Package co.elastic.clients.elasticsearch.eql

Class EqlSearchRequest

java.lang.Object
co.elastic.clients.elasticsearch._types.RequestBase
co.elastic.clients.elasticsearch.eql.EqlSearchRequest
All Implemented Interfaces:
JsonpSerializable
@JsonpDeserializable public class EqlSearchRequest extends RequestBase implements JsonpSerializable
Returns results matching a query expressed in Event Query Language (EQL)
See Also:

  • Field Details

  • Method Details

    • of

      public static EqlSearchRequest of(Function<EqlSearchRequest.Builder,ObjectBuilder<EqlSearchRequest>> fn)

    • allowNoIndices

      @Nullable public final Boolean allowNoIndices()
      API name: allow_no_indices

    • caseSensitive

      @Nullable public final Boolean caseSensitive()
      API name: case_sensitive

    • eventCategoryField

      @Nullable public final String eventCategoryField()
      Field containing the event classification, such as process, file, or network.

      API name: event_category_field

    • expandWildcards

      public final List<ExpandWildcard> expandWildcards()
      API name: expand_wildcards

    • fetchSize

      @Nullable public final Number fetchSize()
      Maximum number of events to search at a time for sequence queries.

      API name: fetch_size

    • fields

      @Nullable public final FieldAndFormat fields()
      Array of wildcard (*) patterns. The response returns values for field names matching these patterns in the fields property of each hit.

      API name: fields

    • filter

      public final List<Query> filter()
      Query, written in Query DSL, used to filter the events on which the EQL query runs.

      API name: filter

    • ignoreUnavailable

      @Nullable public final Boolean ignoreUnavailable()
      If true, missing or closed indices are not included in the response.

      API name: ignore_unavailable

    • index

      public final String index()
      Required - The name of the index to scope the operation

      API name: index

    • keepAlive

      @Nullable public final Time keepAlive()
      API name: keep_alive

    • keepOnCompletion

      @Nullable public final Boolean keepOnCompletion()
      API name: keep_on_completion

    • query

      public final String query()
      Required - EQL query you wish to run.

      API name: query

    • resultPosition

      @Nullable public final ResultPosition resultPosition()
      API name: result_position

    • size

      @Nullable public final Number size()
      For basic queries, the maximum number of matching events to return. Defaults to 10

      API name: size

    • tiebreakerField

      @Nullable public final String tiebreakerField()
      Field used to sort hits with the same timestamp in ascending order

      API name: tiebreaker_field

    • timestampField

      @Nullable public final String timestampField()
      Field containing event timestamp. Default "@timestamp"

      API name: timestamp_field

    • waitForCompletionTimeout

      @Nullable public final Time waitForCompletionTimeout()
      API name: wait_for_completion_timeout

    • serialize

      public void serialize(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper)
      Serialize this object to JSON.
      Specified by:
      serialize in interface JsonpSerializable

    • serializeInternal

      protected void serializeInternal(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper)

    • setupEqlSearchRequestDeserializer

      protected static void setupEqlSearchRequestDeserializer(ObjectDeserializer<EqlSearchRequest.Builder> op)

    • createSearchEndpoint

      public static <TEvent> Endpoint<EqlSearchRequest,EqlSearchResponse<TEvent>,ErrorResponse> createSearchEndpoint(JsonpDeserializer<TEvent> tEventDeserializer)
      Create an "eql.search" endpoint.