Documentation
¶
Overview ¶
Returns results matching a query expressed in Event Query Language (EQL)
Index ¶
- Variables
- type NewSearch
- type Request
- type Response
- type Search
- func (r *Search) AllowNoIndices(b bool) *Search
- func (r Search) Do(ctx context.Context) (*Response, error)
- func (r *Search) ExpandWildcards(v string) *Search
- func (r *Search) Header(key, value string) *Search
- func (r *Search) HttpRequest(ctx context.Context) (*http.Request, error)
- func (r *Search) IgnoreUnavailable(b bool) *Search
- func (r *Search) Index(v string) *Search
- func (r *Search) KeepAlive(v string) *Search
- func (r *Search) KeepOnCompletion(b bool) *Search
- func (r Search) Perform(ctx context.Context) (*http.Response, error)
- func (r *Search) Raw(raw io.Reader) *Search
- func (r *Search) Request(req *Request) *Search
- func (r *Search) WaitForCompletionTimeout(v string) *Search
Constants ¶
This section is empty.
Variables ¶
var ErrBuildPath = errors.New("cannot build path, check for missing path parameters")
ErrBuildPath is returned in case of missing parameters within the build of the request.
Functions ¶
This section is empty.
Types ¶
type NewSearch ¶
NewSearch type alias for index.
func NewSearchFunc ¶
func NewSearchFunc(tp elastictransport.Interface) NewSearch
NewSearchFunc returns a new instance of Search with the provided transport. Used in the index of the library this allows to retrieve every apis in once place.
type Request ¶
type Request struct {
CaseSensitive *bool `json:"case_sensitive,omitempty"`
// EventCategoryField Field containing the event classification, such as process, file, or network.
EventCategoryField *string `json:"event_category_field,omitempty"`
// FetchSize Maximum number of events to search at a time for sequence queries.
FetchSize *uint `json:"fetch_size,omitempty"`
// Fields Array of wildcard (*) patterns. The response returns values for field names
// matching these patterns in the fields property of each hit.
Fields []types.FieldAndFormat `json:"fields,omitempty"`
// Filter Query, written in Query DSL, used to filter the events on which the EQL query
// runs.
Filter []types.Query `json:"filter,omitempty"`
KeepAlive types.Duration `json:"keep_alive,omitempty"`
KeepOnCompletion *bool `json:"keep_on_completion,omitempty"`
// Query EQL query you wish to run.
Query string `json:"query"`
ResultPosition *resultposition.ResultPosition `json:"result_position,omitempty"`
RuntimeMappings map[string]types.RuntimeField `json:"runtime_mappings,omitempty"`
// Size For basic queries, the maximum number of matching events to return. Defaults
// to 10
Size *uint `json:"size,omitempty"`
// TiebreakerField Field used to sort hits with the same timestamp in ascending order
TiebreakerField *string `json:"tiebreaker_field,omitempty"`
// TimestampField Field containing event timestamp. Default "@timestamp"
TimestampField *string `json:"timestamp_field,omitempty"`
WaitForCompletionTimeout types.Duration `json:"wait_for_completion_timeout,omitempty"`
}
Request holds the request body struct for the package search
type Response ¶
type Response struct {
// Hits Contains matching events and sequences. Also contains related metadata.
Hits types.EqlHits `json:"hits"`
// Id Identifier for the search.
Id *string `json:"id,omitempty"`
// IsPartial If true, the response does not contain complete search results.
IsPartial *bool `json:"is_partial,omitempty"`
// IsRunning If true, the search request is still executing.
IsRunning *bool `json:"is_running,omitempty"`
// TimedOut If true, the request timed out before completion.
TimedOut *bool `json:"timed_out,omitempty"`
// Took Milliseconds it took Elasticsearch to execute the request.
Took *int64 `json:"took,omitempty"`
}
type Search ¶
type Search struct {
// contains filtered or unexported fields
}
func New ¶
func New(tp elastictransport.Interface) *Search
Returns results matching a query expressed in Event Query Language (EQL)
https://www.elastic.co/guide/en/elasticsearch/reference/current/eql-search-api.html
func (*Search) AllowNoIndices ¶
API name: allow_no_indices
func (Search) Do ¶
Do runs the request through the transport, handle the response and returns a search.Response
func (*Search) ExpandWildcards ¶
API name: expand_wildcards
func (*Search) HttpRequest ¶
HttpRequest returns the http.Request object built from the given parameters.
func (*Search) IgnoreUnavailable ¶
IgnoreUnavailable If true, missing or closed indices are not included in the response. API name: ignore_unavailable
func (*Search) KeepAlive ¶
KeepAlive Period for which the search and its results are stored on the cluster. API name: keep_alive
func (*Search) KeepOnCompletion ¶
KeepOnCompletion If true, the search and its results are stored on the cluster. API name: keep_on_completion
func (Search) Perform ¶
Perform runs the http.Request through the provided transport and returns an http.Response.
func (*Search) Raw ¶
Raw takes a json payload as input which is then passed to the http.Request If specified Raw takes precedence on Request method.
func (*Search) WaitForCompletionTimeout ¶
WaitForCompletionTimeout Timeout duration to wait for the request to finish. Defaults to no timeout, meaning the request waits for complete search results. API name: wait_for_completion_timeout
Source Files