Class EqlSearchRequest
java.lang.Object
co.elastic.clients.elasticsearch._types.RequestBase
co.elastic.clients.elasticsearch.eql.EqlSearchRequest
- All Implemented Interfaces:
JsonpSerializable
@JsonpDeserializable public class EqlSearchRequest extends RequestBase implements JsonpSerializable
Returns results matching a query expressed in Event Query Language (EQL)
- See Also:
- API specification
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
EqlSearchRequest.Builder
Builder forEqlSearchRequest
.Nested classes/interfaces inherited from class co.elastic.clients.elasticsearch._types.RequestBase
RequestBase.AbstractBuilder<BuilderT extends RequestBase.AbstractBuilder<BuilderT>>
-
Field Summary
Fields Modifier and Type Field Description static JsonpDeserializer<EqlSearchRequest>
_DESERIALIZER
Json deserializer forEqlSearchRequest
static SimpleEndpoint<EqlSearchRequest,?>
_ENDPOINT
Endpoint "eql.search
". -
Method Summary
Modifier and Type Method Description java.lang.Boolean
allowNoIndices()
API name:allow_no_indices
java.lang.Boolean
caseSensitive()
API name:case_sensitive
static <TEvent> Endpoint<EqlSearchRequest,EqlSearchResponse<TEvent>,ErrorResponse>
createSearchEndpoint(JsonpDeserializer<TEvent> tEventDeserializer)
Create an "eql.search
" endpoint.java.lang.String
eventCategoryField()
Field containing the event classification, such as process, file, or network.java.util.List<ExpandWildcard>
expandWildcards()
API name:expand_wildcards
java.lang.Number
fetchSize()
Maximum number of events to search at a time for sequence queries.FieldAndFormat
fields()
Array of wildcard (*) patterns.java.util.List<Query>
filter()
Query, written in Query DSL, used to filter the events on which the EQL query runs.java.lang.Boolean
ignoreUnavailable()
If true, missing or closed indices are not included in the response.java.lang.String
index()
Required - The name of the index to scope the operationTime
keepAlive()
API name:keep_alive
java.lang.Boolean
keepOnCompletion()
API name:keep_on_completion
static EqlSearchRequest
of(java.util.function.Function<EqlSearchRequest.Builder,ObjectBuilder<EqlSearchRequest>> fn)
java.lang.String
query()
Required - EQL query you wish to run.ResultPosition
resultPosition()
API name:result_position
void
serialize(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper)
Serialize this object to JSON.protected void
serializeInternal(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper)
protected static void
setupEqlSearchRequestDeserializer(ObjectDeserializer<EqlSearchRequest.Builder> op)
java.lang.Number
size()
For basic queries, the maximum number of matching events to return.java.lang.String
tiebreakerField()
Field used to sort hits with the same timestamp in ascending orderjava.lang.String
timestampField()
Field containing event timestamp.Time
waitForCompletionTimeout()
API name:wait_for_completion_timeout
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Field Details
-
_DESERIALIZER
Json deserializer forEqlSearchRequest
-
_ENDPOINT
Endpoint "eql.search
".
-
-
Method Details
-
of
public static EqlSearchRequest of(java.util.function.Function<EqlSearchRequest.Builder,ObjectBuilder<EqlSearchRequest>> fn) -
allowNoIndices
@Nullable public final java.lang.Boolean allowNoIndices()API name:allow_no_indices
-
caseSensitive
@Nullable public final java.lang.Boolean caseSensitive()API name:case_sensitive
-
eventCategoryField
@Nullable public final java.lang.String eventCategoryField()Field containing the event classification, such as process, file, or network.API name:
event_category_field
-
expandWildcards
API name:expand_wildcards
-
fetchSize
@Nullable public final java.lang.Number fetchSize()Maximum number of events to search at a time for sequence queries.API name:
fetch_size
-
fields
Array of wildcard (*) patterns. The response returns values for field names matching these patterns in the fields property of each hit.API name:
fields
-
filter
Query, written in Query DSL, used to filter the events on which the EQL query runs.API name:
filter
-
index
public final java.lang.String index()Required - The name of the index to scope the operationAPI name:
index
-
keepAlive
API name:keep_alive
-
keepOnCompletion
@Nullable public final java.lang.Boolean keepOnCompletion()API name:keep_on_completion
-
query
public final java.lang.String query()Required - EQL query you wish to run.API name:
query
-
resultPosition
API name:result_position
-
size
@Nullable public final java.lang.Number size()For basic queries, the maximum number of matching events to return. Defaults to 10API name:
size
-
tiebreakerField
@Nullable public final java.lang.String tiebreakerField()Field used to sort hits with the same timestamp in ascending orderAPI name:
tiebreaker_field
-
timestampField
@Nullable public final java.lang.String timestampField()Field containing event timestamp. Default "@timestamp"API name:
timestamp_field
-
waitForCompletionTimeout
API name:wait_for_completion_timeout
-
serialize
Serialize this object to JSON.- Specified by:
serialize
in interfaceJsonpSerializable
-
serializeInternal
-
setupEqlSearchRequestDeserializer
protected static void setupEqlSearchRequestDeserializer(ObjectDeserializer<EqlSearchRequest.Builder> op) -
createSearchEndpoint
public static <TEvent> Endpoint<EqlSearchRequest,EqlSearchResponse<TEvent>,ErrorResponse> createSearchEndpoint(JsonpDeserializer<TEvent> tEventDeserializer)Create an "eql.search
" endpoint.
-