Class EqlSearchRequest
java.lang.Object
co.elastic.clients.elasticsearch._types.RequestBase
co.elastic.clients.elasticsearch.eql.EqlSearchRequest
- All Implemented Interfaces:
JsonpSerializable
Returns results matching a query expressed in Event Query Language (EQL)
- See Also:
-
Nested Class Summary
Nested classes/interfaces inherited from class co.elastic.clients.elasticsearch._types.RequestBase
RequestBase.AbstractBuilder<BuilderT extends RequestBase.AbstractBuilder<BuilderT>>
-
Field Summary
Modifier and TypeFieldDescriptionstatic final JsonpDeserializer<EqlSearchRequest>
Json deserializer forEqlSearchRequest
static final SimpleEndpoint<EqlSearchRequest,
?> Endpoint "eql.search
". -
Method Summary
Modifier and TypeMethodDescriptionfinal Boolean
API name:allow_no_indices
final Boolean
API name:case_sensitive
static <TEvent> Endpoint<EqlSearchRequest,
EqlSearchResponse<TEvent>, ErrorResponse> createSearchEndpoint
(JsonpDeserializer<TEvent> tEventDeserializer) Create an "eql.search
" endpoint.final String
Field containing the event classification, such as process, file, or network.final List<ExpandWildcard>
API name:expand_wildcards
final Number
Maximum number of events to search at a time for sequence queries.final List<FieldAndFormat>
fields()
Array of wildcard (*) patterns.filter()
Query, written in Query DSL, used to filter the events on which the EQL query runs.final Boolean
If true, missing or closed indices are not included in the response.index()
Required - The name of the index to scope the operationfinal Time
API name:keep_alive
final Boolean
API name:keep_on_completion
static EqlSearchRequest
final String
query()
Required - EQL query you wish to run.final ResultPosition
API name:result_position
final Map<String,
RuntimeField> API name:runtime_mappings
void
serialize
(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper) Serialize this object to JSON.protected void
serializeInternal
(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper) protected static void
final Number
size()
For basic queries, the maximum number of matching events to return.final String
Field used to sort hits with the same timestamp in ascending orderfinal String
Field containing event timestamp.final Time
API name:wait_for_completion_timeout
Methods inherited from class co.elastic.clients.elasticsearch._types.RequestBase
toString
-
Field Details
-
_DESERIALIZER
Json deserializer forEqlSearchRequest
-
_ENDPOINT
Endpoint "eql.search
".
-
-
Method Details
-
of
public static EqlSearchRequest of(Function<EqlSearchRequest.Builder, ObjectBuilder<EqlSearchRequest>> fn) -
allowNoIndices
API name:allow_no_indices
-
caseSensitive
API name:case_sensitive
-
eventCategoryField
Field containing the event classification, such as process, file, or network.API name:
event_category_field
-
expandWildcards
API name:expand_wildcards
-
fetchSize
Maximum number of events to search at a time for sequence queries.API name:
fetch_size
-
fields
Array of wildcard (*) patterns. The response returns values for field names matching these patterns in the fields property of each hit.API name:
fields
-
filter
Query, written in Query DSL, used to filter the events on which the EQL query runs.API name:
filter
-
index
Required - The name of the index to scope the operationAPI name:
index
-
keepAlive
API name:keep_alive
-
keepOnCompletion
API name:keep_on_completion
-
query
Required - EQL query you wish to run.API name:
query
-
resultPosition
API name:result_position
-
runtimeMappings
API name:runtime_mappings
-
size
For basic queries, the maximum number of matching events to return. Defaults to 10API name:
size
-
tiebreakerField
Field used to sort hits with the same timestamp in ascending orderAPI name:
tiebreaker_field
-
timestampField
Field containing event timestamp. Default "@timestamp"API name:
timestamp_field
-
waitForCompletionTimeout
API name:wait_for_completion_timeout
-
serialize
Serialize this object to JSON.- Specified by:
serialize
in interfaceJsonpSerializable
-
serializeInternal
-
setupEqlSearchRequestDeserializer
protected static void setupEqlSearchRequestDeserializer(ObjectDeserializer<EqlSearchRequest.Builder> op) -
createSearchEndpoint
public static <TEvent> Endpoint<EqlSearchRequest,EqlSearchResponse<TEvent>, createSearchEndpointErrorResponse> (JsonpDeserializer<TEvent> tEventDeserializer) Create an "eql.search
" endpoint.
-