search

package
v8.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 11, 2023 License: Apache-2.0 Imports: 12 Imported by: 5

Documentation

Overview

Returns results matching a query expressed in Event Query Language (EQL)

Index

Constants

This section is empty.

Variables

View Source
var ErrBuildPath = errors.New("cannot build path, check for missing path parameters")

ErrBuildPath is returned in case of missing parameters within the build of the request.

Functions

This section is empty.

Types

type NewSearch

type NewSearch func(index string) *Search

NewSearch type alias for index.

func NewSearchFunc

func NewSearchFunc(tp elastictransport.Interface) NewSearch

NewSearchFunc returns a new instance of Search with the provided transport. Used in the index of the library this allows to retrieve every apis in once place.

type Request

type Request struct {
	CaseSensitive *bool `json:"case_sensitive,omitempty"`
	// EventCategoryField Field containing the event classification, such as process, file, or network.
	EventCategoryField *string `json:"event_category_field,omitempty"`
	// FetchSize Maximum number of events to search at a time for sequence queries.
	FetchSize *uint `json:"fetch_size,omitempty"`
	// Fields Array of wildcard (*) patterns. The response returns values for field names
	// matching these patterns in the fields property of each hit.
	Fields []types.FieldAndFormat `json:"fields,omitempty"`
	// Filter Query, written in Query DSL, used to filter the events on which the EQL query
	// runs.
	Filter           []types.Query   `json:"filter,omitempty"`
	KeepAlive        *types.Duration `json:"keep_alive,omitempty"`
	KeepOnCompletion *bool           `json:"keep_on_completion,omitempty"`
	// Query EQL query you wish to run.
	Query           string                         `json:"query"`
	ResultPosition  *resultposition.ResultPosition `json:"result_position,omitempty"`
	RuntimeMappings map[string]types.RuntimeField  `json:"runtime_mappings,omitempty"`
	// Size For basic queries, the maximum number of matching events to return. Defaults
	// to 10
	Size *uint `json:"size,omitempty"`
	// TiebreakerField Field used to sort hits with the same timestamp in ascending order
	TiebreakerField *string `json:"tiebreaker_field,omitempty"`
	// TimestampField Field containing event timestamp. Default "@timestamp"
	TimestampField           *string         `json:"timestamp_field,omitempty"`
	WaitForCompletionTimeout *types.Duration `json:"wait_for_completion_timeout,omitempty"`
}

Request holds the request body struct for the package search

https://github.com/elastic/elasticsearch-specification/blob/7f49eec1f23a5ae155001c058b3196d85981d5c2/specification/eql/search/EqlSearchRequest.ts#L28-L115

func NewRequest added in v8.5.0

func NewRequest() *Request

NewRequest returns a Request

func (*Request) FromJSON added in v8.5.0

func (rb *Request) FromJSON(data string) (*Request, error)

FromJSON allows to load an arbitrary json into the request structure

type Search struct {
	// contains filtered or unexported fields
}

func New

Returns results matching a query expressed in Event Query Language (EQL)

https://www.elastic.co/guide/en/elasticsearch/reference/current/eql-search-api.html

func (*Search) AllowNoIndices

func (r *Search) AllowNoIndices(b bool) *Search

API name: allow_no_indices

func (Search) Do

func (r Search) Do(ctx context.Context) (*http.Response, error)

Do runs the http.Request through the provided transport.

func (*Search) ExpandWildcards

func (r *Search) ExpandWildcards(value string) *Search

API name: expand_wildcards

func (*Search) Header

func (r *Search) Header(key, value string) *Search

Header set a key, value pair in the Search headers map.

func (*Search) HttpRequest

func (r *Search) HttpRequest(ctx context.Context) (*http.Request, error)

HttpRequest returns the http.Request object built from the given parameters.

func (*Search) IgnoreUnavailable

func (r *Search) IgnoreUnavailable(b bool) *Search

IgnoreUnavailable If true, missing or closed indices are not included in the response. API name: ignore_unavailable

func (*Search) Index

func (r *Search) Index(v string) *Search

Index The name of the index to scope the operation API Name: index

func (*Search) KeepAlive

func (r *Search) KeepAlive(value string) *Search

KeepAlive Period for which the search and its results are stored on the cluster. API name: keep_alive

func (*Search) KeepOnCompletion

func (r *Search) KeepOnCompletion(b bool) *Search

KeepOnCompletion If true, the search and its results are stored on the cluster. API name: keep_on_completion

func (*Search) Raw

func (r *Search) Raw(raw json.RawMessage) *Search

Raw takes a json payload as input which is then passed to the http.Request If specified Raw takes precedence on Request method.

func (*Search) Request

func (r *Search) Request(req *Request) *Search

Request allows to set the request property with the appropriate payload.

func (*Search) WaitForCompletionTimeout

func (r *Search) WaitForCompletionTimeout(value string) *Search

WaitForCompletionTimeout Timeout duration to wait for the request to finish. Defaults to no timeout, meaning the request waits for complete search results. API name: wait_for_completion_timeout

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL