Class EqlSearchRequest.Builder
java.lang.Object
co.elastic.clients.util.ObjectBuilderBase
co.elastic.clients.util.WithJsonObjectBuilderBase<BuilderT>
co.elastic.clients.elasticsearch._types.RequestBase.AbstractBuilder<EqlSearchRequest.Builder>
co.elastic.clients.elasticsearch.eql.EqlSearchRequest.Builder
- All Implemented Interfaces:
WithJson<EqlSearchRequest.Builder>,ObjectBuilder<EqlSearchRequest>
- Enclosing class:
- EqlSearchRequest
public static class EqlSearchRequest.Builder
extends RequestBase.AbstractBuilder<EqlSearchRequest.Builder>
implements ObjectBuilder<EqlSearchRequest>
Builder for
EqlSearchRequest.-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionfinal EqlSearchRequest.BuilderallowNoIndices(Boolean value) API name:allow_no_indicesbuild()Builds aEqlSearchRequest.final EqlSearchRequest.BuildercaseSensitive(Boolean value) API name:case_sensitivefinal EqlSearchRequest.BuildereventCategoryField(String value) Field containing the event classification, such as process, file, or network.final EqlSearchRequest.BuilderexpandWildcards(ExpandWildcard value, ExpandWildcard... values) API name:expand_wildcardsfinal EqlSearchRequest.BuilderexpandWildcards(List<ExpandWildcard> list) API name:expand_wildcardsfinal EqlSearchRequest.BuilderMaximum number of events to search at a time for sequence queries.final EqlSearchRequest.Builderfields(FieldAndFormat value, FieldAndFormat... values) Array of wildcard (*) patterns.final EqlSearchRequest.BuilderArray of wildcard (*) patterns.final EqlSearchRequest.Builderfields(List<FieldAndFormat> list) Array of wildcard (*) patterns.final EqlSearchRequest.BuilderQuery, written in Query DSL, used to filter the events on which the EQL query runs.final EqlSearchRequest.BuilderQuery, written in Query DSL, used to filter the events on which the EQL query runs.final EqlSearchRequest.BuilderQuery, written in Query DSL, used to filter the events on which the EQL query runs.final EqlSearchRequest.BuilderignoreUnavailable(Boolean value) If true, missing or closed indices are not included in the response.final EqlSearchRequest.BuilderRequired - The name of the index to scope the operationfinal EqlSearchRequest.BuilderRequired - The name of the index to scope the operationfinal EqlSearchRequest.BuilderAPI name:keep_alivefinal EqlSearchRequest.BuilderAPI name:keep_alivefinal EqlSearchRequest.BuilderkeepOnCompletion(Boolean value) API name:keep_on_completionfinal EqlSearchRequest.BuilderRequired - EQL query you wish to run.final EqlSearchRequest.BuilderresultPosition(ResultPosition value) API name:result_positionfinal EqlSearchRequest.BuilderruntimeMappings(String key, RuntimeField value) API name:runtime_mappingsfinal EqlSearchRequest.BuilderAPI name:runtime_mappingsfinal EqlSearchRequest.BuilderruntimeMappings(Map<String, RuntimeField> map) API name:runtime_mappingsprotected EqlSearchRequest.Builderself()final EqlSearchRequest.BuilderFor basic queries, the maximum number of matching events to return.final EqlSearchRequest.BuildertiebreakerField(String value) Field used to sort hits with the same timestamp in ascending orderfinal EqlSearchRequest.BuildertimestampField(String value) Field containing event timestamp.final EqlSearchRequest.BuilderwaitForCompletionTimeout(Time value) API name:wait_for_completion_timeoutfinal EqlSearchRequest.BuilderAPI name:wait_for_completion_timeoutMethods inherited from class co.elastic.clients.util.WithJsonObjectBuilderBase
withJsonMethods inherited from class co.elastic.clients.util.ObjectBuilderBase
_checkSingleUse, _listAdd, _listAddAll, _mapPut, _mapPutAll
-
Constructor Details
-
Builder
public Builder()
-
-
Method Details
-
allowNoIndices
API name:allow_no_indices -
caseSensitive
API name:case_sensitive -
eventCategoryField
Field containing the event classification, such as process, file, or network.API name:
event_category_field -
expandWildcards
API name:expand_wildcardsAdds all elements of
listtoexpandWildcards. -
expandWildcards
public final EqlSearchRequest.Builder expandWildcards(ExpandWildcard value, ExpandWildcard... values) API name:expand_wildcardsAdds one or more values to
expandWildcards. -
fetchSize
Maximum number of events to search at a time for sequence queries.API name:
fetch_size -
fields
Array of wildcard (*) patterns. The response returns values for field names matching these patterns in the fields property of each hit.API name:
fieldsAdds all elements of
listtofields. -
fields
Array of wildcard (*) patterns. The response returns values for field names matching these patterns in the fields property of each hit.API name:
fieldsAdds one or more values to
fields. -
fields
public final EqlSearchRequest.Builder fields(Function<FieldAndFormat.Builder, ObjectBuilder<FieldAndFormat>> fn) Array of wildcard (*) patterns. The response returns values for field names matching these patterns in the fields property of each hit.API name:
fieldsAdds a value to
fieldsusing a builder lambda. -
filter
Query, written in Query DSL, used to filter the events on which the EQL query runs.API name:
filterAdds all elements of
listtofilter. -
filter
Query, written in Query DSL, used to filter the events on which the EQL query runs.API name:
filterAdds one or more values to
filter. -
filter
Query, written in Query DSL, used to filter the events on which the EQL query runs.API name:
filterAdds a value to
filterusing a builder lambda. -
index
Required - The name of the index to scope the operationAPI name:
indexAdds all elements of
listtoindex. -
index
Required - The name of the index to scope the operationAPI name:
indexAdds one or more values to
index. -
keepAlive
API name:keep_alive -
keepAlive
API name:keep_alive -
keepOnCompletion
API name:keep_on_completion -
query
Required - EQL query you wish to run.API name:
query -
resultPosition
API name:result_position -
runtimeMappings
API name:runtime_mappingsAdds all entries of
maptoruntimeMappings. -
runtimeMappings
API name:runtime_mappingsAdds an entry to
runtimeMappings. -
runtimeMappings
public final EqlSearchRequest.Builder runtimeMappings(String key, Function<RuntimeField.Builder, ObjectBuilder<RuntimeField>> fn) API name:runtime_mappingsAdds an entry to
runtimeMappingsusing a builder lambda. -
size
For basic queries, the maximum number of matching events to return. Defaults to 10API name:
size -
tiebreakerField
Field used to sort hits with the same timestamp in ascending orderAPI name:
tiebreaker_field -
timestampField
Field containing event timestamp. Default "@timestamp"API name:
timestamp_field -
waitForCompletionTimeout
API name:wait_for_completion_timeout -
waitForCompletionTimeout
public final EqlSearchRequest.Builder waitForCompletionTimeout(Function<Time.Builder, ObjectBuilder<Time>> fn) API name:wait_for_completion_timeout -
self
- Specified by:
selfin classRequestBase.AbstractBuilder<EqlSearchRequest.Builder>
-
build
Builds aEqlSearchRequest.- Specified by:
buildin interfaceObjectBuilder<EqlSearchRequest>- Throws:
NullPointerException- if some of the required fields are null.
-