Class EqlSearchRequest

java.lang.Object
co.elastic.clients.elasticsearch._types.RequestBase
co.elastic.clients.elasticsearch.eql.EqlSearchRequest
All Implemented Interfaces:
JsonpSerializable

@JsonpDeserializable
public class EqlSearchRequest
extends RequestBase
implements JsonpSerializable
Returns results matching a query expressed in Event Query Language (EQL)
See Also:
API specification
  • Field Details

  • Method Details

    • of

      public static EqlSearchRequest of​(java.util.function.Function<EqlSearchRequest.Builder,​ObjectBuilder<EqlSearchRequest>> fn)
    • allowNoIndices

      @Nullable public final java.lang.Boolean allowNoIndices()
      API name: allow_no_indices
    • caseSensitive

      @Nullable public final java.lang.Boolean caseSensitive()
      API name: case_sensitive
    • eventCategoryField

      @Nullable public final java.lang.String eventCategoryField()
      Field containing the event classification, such as process, file, or network.

      API name: event_category_field

    • expandWildcards

      public final java.util.List<ExpandWildcard> expandWildcards()
      API name: expand_wildcards
    • fetchSize

      @Nullable public final java.lang.Number fetchSize()
      Maximum number of events to search at a time for sequence queries.

      API name: fetch_size

    • fields

      public final java.util.List<FieldAndFormat> fields()
      Array of wildcard (*) patterns. The response returns values for field names matching these patterns in the fields property of each hit.

      API name: fields

    • filter

      public final java.util.List<Query> filter()
      Query, written in Query DSL, used to filter the events on which the EQL query runs.

      API name: filter

    • ignoreUnavailable

      @Nullable public final java.lang.Boolean ignoreUnavailable()
      If true, missing or closed indices are not included in the response.

      API name: ignore_unavailable

    • index

      public final java.util.List<java.lang.String> index()
      Required - The name of the index to scope the operation

      API name: index

    • keepAlive

      @Nullable public final Time keepAlive()
      API name: keep_alive
    • keepOnCompletion

      @Nullable public final java.lang.Boolean keepOnCompletion()
      API name: keep_on_completion
    • query

      public final java.lang.String query()
      Required - EQL query you wish to run.

      API name: query

    • resultPosition

      @Nullable public final ResultPosition resultPosition()
      API name: result_position
    • runtimeMappings

      public final java.util.Map<java.lang.String,​java.util.List<RuntimeField>> runtimeMappings()
      API name: runtime_mappings
    • size

      @Nullable public final java.lang.Number size()
      For basic queries, the maximum number of matching events to return. Defaults to 10

      API name: size

    • tiebreakerField

      @Nullable public final java.lang.String tiebreakerField()
      Field used to sort hits with the same timestamp in ascending order

      API name: tiebreaker_field

    • timestampField

      @Nullable public final java.lang.String timestampField()
      Field containing event timestamp. Default "@timestamp"

      API name: timestamp_field

    • waitForCompletionTimeout

      @Nullable public final Time waitForCompletionTimeout()
      API name: wait_for_completion_timeout
    • serialize

      public void serialize​(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper)
      Serialize this object to JSON.
      Specified by:
      serialize in interface JsonpSerializable
    • serializeInternal

      protected void serializeInternal​(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper)
    • setupEqlSearchRequestDeserializer

      protected static void setupEqlSearchRequestDeserializer​(ObjectDeserializer<EqlSearchRequest.Builder> op)
    • createSearchEndpoint

      public static <TEvent> Endpoint<EqlSearchRequest,​EqlSearchResponse<TEvent>,​ErrorResponse> createSearchEndpoint​(JsonpDeserializer<TEvent> tEventDeserializer)
      Create an "eql.search" endpoint.