search

package
v8.16.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 14, 2024 License: Apache-2.0 Imports: 14 Imported by: 5

Documentation

Overview

Returns results matching a query expressed in Event Query Language (EQL)

Index

Constants

This section is empty.

Variables

View Source
var ErrBuildPath = errors.New("cannot build path, check for missing path parameters")

ErrBuildPath is returned in case of missing parameters within the build of the request.

Functions

This section is empty.

Types

type NewSearch

type NewSearch func(index string) *Search

NewSearch type alias for index.

func NewSearchFunc

func NewSearchFunc(tp elastictransport.Interface) NewSearch

NewSearchFunc returns a new instance of Search with the provided transport. Used in the index of the library this allows to retrieve every apis in once place.

type Request

type Request struct {
	CaseSensitive *bool `json:"case_sensitive,omitempty"`
	// EventCategoryField Field containing the event classification, such as process, file, or network.
	EventCategoryField *string `json:"event_category_field,omitempty"`
	// FetchSize Maximum number of events to search at a time for sequence queries.
	FetchSize *uint `json:"fetch_size,omitempty"`
	// Fields Array of wildcard (*) patterns. The response returns values for field names
	// matching these patterns in the fields property of each hit.
	Fields []types.FieldAndFormat `json:"fields,omitempty"`
	// Filter Query, written in Query DSL, used to filter the events on which the EQL query
	// runs.
	Filter           []types.Query  `json:"filter,omitempty"`
	KeepAlive        types.Duration `json:"keep_alive,omitempty"`
	KeepOnCompletion *bool          `json:"keep_on_completion,omitempty"`
	// Query EQL query you wish to run.
	Query           string                         `json:"query"`
	ResultPosition  *resultposition.ResultPosition `json:"result_position,omitempty"`
	RuntimeMappings types.RuntimeFields            `json:"runtime_mappings,omitempty"`
	// Size For basic queries, the maximum number of matching events to return. Defaults
	// to 10
	Size *uint `json:"size,omitempty"`
	// TiebreakerField Field used to sort hits with the same timestamp in ascending order
	TiebreakerField *string `json:"tiebreaker_field,omitempty"`
	// TimestampField Field containing event timestamp. Default "@timestamp"
	TimestampField           *string        `json:"timestamp_field,omitempty"`
	WaitForCompletionTimeout types.Duration `json:"wait_for_completion_timeout,omitempty"`
}

Request holds the request body struct for the package search

https://github.com/elastic/elasticsearch-specification/blob/4fcf747dfafc951e1dcf3077327e3dcee9107db3/specification/eql/search/EqlSearchRequest.ts#L28-L118

func NewRequest added in v8.5.0

func NewRequest() *Request

NewRequest returns a Request

func (*Request) FromJSON added in v8.5.0

func (r *Request) FromJSON(data string) (*Request, error)

FromJSON allows to load an arbitrary json into the request structure

func (*Request) UnmarshalJSON added in v8.12.1

func (s *Request) UnmarshalJSON(data []byte) error

type Response added in v8.7.0

type Response struct {

	// Hits Contains matching events and sequences. Also contains related metadata.
	Hits types.EqlHits `json:"hits"`
	// Id Identifier for the search.
	Id *string `json:"id,omitempty"`
	// IsPartial If true, the response does not contain complete search results.
	IsPartial *bool `json:"is_partial,omitempty"`
	// IsRunning If true, the search request is still executing.
	IsRunning *bool `json:"is_running,omitempty"`
	// TimedOut If true, the request timed out before completion.
	TimedOut *bool `json:"timed_out,omitempty"`
	// Took Milliseconds it took Elasticsearch to execute the request.
	Took *int64 `json:"took,omitempty"`
}

Response holds the response body struct for the package search

https://github.com/elastic/elasticsearch-specification/blob/4fcf747dfafc951e1dcf3077327e3dcee9107db3/specification/eql/search/EqlSearchResponse.ts#L22-L24

func NewResponse added in v8.7.0

func NewResponse() *Response

NewResponse returns a Response

type Search struct {
	// contains filtered or unexported fields
}

func New

Returns results matching a query expressed in Event Query Language (EQL)

https://www.elastic.co/guide/en/elasticsearch/reference/current/eql-search-api.html

func (*Search) AllowNoIndices

func (r *Search) AllowNoIndices(allownoindices bool) *Search

API name: allow_no_indices

func (*Search) CaseSensitive added in v8.9.0

func (r *Search) CaseSensitive(casesensitive bool) *Search

API name: case_sensitive

func (Search) Do

func (r Search) Do(providedCtx context.Context) (*Response, error)

Do runs the request through the transport, handle the response and returns a search.Response

func (*Search) ErrorTrace added in v8.14.0

func (r *Search) ErrorTrace(errortrace bool) *Search

ErrorTrace When set to `true` Elasticsearch will include the full stack trace of errors when they occur. API name: error_trace

func (*Search) EventCategoryField added in v8.9.0

func (r *Search) EventCategoryField(field string) *Search

EventCategoryField Field containing the event classification, such as process, file, or network. API name: event_category_field

func (*Search) ExpandWildcards

func (r *Search) ExpandWildcards(expandwildcards ...expandwildcard.ExpandWildcard) *Search

API name: expand_wildcards

func (*Search) FetchSize added in v8.9.0

func (r *Search) FetchSize(fetchsize uint) *Search

FetchSize Maximum number of events to search at a time for sequence queries. API name: fetch_size

func (*Search) Fields added in v8.9.0

func (r *Search) Fields(fields ...types.FieldAndFormat) *Search

Fields Array of wildcard (*) patterns. The response returns values for field names matching these patterns in the fields property of each hit. API name: fields

func (*Search) Filter added in v8.9.0

func (r *Search) Filter(filters ...types.Query) *Search

Filter Query, written in Query DSL, used to filter the events on which the EQL query runs. API name: filter

func (*Search) FilterPath added in v8.14.0

func (r *Search) FilterPath(filterpaths ...string) *Search

FilterPath Comma-separated list of filters in dot notation which reduce the response returned by Elasticsearch. API name: filter_path

func (*Search) Header

func (r *Search) Header(key, value string) *Search

Header set a key, value pair in the Search headers map.

func (*Search) HttpRequest

func (r *Search) HttpRequest(ctx context.Context) (*http.Request, error)

HttpRequest returns the http.Request object built from the given parameters.

func (*Search) Human added in v8.14.0

func (r *Search) Human(human bool) *Search

Human When set to `true` will return statistics in a format suitable for humans. For example `"exists_time": "1h"` for humans and `"eixsts_time_in_millis": 3600000` for computers. When disabled the human readable values will be omitted. This makes sense for responses being consumed only by machines. API name: human

func (*Search) IgnoreUnavailable

func (r *Search) IgnoreUnavailable(ignoreunavailable bool) *Search

IgnoreUnavailable If true, missing or closed indices are not included in the response. API name: ignore_unavailable

func (*Search) KeepAlive

func (r *Search) KeepAlive(duration types.Duration) *Search

API name: keep_alive

func (*Search) KeepOnCompletion

func (r *Search) KeepOnCompletion(keeponcompletion bool) *Search

API name: keep_on_completion

func (Search) Perform added in v8.7.0

func (r Search) Perform(providedCtx context.Context) (*http.Response, error)

Perform runs the http.Request through the provided transport and returns an http.Response.

func (*Search) Pretty added in v8.14.0

func (r *Search) Pretty(pretty bool) *Search

Pretty If set to `true` the returned JSON will be "pretty-formatted". Only use this option for debugging only. API name: pretty

func (*Search) Query added in v8.9.0

func (r *Search) Query(query string) *Search

Query EQL query you wish to run. API name: query

func (*Search) Raw

func (r *Search) Raw(raw io.Reader) *Search

Raw takes a json payload as input which is then passed to the http.Request If specified Raw takes precedence on Request method.

func (*Search) Request

func (r *Search) Request(req *Request) *Search

Request allows to set the request property with the appropriate payload.

func (*Search) ResultPosition added in v8.9.0

func (r *Search) ResultPosition(resultposition resultposition.ResultPosition) *Search

API name: result_position

func (*Search) RuntimeMappings added in v8.9.0

func (r *Search) RuntimeMappings(runtimefields types.RuntimeFields) *Search

API name: runtime_mappings

func (*Search) Size added in v8.9.0

func (r *Search) Size(size uint) *Search

Size For basic queries, the maximum number of matching events to return. Defaults to 10 API name: size

func (*Search) TiebreakerField added in v8.9.0

func (r *Search) TiebreakerField(field string) *Search

TiebreakerField Field used to sort hits with the same timestamp in ascending order API name: tiebreaker_field

func (*Search) TimestampField added in v8.9.0

func (r *Search) TimestampField(field string) *Search

TimestampField Field containing event timestamp. Default "@timestamp" API name: timestamp_field

func (*Search) WaitForCompletionTimeout

func (r *Search) WaitForCompletionTimeout(duration types.Duration) *Search

API name: wait_for_completion_timeout

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL