java.lang.Object

co.elastic.clients.elasticsearch._types.RequestBase

co.elastic.clients.elasticsearch.eql.EqlSearchRequest

All Implemented Interfaces:: JsonpSerializable

@JsonpDeserializable
public class EqlSearchRequest
extends RequestBase
implements JsonpSerializable

Returns results matching a query expressed in Event Query Language (EQL)

See Also:: API specification

Nested Class Summary

Nested Classes

Modifier and Type Class Description

static class EqlSearchRequest.Builder
Builder for EqlSearchRequest.

Nested classes/interfaces inherited from class co.elastic.clients.elasticsearch._types.RequestBase
RequestBase.AbstractBuilder<BuilderT extends RequestBase.AbstractBuilder<BuilderT>>

Field Summary

Fields
Modifier and Type	Field	Description
`static JsonpDeserializer<EqlSearchRequest>`	`_DESERIALIZER`	Json deserializer for `EqlSearchRequest`
`static SimpleEndpoint<EqlSearchRequest,?>`	`_ENDPOINT`	Endpoint "`eql.search`".

Method Summary

Modifier and Type	Method	Description
`java.lang.Boolean`	`allowNoIndices()`	API name: `allow_no_indices`
`java.lang.Boolean`	`caseSensitive()`	API name: `case_sensitive`
`static <TEvent> Endpoint<EqlSearchRequest,EqlSearchResponse<TEvent>,ErrorResponse>`	`createSearchEndpoint(JsonpDeserializer<TEvent> tEventDeserializer)`	Create an "`eql.search`" endpoint.
`java.lang.String`	`eventCategoryField()`	Field containing the event classification, such as process, file, or network.
`java.util.List<ExpandWildcard>`	`expandWildcards()`	API name: `expand_wildcards`
`java.lang.Number`	`fetchSize()`	Maximum number of events to search at a time for sequence queries.
`java.util.List<FieldAndFormat>`	`fields()`	Array of wildcard (*) patterns.
`java.util.List<Query>`	`filter()`	Query, written in Query DSL, used to filter the events on which the EQL query runs.
`java.lang.Boolean`	`ignoreUnavailable()`	If true, missing or closed indices are not included in the response.
`java.util.List<java.lang.String>`	`index()`	Required - The name of the index to scope the operation
`Time`	`keepAlive()`	API name: `keep_alive`
`java.lang.Boolean`	`keepOnCompletion()`	API name: `keep_on_completion`
`static EqlSearchRequest`	`of(java.util.function.Function<EqlSearchRequest.Builder,ObjectBuilder<EqlSearchRequest>> fn)`
`java.lang.String`	`query()`	Required - EQL query you wish to run.
`ResultPosition`	`resultPosition()`	API name: `result_position`
`java.util.Map<java.lang.String,java.util.List<RuntimeField>>`	`runtimeMappings()`	API name: `runtime_mappings`
`void`	`serialize(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper)`	Serialize this object to JSON.
`protected void`	`serializeInternal(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper)`
`protected static void`	`setupEqlSearchRequestDeserializer(ObjectDeserializer<EqlSearchRequest.Builder> op)`
`java.lang.Number`	`size()`	For basic queries, the maximum number of matching events to return.
`java.lang.String`	`tiebreakerField()`	Field used to sort hits with the same timestamp in ascending order
`java.lang.String`	`timestampField()`	Field containing event timestamp.
`Time`	`waitForCompletionTimeout()`	API name: `wait_for_completion_timeout`

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details
- _DESERIALIZER
  
  public static final JsonpDeserializer<EqlSearchRequest> _DESERIALIZER
  
  Json deserializer for EqlSearchRequest
- _ENDPOINT
  
  public static final SimpleEndpoint<EqlSearchRequest,?> _ENDPOINT
  
  Endpoint "eql.search".
Method Details
- of
  
  public static EqlSearchRequest of(java.util.function.Function<EqlSearchRequest.Builder,ObjectBuilder<EqlSearchRequest>> fn)
- allowNoIndices
  
  @Nullable public final java.lang.Boolean allowNoIndices()
  
  API name: allow_no_indices
- caseSensitive
  
  @Nullable public final java.lang.Boolean caseSensitive()
  
  API name: case_sensitive
- eventCategoryField
  
  @Nullable public final java.lang.String eventCategoryField()
  
  Field containing the event classification, such as process, file, or network.
  API name: event_category_field
- expandWildcards
  
  public final java.util.List<ExpandWildcard> expandWildcards()
  
  API name: expand_wildcards
- fetchSize
  
  @Nullable public final java.lang.Number fetchSize()
  
  Maximum number of events to search at a time for sequence queries.
  API name: fetch_size
- fields
  
  public final java.util.List<FieldAndFormat> fields()
  
  Array of wildcard (*) patterns. The response returns values for field names matching these patterns in the fields property of each hit.
  API name: fields
- filter
  
  public final java.util.List<Query> filter()
  
  Query, written in Query DSL, used to filter the events on which the EQL query runs.
  API name: filter
- ignoreUnavailable
  
  @Nullable public final java.lang.Boolean ignoreUnavailable()
  
  If true, missing or closed indices are not included in the response.
  API name: ignore_unavailable
- index
  
  public final java.util.List<java.lang.String> index()
  
  Required - The name of the index to scope the operation
  API name: index
- keepAlive
  
  @Nullable public final Time keepAlive()
  
  API name: keep_alive
- keepOnCompletion
  
  @Nullable public final java.lang.Boolean keepOnCompletion()
  
  API name: keep_on_completion
- query
  
  public final java.lang.String query()
  
  Required - EQL query you wish to run.
  API name: query
- resultPosition
  
  @Nullable public final ResultPosition resultPosition()
  
  API name: result_position
- runtimeMappings
  
  public final java.util.Map<java.lang.String,java.util.List<RuntimeField>> runtimeMappings()
  
  API name: runtime_mappings
- size
  
  @Nullable public final java.lang.Number size()
  
  For basic queries, the maximum number of matching events to return. Defaults to 10
  API name: size
- tiebreakerField
  
  @Nullable public final java.lang.String tiebreakerField()
  
  Field used to sort hits with the same timestamp in ascending order
  API name: tiebreaker_field
- timestampField
  
  @Nullable public final java.lang.String timestampField()
  
  Field containing event timestamp. Default "@timestamp"
  API name: timestamp_field
- waitForCompletionTimeout
  
  @Nullable public final Time waitForCompletionTimeout()
  
  API name: wait_for_completion_timeout
- serialize
  
  public void serialize(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper)
  
  Serialize this object to JSON.
  
  Specified by:
  
  serialize in interface JsonpSerializable
- serializeInternal
  
  protected void serializeInternal(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper)
- setupEqlSearchRequestDeserializer
  
  protected static void setupEqlSearchRequestDeserializer(ObjectDeserializer<EqlSearchRequest.Builder> op)
- createSearchEndpoint
  
  public static <TEvent> Endpoint<EqlSearchRequest,EqlSearchResponse<TEvent>,ErrorResponse> createSearchEndpoint(JsonpDeserializer<TEvent> tEventDeserializer)
  
  Create an "eql.search" endpoint.

Class EqlSearchRequest

Nested Class Summary

Nested classes/interfaces inherited from class co.elastic.clients.elasticsearch._types.RequestBase

Field Summary

Method Summary

Methods inherited from class java.lang.Object

Field Details

_DESERIALIZER

_ENDPOINT

Method Details

of

allowNoIndices

caseSensitive

eventCategoryField

expandWildcards

fetchSize

fields

filter

ignoreUnavailable

index

keepAlive

keepOnCompletion

query

resultPosition

runtimeMappings

size

tiebreakerField

timestampField

waitForCompletionTimeout

serialize

serializeInternal

setupEqlSearchRequestDeserializer

createSearchEndpoint