Commit Graph

7623 Commits

Author SHA1 Message Date
Costin Leau bff3c7470e
EQL: Replace SearchHit in response with Event (#61428) (#61522)
The building block of the eql response is currently the SearchHit. This
is a problem since it is tied to an actual search, and thus has scoring,
highlighting, shard information and a lot of other things that are not
relevant for EQL.
This becomes a problem when doing sequence queries since the response is
not generated from one search query and thus there are no SearchHits to
speak of.
Emulating one is not just conceptually incorrect but also problematic
since most of the data is missed or made-up.

As such this PR introduces a simple class, Event, that maps nicely to
the terminology while hiding the ES internals (the use of SearchHit or
GetResult/GetResponse depending on the API used).

Fix #59764
Fix #59779

Co-authored-by: Igor Motov <igor@motovs.org>
(cherry picked from commit 997376fbe6ef2894038968842f5e0635731ede65)
2020-08-25 17:32:42 +03:00
James Rodewig 2400098a52
[DOCS] Fix typo in profile API docs (#61445) (#61501)
Co-authored-by: James Rodewig <40268737+jrodewig@users.noreply.github.com>

Co-authored-by: shashikumarec088 <shashikumarec088@gmail.com>
2020-08-24 15:30:18 -04:00
Nhat Nguyen baa685c2d9 Fix anchor doc for msearch cancellation paragraph
Relates #61418
2020-08-24 15:14:17 -04:00
Nhat Nguyen f34d3efae7 Add cancellation doc for multi search (#61418)
Relates #61337
2020-08-24 15:14:05 -04:00
James Rodewig 439fa46735
[DOCS] Remove collapsible sections in EQL fn docs (#61498) (#61499) 2020-08-24 14:41:27 -04:00
James Rodewig 17b5a0d25e
[DOCS] Combine `Search your data` files (#61477) (#61486)
No-op changes to:

* Move `Search your data` source files into the same directory
* Rename `Search your data` source files based on page ID
* Remove unneeded includes
* Remove the `Request` dir
2020-08-24 13:08:00 -04:00
Benjamin Trent 1ae2923632
[7.x] [ML] adding docs + hlrc for data frame analysis feature_processors (#61149) (#61493)
* [ML] adding docs + hlrc for data frame analysis feature_processors (#61149)

Adds HLRC and some docs for the new feature_processors field in Data frame analytics.

Co-authored-by: Przemysław Witek <przemyslaw.witek@elastic.co>
Co-authored-by: Lisa Cawley <lcawley@elastic.co>
2020-08-24 12:56:21 -04:00
James Rodewig 2b852388c5
[DOCS] Fix hyphenation for "time series" (#61472) (#61481) 2020-08-24 11:18:07 -04:00
James Rodewig 5992bb0507
[DOCS] Fix ingest script compilation rate and cache size (#61468) (#61479) 2020-08-24 10:46:44 -04:00
Lisa Cawley 52b12a07c4 [DOCS] Document static machine learning settings (#61382) 2020-08-24 07:35:38 -07:00
James Rodewig 3373b1406a
[DOCS] Fix typo in CCR Put Follow API docs (#61392) (#61470)
Co-authored-by: Mark Laney <mark1@elastic.co>
2020-08-24 09:46:23 -04:00
James Rodewig 2100441ef8
[DOCS] Note the cluster settings API can override `elasticsearch.yml` (#61394) (#61464)
Co-authored-by: Lisa Cawley <lcawley@elastic.co>
2020-08-24 09:32:26 -04:00
James Rodewig da89ff87bb
[DOCS] Prune `Search your data` content (#61303) (#61462)
Changes:
* Removes narrative around URI searches. These aren't commonly used in production. The `q` param is already covered in the search API docs: https://www.elastic.co/guide/en/elasticsearch/reference/master/search-search.html#search-api-query-params-q
* Adds a common options section that highlights narrative docs for query DSL, aggregations, multi-index search, search fields, pagination, sorting, and async search.
* Adds a `Search shard routing` page. Moves narrative docs for adaptive replica selection, preference, routing , and shard limits to that section.
* Moves search timeout and cancellation content to the `Search your data` page.
* Creates a `Search multiple data streams and indices` page. Moves related narrative docs for multi-target syntax searches and `indices_boost` to that page.
* Removes narrative examples for the `search_type` parameters. Moves documentation for this parameter to the search API docs.
2020-08-24 09:31:53 -04:00
Lisa Cawley 7c48a0fc8c [DOCS] Document static dynamic transform settings (#61384) 2020-08-21 13:04:54 -07:00
James Rodewig cbb5f18f81
[DOCS] Document `xpack.graph.enabled` setting (#60073) (#61433) 2020-08-21 15:13:13 -04:00
James Rodewig e92c62bdf8
[7.x] [DOCS] Fix query example for wildcard datatype (#61398) (#61431)
Co-authored-by: jessepeixoto <jessepeixoto@gmail.com>
2020-08-21 12:43:41 -04:00
James Rodewig cb5e9d3bee
[DOCS] Remove URI search examples from API reference (#61423) (#61425) 2020-08-21 11:19:11 -04:00
James Rodewig 1b3a002588
[DOCS] Fix ingest processor TOC sort (#61412) (#61416) 2020-08-21 09:21:41 -04:00
James Rodewig bba4220982
[DOCS] Fix `field` def for join processor (#61395) (#61413) 2020-08-21 08:53:38 -04:00
Ryan Ernst 00b56bf007
Add note about negative epoch times (#61379)
This commit adds a reminder to date type documentation that negative
epoch times are not supported.

relates #40983
2020-08-20 13:54:14 -07:00
James Rodewig 039b306e7d
[DOCS] Fix EQL threat detection example (#61367) (#61373) 2020-08-20 10:45:01 -04:00
Adam Locke 751cee0042
Adding ignore_unavailable param. (#61368) (#61370) 2020-08-20 10:10:16 -04:00
Przemyslaw Gomulka 62baca74ed
[doc] Improve joda-time migration guide (#60499)
Previously migration guide incorrectly stated that joda-time patterns have to be fixed before upgrading to 7.x
since (7.7) #52555 and our bwc policy 6.x created indices even with joda-time are supported
relates #60374
2020-08-20 16:03:58 +02:00
James Rodewig 1182248994 [DOCS] Document empty string boolean value as `false` (#61341) 2020-08-19 12:57:57 -04:00
James Rodewig dc9d613280
[DOCS] Document dynamic circuit breaker settings (#61334) (#61335) 2020-08-19 11:13:46 -04:00
James Rodewig 128d66b03e
[DOCS] Reorder ES TOC (#61231) (#61326) 2020-08-19 09:32:02 -04:00
István Zoltán Szabó 86dbd68131
[DOCS] Adds example to the inference aggregation description (#61290) (#61318) 2020-08-19 12:07:30 +02:00
Lisa Cawley b120368aee
[DOCS] Add security updates to release notes (#61288) (#61296) 2020-08-18 12:00:21 -07:00
David Roberts 96256bd4df
[DOCS] Add 7.9.0 known issue for problems with ML index mappings (#61289)
Co-authored-by: Lisa Cawley <lcawley@elastic.co>
2020-08-18 11:46:08 -07:00
Lisa Cawley 2015d5f86a
[DOCS] Removes 7.9.0 coming tags (#61293) 2020-08-18 11:24:52 -07:00
Andrei Stefan 5de0f19cc3
EQL: Return sequence join keys in the original type (#61268) (#61282)
(cherry picked from commit d54957d61faa0d502387656e3cace594017b6ea0)
2020-08-18 19:37:15 +03:00
István Zoltán Szabó 78d77ebed7
[DOCS] Replaces transform.node with node.roles: [ transform ] in transforms settings. (#61267) (#61271) 2020-08-18 18:00:06 +02:00
István Zoltán Szabó 7596bb7454
[DOCS] Clarifies node.roles settings (#61266) (#61274) 2020-08-18 17:59:34 +02:00
Pius d6ad247e07
[DOCS] Note max field expansions is not a hard limit (#61120)
Per #35284, it looks like we changed this from a max field expansions limit to a soft limit using the `indices.query.bool.max_clause_count` dynamic cluster settting.
2020-08-18 11:39:09 -04:00
Nik Everett 8a387d6df1 Redo experimental tag on vwh (#61065)
The docs didn't have the standard experimental text. This adds it.
2020-08-18 10:02:26 -04:00
István Zoltán Szabó 06ba99413d
[DOCS] Replaces ml.node with node.roles: [ ml ] in ML settings (#61017) (#61257) 2020-08-18 12:06:17 +02:00
Adam Locke a0af82c213
[7.x] [DOCS] Update CCR docs to focus on Kibana. (#61237)
* First crack at rewriting the CCR introduction.

* Emphasizing Kibana in configuring CCR (part one).

* Many more edits, plus new files.

* Fixing test case.

* Removing overview page and consolidating that information in the main page.

* Adding redirects for moved and deleted pages.

* Removing, consolidating, and adding redirects.

* Fixing duplicate ID in redirects and removing outdated reference.

* Adding test case and steps for recreating a follower index.

* Adding steps for managing CCR tasks in Kibana.

* Adding tasks for managing auto-follow patterns.

* Fixing glossary link.

* Fixing glossary link, again.

* Updating the upgrade information and other stuff.

* Apply suggestions from code review

* Incorporating review feedback.

* Adding more edits.

* Fixing link reference.

* Adding use cases for #59812.

* Incorporating feedback from reviewers.

* Apply suggestions from code review

* Incorporating more review comments.

* Condensing some of the steps for accessing Kibana.

* Incorporating small changes from reviewers.
2020-08-17 16:58:13 -04:00
James Rodewig 06d3159125
[DOCS] Add usage tips to `top_hits` agg (#61215) (#61225) 2020-08-17 13:05:40 -04:00
Leaf-Lin e258c85b6a [DOCS] Update configuring-metricbeat.asciidoc (#60857)
Co-authored-by: Lisa Cawley <lcawley@elastic.co>
2020-08-17 10:04:52 -07:00
James Rodewig 6a248aea07
[DOCS] Add admon for built-in index templates (#61063) (#61220)
Adds an important admonition for the built-in `metrics-*-*` and `logs-*-*` index
templates.

Updates several put index template snippets to include a priority.
2020-08-17 12:48:34 -04:00
Adam Locke a3f357c8a5
[DOCS] Update info about geo_shape bounding boxes (#61214) (#61216)
* Adding information about geo_shape bounding boxes.

* Fixing cross link and incorporating review feedback.
2020-08-17 11:44:46 -04:00
James Rodewig 60876a0e32
[DOCS] Replace Wikipedia links with attribute (#61171) (#61209) 2020-08-17 11:27:04 -04:00
István Zoltán Szabó bc9170387a
[DOCS] Adds clarification to node roles (#61206) (#61211) 2020-08-17 16:15:53 +02:00
James Rodewig 81b8024d66
[DOCS] Fix typo in suggester docs (#61077) (#61202)
Co-authored-by: Arash Layeghi <arashlayeghi57@gmail.com>
2020-08-17 09:09:34 -04:00
Dan Hermann 524247bbc0
[DOCS] write_index_only option for put mapping (#59610) (#61172) 2020-08-17 07:33:49 -05:00
James Rodewig 1ffc983f98 [DOCS] Fix link in similarity module docs 2020-08-14 18:31:07 -04:00
James Rodewig 290adcd25e [DOCS] Reword in EQL threat detection example 2020-08-14 15:50:58 -04:00
James Rodewig d0810cca19
[DOCS] Add xref to multiplexer token filter docs (#60431) (#61168)
Co-authored-by: paiboon auengkongkatong <paiboon15721@gmail.com>
2020-08-14 15:05:07 -04:00
James Rodewig 8263ce79e9
[DOCS] Update ingest processor snippet for ECS (#61128) (#61164)
Co-authored-by: Nicole Albee <2642763+a03nikki@users.noreply.github.com>
2020-08-14 14:21:47 -04:00
James Rodewig 3fef26bfb0
[DOCS] EQL: Add threat detection example (#59105) (#61161) 2020-08-14 13:40:44 -04:00