Class EqlSearchRequest.Builder
java.lang.Object
co.elastic.clients.util.ObjectBuilderBase
co.elastic.clients.util.WithJsonObjectBuilderBase<BuilderT>
co.elastic.clients.elasticsearch._types.RequestBase.AbstractBuilder<EqlSearchRequest.Builder>
co.elastic.clients.elasticsearch.eql.EqlSearchRequest.Builder
- All Implemented Interfaces:
WithJson<EqlSearchRequest.Builder>
,ObjectBuilder<EqlSearchRequest>
- Enclosing class:
- EqlSearchRequest
public static class EqlSearchRequest.Builder
extends RequestBase.AbstractBuilder<EqlSearchRequest.Builder>
implements ObjectBuilder<EqlSearchRequest>
Builder for
EqlSearchRequest
.-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionfinal EqlSearchRequest.Builder
allowNoIndices
(Boolean value) API name:allow_no_indices
build()
Builds aEqlSearchRequest
.final EqlSearchRequest.Builder
caseSensitive
(Boolean value) API name:case_sensitive
final EqlSearchRequest.Builder
eventCategoryField
(String value) Field containing the event classification, such as process, file, or network.final EqlSearchRequest.Builder
expandWildcards
(ExpandWildcard value, ExpandWildcard... values) API name:expand_wildcards
final EqlSearchRequest.Builder
expandWildcards
(List<ExpandWildcard> list) API name:expand_wildcards
final EqlSearchRequest.Builder
Maximum number of events to search at a time for sequence queries.final EqlSearchRequest.Builder
fields
(FieldAndFormat value) Array of wildcard (*) patterns.final EqlSearchRequest.Builder
Array of wildcard (*) patterns.final EqlSearchRequest.Builder
Query, written in Query DSL, used to filter the events on which the EQL query runs.final EqlSearchRequest.Builder
Query, written in Query DSL, used to filter the events on which the EQL query runs.final EqlSearchRequest.Builder
Query, written in Query DSL, used to filter the events on which the EQL query runs.final EqlSearchRequest.Builder
ignoreUnavailable
(Boolean value) If true, missing or closed indices are not included in the response.final EqlSearchRequest.Builder
Required - The name of the index to scope the operationfinal EqlSearchRequest.Builder
API name:keep_alive
final EqlSearchRequest.Builder
API name:keep_alive
final EqlSearchRequest.Builder
keepOnCompletion
(Boolean value) API name:keep_on_completion
final EqlSearchRequest.Builder
Required - EQL query you wish to run.final EqlSearchRequest.Builder
resultPosition
(ResultPosition value) API name:result_position
protected EqlSearchRequest.Builder
self()
final EqlSearchRequest.Builder
For basic queries, the maximum number of matching events to return.final EqlSearchRequest.Builder
tiebreakerField
(String value) Field used to sort hits with the same timestamp in ascending orderfinal EqlSearchRequest.Builder
timestampField
(String value) Field containing event timestamp.final EqlSearchRequest.Builder
waitForCompletionTimeout
(Time value) API name:wait_for_completion_timeout
final EqlSearchRequest.Builder
API name:wait_for_completion_timeout
Methods inherited from class co.elastic.clients.util.WithJsonObjectBuilderBase
withJson
Methods inherited from class co.elastic.clients.util.ObjectBuilderBase
_checkSingleUse, _listAdd, _listAddAll, _mapPut, _mapPutAll
-
Constructor Details
-
Builder
public Builder()
-
-
Method Details
-
allowNoIndices
API name:allow_no_indices
-
caseSensitive
API name:case_sensitive
-
eventCategoryField
Field containing the event classification, such as process, file, or network.API name:
event_category_field
-
expandWildcards
API name:expand_wildcards
Adds all elements of
list
toexpandWildcards
. -
expandWildcards
public final EqlSearchRequest.Builder expandWildcards(ExpandWildcard value, ExpandWildcard... values) API name:expand_wildcards
Adds one or more values to
expandWildcards
. -
fetchSize
Maximum number of events to search at a time for sequence queries.API name:
fetch_size
-
fields
Array of wildcard (*) patterns. The response returns values for field names matching these patterns in the fields property of each hit.API name:
fields
-
fields
public final EqlSearchRequest.Builder fields(Function<FieldAndFormat.Builder, ObjectBuilder<FieldAndFormat>> fn) Array of wildcard (*) patterns. The response returns values for field names matching these patterns in the fields property of each hit.API name:
fields
-
filter
Query, written in Query DSL, used to filter the events on which the EQL query runs.API name:
filter
Adds all elements of
list
tofilter
. -
filter
Query, written in Query DSL, used to filter the events on which the EQL query runs.API name:
filter
Adds one or more values to
filter
. -
filter
Query, written in Query DSL, used to filter the events on which the EQL query runs.API name:
filter
Adds a value to
filter
using a builder lambda. -
index
Required - The name of the index to scope the operationAPI name:
index
-
keepAlive
API name:keep_alive
-
keepAlive
API name:keep_alive
-
keepOnCompletion
API name:keep_on_completion
-
query
Required - EQL query you wish to run.API name:
query
-
resultPosition
API name:result_position
-
size
For basic queries, the maximum number of matching events to return. Defaults to 10API name:
size
-
tiebreakerField
Field used to sort hits with the same timestamp in ascending orderAPI name:
tiebreaker_field
-
timestampField
Field containing event timestamp. Default "@timestamp"API name:
timestamp_field
-
waitForCompletionTimeout
API name:wait_for_completion_timeout
-
waitForCompletionTimeout
public final EqlSearchRequest.Builder waitForCompletionTimeout(Function<Time.Builder, ObjectBuilder<Time>> fn) API name:wait_for_completion_timeout
-
self
- Specified by:
self
in classRequestBase.AbstractBuilder<EqlSearchRequest.Builder>
-
build
Builds aEqlSearchRequest
.- Specified by:
build
in interfaceObjectBuilder<EqlSearchRequest>
- Throws:
NullPointerException
- if some of the required fields are null.
-