Skip to content

[DOCS] Add basic EQL search tutorial docs #51574

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Feb 12, 2020
Merged

[DOCS] Add basic EQL search tutorial docs #51574

merged 6 commits into from
Feb 12, 2020

Conversation

jrodewig
Copy link
Contributor

Adds a basic tutorial and example for performing an EQL search.

I plan to add additional sections (specifying timestamp/event type, joins, pagination) with
future PRs. See #51057.

Also adds missing experimental::[] macro to the EQL requirements page.

@jrodewig jrodewig added >docs General docs changes :Analytics/EQL EQL querying labels Jan 28, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-search (:Search/EQL)

@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-docs (>docs)

@jrodewig jrodewig mentioned this pull request Jan 28, 2020
Closed
35 tasks
@jrodewig jrodewig marked this pull request as ready for review January 29, 2020 15:29
@jrodewig
[DOCS] Add basic EQL search tutorial docs
72a6f76 
I plan to add additional sections to this page with future PRs:

* Specify timestamp and event type fields
* Specify a join key field
* Filter using query DSL
* Paginate a large response

See #51057.
@jrodewig
Merge remote-tracking branch 'upstream/master' into docs__search-eql-…
8006c05 
…tutorial
@jrodewig
Update anchors
bcf1665
aleksmaus
aleksmaus approved these changes Feb 7, 2020
View reviewed changes
Copy link
Contributor

@aleksmaus aleksmaus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@jrodewig jrodewig merged commit be8ae97 into elastic:master Feb 12, 2020
@jrodewig jrodewig deleted the docs__search-eql-tutorial branch February 12, 2020 13:40
jrodewig added a commit that referenced this pull request Feb 12, 2020
@jrodewig
[DOCS] Add basic EQL search tutorial docs (#51574)
20453d3 
I plan to add additional sections to this page with future PRs:

* Specify timestamp and event type fields
* Specify a join key field
* Filter using query DSL
* Paginate a large response

See #51057.
@jrodewig
Copy link
Contributor Author

Backport commits

master be8ae97
7.x 20453d3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aleksmaus aleksmaus aleksmaus approved these changes

@rw-access rw-access rw-access approved these changes

Assignees
No one assigned
Labels
:Analytics/EQL EQL querying >docs General docs changes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jrodewig @elasticmachine @aleksmaus @rw-access