honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-02-08 22:14:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
OpenSearch/docs/reference/eql/index.asciidoc
James Rodewig 65f49d0bba [DOCS] Add top-level EQL docs page. Adds EQL requirements page. (#51334) 
* Creates a top-level page for EQL in the ES reference.
   This page contains a high-level introduction and will include a nav for other EQL docs pages as they're built.

* Creates a requirements page.
  This page outlines the fields needed to use EQL in ES.
2020-01-27 16:04:47 -05:00

35 lines
810 B
Plaintext
Raw Blame History

[role="xpack"]
[testenv="basic"]
[[eql]]
= EQL for event-based search
++++
<titleabbrev>EQL</titleabbrev>
++++
experimental::[]
{eql-ref}/index.html[Event Query Language (EQL)] is a query language used for
logs and other event-based data.
You can use EQL in {es} to easily express relationships between events and
quickly match events with shared properties. You can use EQL and query
DSL together to better filter your searches.
[float]
[[when-to-use-eql]]
=== When to use EQL
Consider using EQL if you:
* Use {es} for threat hunting or other security use cases
* Search time-series data or logs, such as network or system logs
* Want an easy way to explore relationships between events
[float]
[[eql-toc]]
=== In this section
* <<eql-requirements,EQL requirements>>
include::requirements.asciidoc[]
Reference in New Issue View Git Blame Copy Permalink