Skip to content

EQL: consistent naming for event type vs event category #53073

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Mar 4, 2020
Merged

EQL: consistent naming for event type vs event category #53073

merged 2 commits into from
Mar 4, 2020
+193 −123

Conversation

aleksmaus
Copy link
Contributor

Related to #52941

@jrodewig jrodewig mentioned this pull request Mar 3, 2020
Closed
@aleksmaus aleksmaus added the :Analytics/EQL EQL querying label Mar 3, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-search (:Search/EQL)

@aleksmaus aleksmaus requested a review from jrodewig March 3, 2020 19:01
@jrodewig
Copy link
Contributor

jrodewig commented Mar 3, 2020

Excited about these changes. I'll work on syncing up the existing docs to match the new field name + defaults. Thanks @aleksmaus.

costin
costin approved these changes Mar 3, 2020
View reviewed changes
Copy link
Member

@costin costin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

imotov
imotov approved these changes Mar 3, 2020
View reviewed changes
Copy link
Contributor

@imotov imotov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@imotov
Copy link
Contributor

imotov commented Mar 3, 2020

@elasticmachine run elasticsearch-ci/default-distro

@aleksmaus aleksmaus merged commit 82c645e into elastic:master Mar 4, 2020
aleksmaus added a commit to aleksmaus/elasticsearch that referenced this pull request Mar 4, 2020
@aleksmaus
EQL: consistent naming for event type vs event category (elastic#53073)
b9eee85 
Related to elastic#52941
@jrodewig jrodewig mentioned this pull request Mar 4, 2020
Merged
aleksmaus added a commit that referenced this pull request Mar 4, 2020
@aleksmaus
EQL: consistent naming for event type vs event category (#53073) (#53090
b47bffb 
)

Related to #52941
jrodewig added a commit that referenced this pull request Mar 4, 2020
@jrodewig
[DOCS] Update EQL default event category and timestamp values (#53102)
9306c8d 
Updates the documented default `event_category_field` and `timestamp_field`
values for the EQL search API. Also updates related guidance in the
EQL requirement docs.

Relates to #53073.
jrodewig added a commit that referenced this pull request Mar 4, 2020
@jrodewig
[DOCS] Update EQL default event category and timestamp values (#53102)
e3d3c34 
Updates the documented default `event_category_field` and `timestamp_field`
values for the EQL search API. Also updates related guidance in the
EQL requirement docs.

Relates to #53073.
jrodewig added a commit that referenced this pull request Mar 5, 2020
@jrodewig
[DOCS] Document any keyword in EQL syntax (#52821)
c6334ee 
* [DOCS] Document `any` keyword in EQL syntax

Adds documentation for the `any` keyword to the EQL syntax docs.

Includes:

* Definition of an event type and its relationship to the event type
  field.
* Example matching all event types using `any` keyword
* Example matching event types beginning with a digit
* Example using `any` with `where true`

* Remove references to `event_type_field` default

* Reuse "Events starting with digits" section

* Updates for #53073
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@costin costin costin approved these changes

@imotov imotov imotov approved these changes

@astefan astefan Awaiting requested review from astefan

@rw-access rw-access Awaiting requested review from rw-access

@jrodewig jrodewig Awaiting requested review from jrodewig

Assignees
No one assigned
Labels
:Analytics/EQL EQL querying
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@aleksmaus @elasticmachine @jrodewig @imotov @costin