search

package
v8.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 9, 2023 License: Apache-2.0 Imports: 14 Imported by: 5

Documentation

Overview

Returns results matching a query expressed in Event Query Language (EQL)

Index

Constants

This section is empty.

Variables

View Source 
var ErrBuildPath = errors.New("cannot build path, check for missing path parameters")

ErrBuildPath is returned in case of missing parameters within the build of the request.

Functions

This section is empty.

Types

type NewSearch 

type NewSearch func(index string) *Search

NewSearch type alias for index.

func NewSearchFunc 

func NewSearchFunc(tp elastictransport.Interface) NewSearch

NewSearchFunc returns a new instance of Search with the provided transport. Used in the index of the library this allows to retrieve every apis in once place.

type Request 

type Request struct {
	CaseSensitive *bool `json:"case_sensitive,omitempty"`
	// EventCategoryField Field containing the event classification, such as process, file, or network.
	EventCategoryField *string `json:"event_category_field,omitempty"`
	// FetchSize Maximum number of events to search at a time for sequence queries.
	FetchSize *uint `json:"fetch_size,omitempty"`
	// Fields Array of wildcard (*) patterns. The response returns values for field names
	// matching these patterns in the fields property of each hit.
	Fields []types.FieldAndFormat `json:"fields,omitempty"`
	// Filter Query, written in Query DSL, used to filter the events on which the EQL query
	// runs.
	Filter           []types.Query  `json:"filter,omitempty"`
	KeepAlive        types.Duration `json:"keep_alive,omitempty"`
	KeepOnCompletion *bool          `json:"keep_on_completion,omitempty"`
	// Query EQL query you wish to run.
	Query           string                         `json:"query"`
	ResultPosition  *resultposition.ResultPosition `json:"result_position,omitempty"`
	RuntimeMappings types.RuntimeFields            `json:"runtime_mappings,omitempty"`
	// Size For basic queries, the maximum number of matching events to return. Defaults
	// to 10
	Size *uint `json:"size,omitempty"`
	// TiebreakerField Field used to sort hits with the same timestamp in ascending order
	TiebreakerField *string `json:"tiebreaker_field,omitempty"`
	// TimestampField Field containing event timestamp. Default "@timestamp"
	TimestampField           *string        `json:"timestamp_field,omitempty"`
	WaitForCompletionTimeout types.Duration `json:"wait_for_completion_timeout,omitempty"`
}

Request holds the request body struct for the package search

https://github.com/elastic/elasticsearch-specification/blob/ac9c431ec04149d9048f2b8f9731e3c2f7f38754/specification/eql/search/EqlSearchRequest.ts#L28-L118

func NewRequest added in v8.5.0 

func NewRequest() *Request

NewRequest returns a Request

func (*Request) FromJSON added in v8.5.0 

func (r *Request) FromJSON(data string) (*Request, error)

FromJSON allows to load an arbitrary json into the request structure

type Response added in v8.7.0 

type Response struct {

	// Hits Contains matching events and sequences. Also contains related metadata.
	Hits types.EqlHits `json:"hits"`
	// Id Identifier for the search.
	Id *string `json:"id,omitempty"`
	// IsPartial If true, the response does not contain complete search results.
	IsPartial *bool `json:"is_partial,omitempty"`
	// IsRunning If true, the search request is still executing.
	IsRunning *bool `json:"is_running,omitempty"`
	// TimedOut If true, the request timed out before completion.
	TimedOut *bool `json:"timed_out,omitempty"`
	// Took Milliseconds it took Elasticsearch to execute the request.
	Took *int64 `json:"took,omitempty"`
}

func NewResponse added in v8.7.0 

func NewResponse() *Response

NewResponse returns a Response 

type Search struct {
	// contains filtered or unexported fields
}

func New 

func New(tp elastictransport.Interface) *Search

Returns results matching a query expressed in Event Query Language (EQL)

https://www.elastic.co/guide/en/elasticsearch/reference/current/eql-search-api.html

func (*Search) AllowNoIndices 

func (r *Search) AllowNoIndices(allownoindices bool) *Search

API name: allow_no_indices

func (*Search) CaseSensitive added in v8.9.0 

func (r *Search) CaseSensitive(casesensitive bool) *Search

API name: case_sensitive

func (Search) Do 

func (r Search) Do(ctx context.Context) (*Response, error)

Do runs the request through the transport, handle the response and returns a search.Response

func (*Search) EventCategoryField added in v8.9.0 

func (r *Search) EventCategoryField(field string) *Search

EventCategoryField Field containing the event classification, such as process, file, or network. API name: event_category_field

func (*Search) ExpandWildcards 

func (r *Search) ExpandWildcards(expandwildcards ...expandwildcard.ExpandWildcard) *Search

API name: expand_wildcards

func (*Search) FetchSize added in v8.9.0 

func (r *Search) FetchSize(fetchsize uint) *Search

FetchSize Maximum number of events to search at a time for sequence queries. API name: fetch_size

func (*Search) Fields added in v8.9.0 

func (r *Search) Fields(fields ...types.FieldAndFormat) *Search

Fields Array of wildcard (*) patterns. The response returns values for field names matching these patterns in the fields property of each hit. API name: fields

func (*Search) Filter added in v8.9.0 

func (r *Search) Filter(filters ...types.Query) *Search

Filter Query, written in Query DSL, used to filter the events on which the EQL query runs. API name: filter

func (*Search) Header 

func (r *Search) Header(key, value string) *Search

Header set a key, value pair in the Search headers map.

func (*Search) HttpRequest 

func (r *Search) HttpRequest(ctx context.Context) (*http.Request, error)

HttpRequest returns the http.Request object built from the given parameters.

func (*Search) IgnoreUnavailable 

func (r *Search) IgnoreUnavailable(ignoreunavailable bool) *Search

IgnoreUnavailable If true, missing or closed indices are not included in the response. API name: ignore_unavailable

func (*Search) KeepAlive 

func (r *Search) KeepAlive(duration types.Duration) *Search

API name: keep_alive

func (*Search) KeepOnCompletion 

func (r *Search) KeepOnCompletion(keeponcompletion bool) *Search

API name: keep_on_completion

func (Search) Perform added in v8.7.0 

func (r Search) Perform(ctx context.Context) (*http.Response, error)

Perform runs the http.Request through the provided transport and returns an http.Response.

func (*Search) Query added in v8.9.0 

func (r *Search) Query(query string) *Search

Query EQL query you wish to run. API name: query

func (*Search) Raw 

func (r *Search) Raw(raw io.Reader) *Search

Raw takes a json payload as input which is then passed to the http.Request If specified Raw takes precedence on Request method.

func (*Search) Request 

func (r *Search) Request(req *Request) *Search

Request allows to set the request property with the appropriate payload.

func (*Search) ResultPosition added in v8.9.0 

func (r *Search) ResultPosition(resultposition resultposition.ResultPosition) *Search

API name: result_position

func (*Search) RuntimeMappings added in v8.9.0 

func (r *Search) RuntimeMappings(runtimefields types.RuntimeFields) *Search

API name: runtime_mappings

func (*Search) Size added in v8.9.0 

func (r *Search) Size(size uint) *Search

Size For basic queries, the maximum number of matching events to return. Defaults to 10 API name: size

func (*Search) TiebreakerField added in v8.9.0 

func (r *Search) TiebreakerField(field string) *Search

TiebreakerField Field used to sort hits with the same timestamp in ascending order API name: tiebreaker_field

func (*Search) TimestampField added in v8.9.0 

func (r *Search) TimestampField(field string) *Search

TimestampField Field containing event timestamp. Default "@timestamp" API name: timestamp_field

func (*Search) WaitForCompletionTimeout 

func (r *Search) WaitForCompletionTimeout(duration types.Duration) *Search

API name: wait_for_completion_timeout

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.