Package co.elastic.clients.elasticsearch.eql

Class EqlSearchRequest.Builder

java.lang.Object
co.elastic.clients.util.ObjectBuilderBase
co.elastic.clients.util.WithJsonObjectBuilderBase<BuilderT>
co.elastic.clients.elasticsearch._types.RequestBase.AbstractBuilder<EqlSearchRequest.Builder>
co.elastic.clients.elasticsearch.eql.EqlSearchRequest.Builder
All Implemented Interfaces:
WithJson<EqlSearchRequest.Builder>, ObjectBuilder<EqlSearchRequest>
Enclosing class:
EqlSearchRequest
public static class EqlSearchRequest.Builder extends RequestBase.AbstractBuilder<EqlSearchRequest.Builder> implements ObjectBuilder<EqlSearchRequest>
Builder for EqlSearchRequest.

  • Constructor Details

    • Builder

      public Builder()

  • Method Details

    • allowNoIndices

      public final EqlSearchRequest.Builder allowNoIndices(@Nullable Boolean value)
      Whether to ignore if a wildcard indices expression resolves into no concrete indices. (This includes _all string or when no indices have been specified)

      API name: allow_no_indices

    • allowPartialSearchResults

      public final EqlSearchRequest.Builder allowPartialSearchResults(@Nullable Boolean value)
      Allow query execution also in case of shard failures. If true, the query will keep running and will return results based on the available shards. For sequences, the behavior can be further refined using allow_partial_sequence_results

      API name: allow_partial_search_results

    • allowPartialSequenceResults

      public final EqlSearchRequest.Builder allowPartialSequenceResults(@Nullable Boolean value)
      This flag applies only to sequences and has effect only if allow_partial_search_results=true. If true, the sequence query will return results based on the available shards, ignoring the others. If false, the sequence query will return successfully, but will always have empty results.

      API name: allow_partial_sequence_results

    • caseSensitive

      public final EqlSearchRequest.Builder caseSensitive(@Nullable Boolean value)
      API name: case_sensitive

    • ccsMinimizeRoundtrips

      public final EqlSearchRequest.Builder ccsMinimizeRoundtrips(@Nullable Boolean value)
      Indicates whether network round-trips should be minimized as part of cross-cluster search requests execution

      API name: ccs_minimize_roundtrips

    • eventCategoryField

      public final EqlSearchRequest.Builder eventCategoryField(@Nullable String value)
      Field containing the event classification, such as process, file, or network.

      API name: event_category_field

    • expandWildcards

      public final EqlSearchRequest.Builder expandWildcards(List<ExpandWildcard> list)
      Whether to expand wildcard expression to concrete indices that are open, closed or both.

      API name: expand_wildcards

      Adds all elements of list to expandWildcards.

    • expandWildcards

      public final EqlSearchRequest.Builder expandWildcards(ExpandWildcard value, ExpandWildcard... values)
      Whether to expand wildcard expression to concrete indices that are open, closed or both.

      API name: expand_wildcards

      Adds one or more values to expandWildcards.

    • fetchSize

      public final EqlSearchRequest.Builder fetchSize(@Nullable Number value)
      Maximum number of events to search at a time for sequence queries.

      API name: fetch_size

    • fields

      public final EqlSearchRequest.Builder fields(List<FieldAndFormat> list)
      Array of wildcard (*) patterns. The response returns values for field names matching these patterns in the fields property of each hit.

      API name: fields

      Adds all elements of list to fields.

    • fields

      public final EqlSearchRequest.Builder fields(FieldAndFormat value, FieldAndFormat... values)
      Array of wildcard (*) patterns. The response returns values for field names matching these patterns in the fields property of each hit.

      API name: fields

      Adds one or more values to fields.

    • fields

      public final EqlSearchRequest.Builder fields(Function<FieldAndFormat.Builder,ObjectBuilder<FieldAndFormat>> fn)
      Array of wildcard (*) patterns. The response returns values for field names matching these patterns in the fields property of each hit.

      API name: fields

      Adds a value to fields using a builder lambda.

    • filter

      public final EqlSearchRequest.Builder filter(List<Query> list)
      Query, written in Query DSL, used to filter the events on which the EQL query runs.

      API name: filter

      Adds all elements of list to filter.

    • filter

      public final EqlSearchRequest.Builder filter(Query value, Query... values)
      Query, written in Query DSL, used to filter the events on which the EQL query runs.

      API name: filter

      Adds one or more values to filter.

    • filter

      public final EqlSearchRequest.Builder filter(QueryVariant value, QueryVariant... values)
      Query, written in Query DSL, used to filter the events on which the EQL query runs.

      API name: filter

      Adds one or more values to filter.

    • filter

      public final EqlSearchRequest.Builder filter(Function<Query.Builder,ObjectBuilder<Query>> fn)
      Query, written in Query DSL, used to filter the events on which the EQL query runs.

      API name: filter

      Adds a value to filter using a builder lambda.

    • ignoreUnavailable

      public final EqlSearchRequest.Builder ignoreUnavailable(@Nullable Boolean value)
      If true, missing or closed indices are not included in the response.

      API name: ignore_unavailable

    • index

      public final EqlSearchRequest.Builder index(List<String> list)
      Required - The name of the index to scope the operation

      API name: index

      Adds all elements of list to index.

    • index

      public final EqlSearchRequest.Builder index(String value, String... values)
      Required - The name of the index to scope the operation

      API name: index

      Adds one or more values to index.

    • keepAlive

      public final EqlSearchRequest.Builder keepAlive(@Nullable Time value)
      API name: keep_alive

    • keepAlive

      public final EqlSearchRequest.Builder keepAlive(Function<Time.Builder,ObjectBuilder<Time>> fn)
      API name: keep_alive

    • keepOnCompletion

      public final EqlSearchRequest.Builder keepOnCompletion(@Nullable Boolean value)
      API name: keep_on_completion

    • maxSamplesPerKey

      public final EqlSearchRequest.Builder maxSamplesPerKey(@Nullable Integer value)
      By default, the response of a sample query contains up to 10 samples, with one sample per unique set of join keys. Use the size parameter to get a smaller or larger set of samples. To retrieve more than one sample per set of join keys, use the max_samples_per_key parameter. Pipes are not supported for sample queries.

      API name: max_samples_per_key

    • query

      public final EqlSearchRequest.Builder query(String value)
      Required - EQL query you wish to run.

      API name: query

    • resultPosition

      public final EqlSearchRequest.Builder resultPosition(@Nullable ResultPosition value)
      API name: result_position

    • runtimeMappings

      public final EqlSearchRequest.Builder runtimeMappings(Map<String,RuntimeField> map)
      API name: runtime_mappings

      Adds all entries of map to runtimeMappings.

    • runtimeMappings

      public final EqlSearchRequest.Builder runtimeMappings(String key, RuntimeField value)
      API name: runtime_mappings

      Adds an entry to runtimeMappings.

    • runtimeMappings

      public final EqlSearchRequest.Builder runtimeMappings(String key, Function<RuntimeField.Builder,ObjectBuilder<RuntimeField>> fn)
      API name: runtime_mappings

      Adds an entry to runtimeMappings using a builder lambda.

    • size

      public final EqlSearchRequest.Builder size(@Nullable Number value)
      For basic queries, the maximum number of matching events to return. Defaults to 10

      API name: size

    • tiebreakerField

      public final EqlSearchRequest.Builder tiebreakerField(@Nullable String value)
      Field used to sort hits with the same timestamp in ascending order

      API name: tiebreaker_field

    • timestampField

      public final EqlSearchRequest.Builder timestampField(@Nullable String value)
      Field containing event timestamp. Default "@timestamp"

      API name: timestamp_field

    • waitForCompletionTimeout

      public final EqlSearchRequest.Builder waitForCompletionTimeout(@Nullable Time value)
      API name: wait_for_completion_timeout

    • waitForCompletionTimeout

      public final EqlSearchRequest.Builder waitForCompletionTimeout(Function<Time.Builder,ObjectBuilder<Time>> fn)
      API name: wait_for_completion_timeout

    • self

      protected EqlSearchRequest.Builder self()
      Specified by:
      self in class RequestBase.AbstractBuilder<EqlSearchRequest.Builder>

    • build

      public EqlSearchRequest build()
      Builds a EqlSearchRequest.
      Specified by:
      build in interface ObjectBuilder<EqlSearchRequest>
      Throws:
      NullPointerException - if some of the required fields are null.