EQL syntax reference" page for consistency
* Adds a brief "Functions" section to the EQL syntax docs
* Updates EQL limitations docs to state that only array functions are
  unsupported
2020-03-25 12:23:59 -04:00