212 lines
6.8 KiB
Plaintext
212 lines
6.8 KiB
Plaintext
[[reference-eql]]
|
|
== client.eql
|
|
|
|
////////
|
|
===========================================================================================================================
|
|
|| ||
|
|
|| ||
|
|
|| ||
|
|
|| ██████╗ ███████╗ █████╗ ██████╗ ███╗ ███╗███████╗ ||
|
|
|| ██╔══██╗██╔════╝██╔══██╗██╔══██╗████╗ ████║██╔════╝ ||
|
|
|| ██████╔╝█████╗ ███████║██║ ██║██╔████╔██║█████╗ ||
|
|
|| ██╔══██╗██╔══╝ ██╔══██║██║ ██║██║╚██╔╝██║██╔══╝ ||
|
|
|| ██║ ██║███████╗██║ ██║██████╔╝██║ ╚═╝ ██║███████╗ ||
|
|
|| ╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝╚═════╝ ╚═╝ ╚═╝╚══════╝ ||
|
|
|| ||
|
|
|| ||
|
|
|| This file is autogenerated, DO NOT send pull requests that changes this file directly. ||
|
|
|| You should update the script that does the generation, which can be found in: ||
|
|
|| https://github.com/elastic/elastic-client-generator-js ||
|
|
|| ||
|
|
|| You can run the script with the following command: ||
|
|
|| npm run elasticsearch -- --version <version> ||
|
|
|| ||
|
|
|| ||
|
|
|| ||
|
|
===========================================================================================================================
|
|
////////
|
|
++++
|
|
<style>
|
|
.lang-ts a.xref {
|
|
text-decoration: underline !important;
|
|
}
|
|
</style>
|
|
++++
|
|
|
|
|
|
[discrete]
|
|
[[client.eql.delete]]
|
|
== `client.eql.delete()`
|
|
|
|
Delete an async EQL search. Delete an async EQL search or a stored synchronous EQL search. The API also deletes results for the search.
|
|
|
|
{ref}/eql-search-api.html[{es} documentation]
|
|
[discrete]
|
|
=== Function signature
|
|
|
|
[source,ts]
|
|
----
|
|
(request: EqlDeleteRequest, options?: TransportRequestOptions) => Promise<EqlDeleteResponse>
|
|
----
|
|
|
|
[discrete]
|
|
=== Request
|
|
|
|
[source,ts,subs=+macros]
|
|
----
|
|
interface EqlDeleteRequest extends <<RequestBase>> {
|
|
id: <<Id>>
|
|
}
|
|
|
|
----
|
|
|
|
|
|
[discrete]
|
|
=== Response
|
|
|
|
[source,ts,subs=+macros]
|
|
----
|
|
type EqlDeleteResponse = <<AcknowledgedResponseBase>>
|
|
|
|
----
|
|
|
|
|
|
[discrete]
|
|
[[client.eql.get]]
|
|
== `client.eql.get()`
|
|
|
|
Get async EQL search results. Get the current status and available results for an async EQL search or a stored synchronous EQL search.
|
|
|
|
{ref}/get-async-eql-search-api.html[{es} documentation]
|
|
[discrete]
|
|
=== Function signature
|
|
|
|
[source,ts]
|
|
----
|
|
(request: EqlGetRequest, options?: TransportRequestOptions) => Promise<EqlGetResponse>
|
|
----
|
|
|
|
[discrete]
|
|
=== Request
|
|
|
|
[source,ts,subs=+macros]
|
|
----
|
|
interface EqlGetRequest extends <<RequestBase>> {
|
|
id: <<Id>>
|
|
keep_alive?: <<Duration>>
|
|
wait_for_completion_timeout?: <<Duration>>
|
|
}
|
|
|
|
----
|
|
|
|
|
|
[discrete]
|
|
=== Response
|
|
|
|
[source,ts,subs=+macros]
|
|
----
|
|
type EqlGetResponse<TEvent = unknown> = <<EqlEqlSearchResponseBase>><TEvent>
|
|
|
|
----
|
|
|
|
|
|
[discrete]
|
|
[[client.eql.getStatus]]
|
|
== `client.eql.getStatus()`
|
|
|
|
Get the async EQL status. Get the current status for an async EQL search or a stored synchronous EQL search without returning results.
|
|
|
|
{ref}/get-async-eql-status-api.html[{es} documentation]
|
|
[discrete]
|
|
=== Function signature
|
|
|
|
[source,ts]
|
|
----
|
|
(request: EqlGetStatusRequest, options?: TransportRequestOptions) => Promise<EqlGetStatusResponse>
|
|
----
|
|
|
|
[discrete]
|
|
=== Request
|
|
|
|
[source,ts,subs=+macros]
|
|
----
|
|
interface EqlGetStatusRequest extends <<RequestBase>> {
|
|
id: <<Id>>
|
|
}
|
|
|
|
----
|
|
|
|
|
|
[discrete]
|
|
=== Response
|
|
|
|
[source,ts,subs=+macros]
|
|
----
|
|
interface EqlGetStatusResponse {
|
|
id: <<Id>>
|
|
is_partial: boolean
|
|
is_running: boolean
|
|
start_time_in_millis?: <<EpochTime>><<<UnitMillis>>>
|
|
expiration_time_in_millis?: <<EpochTime>><<<UnitMillis>>>
|
|
completion_status?: <<integer>>
|
|
}
|
|
|
|
----
|
|
|
|
|
|
[discrete]
|
|
[[client.eql.search]]
|
|
== `client.eql.search()`
|
|
|
|
Get EQL search results. Returns search results for an Event Query Language (EQL) query. EQL assumes each document in a data stream or index corresponds to an event.
|
|
|
|
{ref}/eql-search-api.html[{es} documentation]
|
|
[discrete]
|
|
=== Function signature
|
|
|
|
[source,ts]
|
|
----
|
|
(request: EqlSearchRequest, options?: TransportRequestOptions) => Promise<EqlSearchResponse>
|
|
----
|
|
|
|
[discrete]
|
|
=== Request
|
|
|
|
[source,ts,subs=+macros]
|
|
----
|
|
interface EqlSearchRequest extends <<RequestBase>> {
|
|
index: <<Indices>>
|
|
allow_no_indices?: boolean
|
|
expand_wildcards?: <<ExpandWildcards>>
|
|
ignore_unavailable?: boolean
|
|
query: string
|
|
case_sensitive?: boolean
|
|
event_category_field?: <<Field>>
|
|
tiebreaker_field?: <<Field>>
|
|
timestamp_field?: <<Field>>
|
|
fetch_size?: <<uint>>
|
|
filter?: <<QueryDslQueryContainer>> | <<QueryDslQueryContainer>>[]
|
|
keep_alive?: <<Duration>>
|
|
keep_on_completion?: boolean
|
|
wait_for_completion_timeout?: <<Duration>>
|
|
size?: <<uint>>
|
|
fields?: <<QueryDslFieldAndFormat>> | <<Field>> | (<<QueryDslFieldAndFormat>> | <<Field>>)[]
|
|
result_position?: EqlSearchResultPosition
|
|
runtime_mappings?: <<MappingRuntimeFields>>
|
|
max_samples_per_key?: <<integer>>
|
|
}
|
|
|
|
----
|
|
|
|
|
|
[discrete]
|
|
=== Response
|
|
|
|
[source,ts,subs=+macros]
|
|
----
|
|
type EqlSearchResponse<TEvent = unknown> = <<EqlEqlSearchResponseBase>><TEvent>
|
|
|
|
----
|
|
|
|
|