89 lines
4.5 KiB
Plaintext
89 lines
4.5 KiB
Plaintext
[[reference-eql-search]]
|
|
|
|
////////
|
|
===========================================================================================================================
|
|
|| ||
|
|
|| ||
|
|
|| ||
|
|
|| ██████╗ ███████╗ █████╗ ██████╗ ███╗ ███╗███████╗ ||
|
|
|| ██╔══██╗██╔════╝██╔══██╗██╔══██╗████╗ ████║██╔════╝ ||
|
|
|| ██████╔╝█████╗ ███████║██║ ██║██╔████╔██║█████╗ ||
|
|
|| ██╔══██╗██╔══╝ ██╔══██║██║ ██║██║╚██╔╝██║██╔══╝ ||
|
|
|| ██║ ██║███████╗██║ ██║██████╔╝██║ ╚═╝ ██║███████╗ ||
|
|
|| ╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝╚═════╝ ╚═╝ ╚═╝╚══════╝ ||
|
|
|| ||
|
|
|| ||
|
|
|| This file is autogenerated, DO NOT send pull requests that changes this file directly. ||
|
|
|| You should update the script that does the generation, which can be found in: ||
|
|
|| https://github.com/elastic/elastic-client-generator-js ||
|
|
|| ||
|
|
|| You can run the script with the following command: ||
|
|
|| npm run elasticsearch -- --version <version> ||
|
|
|| ||
|
|
|| ||
|
|
|| ||
|
|
===========================================================================================================================
|
|
////////
|
|
|
|
[discrete]
|
|
[[client.eql.search]]
|
|
=== client.eql.search
|
|
|
|
Returns results matching a query expressed in Event Query Language (EQL)
|
|
|
|
{ref}/eql-search-api.html[{es} documentation]
|
|
|
|
[discrete]
|
|
==== Function signature
|
|
|
|
[source,ts]
|
|
----
|
|
(EqlSearchRequest, options?): Promise<EqlSearchResponse>
|
|
----
|
|
|
|
[discrete]
|
|
==== EqlSearchRequest
|
|
|
|
[pass]
|
|
++++
|
|
<pre>
|
|
++++
|
|
interface EqlSearchRequest extends <<RequestBase>> {
|
|
index: <<Indices>>
|
|
allow_no_indices?: boolean
|
|
expand_wildcards?: <<ExpandWildcards>>
|
|
ignore_unavailable?: boolean
|
|
query: string
|
|
case_sensitive?: boolean
|
|
event_category_field?: <<Field>>
|
|
tiebreaker_field?: <<Field>>
|
|
timestamp_field?: <<Field>>
|
|
fetch_size?: <<uint>>
|
|
filter?: <<QueryDslQueryContainer>> | <<QueryDslQueryContainer>>[]
|
|
keep_alive?: <<Duration>>
|
|
keep_on_completion?: boolean
|
|
wait_for_completion_timeout?: <<Duration>>
|
|
size?: <<uint>>
|
|
fields?: <<QueryDslFieldAndFormat>> | <<Field>> | (<<QueryDslFieldAndFormat>> | <<Field>>)[]
|
|
result_position?: EqlSearchResultPosition
|
|
runtime_mappings?: <<MappingRuntimeFields>>
|
|
}
|
|
|
|
[pass]
|
|
++++
|
|
</pre>
|
|
++++
|
|
[discrete]
|
|
==== EqlSearchResponse
|
|
|
|
[pass]
|
|
++++
|
|
<pre>
|
|
++++
|
|
type EqlSearchResponse<TEvent = unknown> = <<EqlEqlSearchResponseBase>><TEvent>
|
|
|
|
[pass]
|
|
++++
|
|
</pre>
|
|
++++
|