Package co.elastic.clients.elasticsearch.eql

Class EqlSearchRequest.Builder

java.lang.Object
co.elastic.clients.util.ObjectBuilderBase
co.elastic.clients.util.WithJsonObjectBuilderBase<EqlSearchRequest.Builder>
co.elastic.clients.elasticsearch.eql.EqlSearchRequest.Builder
All Implemented Interfaces:
WithJson<EqlSearchRequest.Builder>, ObjectBuilder<EqlSearchRequest>
Enclosing class:
EqlSearchRequest
public static class EqlSearchRequest.Builder
extends WithJsonObjectBuilderBase<EqlSearchRequest.Builder>
implements ObjectBuilder<EqlSearchRequest>
Builder for EqlSearchRequest.

  • Constructor Details

    • Builder

      public Builder()

  • Method Details

    • allowNoIndices

      public final EqlSearchRequest.Builder allowNoIndices​(@Nullable java.lang.Boolean value)
      API name: allow_no_indices

    • caseSensitive

      public final EqlSearchRequest.Builder caseSensitive​(@Nullable java.lang.Boolean value)
      API name: case_sensitive

    • eventCategoryField

      public final EqlSearchRequest.Builder eventCategoryField​(@Nullable java.lang.String value)
      Field containing the event classification, such as process, file, or network.

      API name: event_category_field

    • expandWildcards

      public final EqlSearchRequest.Builder expandWildcards​(java.util.List<ExpandWildcard> list)
      API name: expand_wildcards

      Adds all elements of list to expandWildcards.

    • expandWildcards

      public final EqlSearchRequest.Builder expandWildcards​(ExpandWildcard value, ExpandWildcard... values)
      API name: expand_wildcards

      Adds one or more values to expandWildcards.

    • fetchSize

      public final EqlSearchRequest.Builder fetchSize​(@Nullable java.lang.Number value)
      Maximum number of events to search at a time for sequence queries.

      API name: fetch_size

    • fields

      public final EqlSearchRequest.Builder fields​(java.util.List<FieldAndFormat> list)
      Array of wildcard (*) patterns. The response returns values for field names matching these patterns in the fields property of each hit.

      API name: fields

      Adds all elements of list to fields.

    • fields

      public final EqlSearchRequest.Builder fields​(FieldAndFormat value, FieldAndFormat... values)
      Array of wildcard (*) patterns. The response returns values for field names matching these patterns in the fields property of each hit.

      API name: fields

      Adds one or more values to fields.

    • fields

      public final EqlSearchRequest.Builder fields​(java.util.function.Function<FieldAndFormat.Builder,​ObjectBuilder<FieldAndFormat>> fn)
      Array of wildcard (*) patterns. The response returns values for field names matching these patterns in the fields property of each hit.

      API name: fields

      Adds a value to fields using a builder lambda.

    • filter

      public final EqlSearchRequest.Builder filter​(java.util.List<Query> list)
      Query, written in Query DSL, used to filter the events on which the EQL query runs.

      API name: filter

      Adds all elements of list to filter.

    • filter

      public final EqlSearchRequest.Builder filter​(Query value, Query... values)
      Query, written in Query DSL, used to filter the events on which the EQL query runs.

      API name: filter

      Adds one or more values to filter.

    • filter

      public final EqlSearchRequest.Builder filter​(java.util.function.Function<Query.Builder,​ObjectBuilder<Query>> fn)
      Query, written in Query DSL, used to filter the events on which the EQL query runs.

      API name: filter

      Adds a value to filter using a builder lambda.

    • ignoreUnavailable

      public final EqlSearchRequest.Builder ignoreUnavailable​(@Nullable java.lang.Boolean value)
      If true, missing or closed indices are not included in the response.

      API name: ignore_unavailable

    • index

      public final EqlSearchRequest.Builder index​(java.util.List<java.lang.String> list)
      Required - The name of the index to scope the operation

      API name: index

      Adds all elements of list to index.

    • index

      public final EqlSearchRequest.Builder index​(java.lang.String value, java.lang.String... values)
      Required - The name of the index to scope the operation

      API name: index

      Adds one or more values to index.

    • keepAlive

      public final EqlSearchRequest.Builder keepAlive​(@Nullable Time value)
      API name: keep_alive

    • keepAlive

      public final EqlSearchRequest.Builder keepAlive​(java.util.function.Function<Time.Builder,​ObjectBuilder<Time>> fn)
      API name: keep_alive

    • keepOnCompletion

      public final EqlSearchRequest.Builder keepOnCompletion​(@Nullable java.lang.Boolean value)
      API name: keep_on_completion

    • query

      public final EqlSearchRequest.Builder query​(java.lang.String value)
      Required - EQL query you wish to run.

      API name: query

    • resultPosition

      public final EqlSearchRequest.Builder resultPosition​(@Nullable ResultPosition value)
      API name: result_position

    • runtimeMappings

      public final EqlSearchRequest.Builder runtimeMappings​(java.util.Map<java.lang.String,​java.util.List<RuntimeField>> map)
      API name: runtime_mappings

      Adds all entries of map to runtimeMappings.

    • runtimeMappings

      public final EqlSearchRequest.Builder runtimeMappings​(java.lang.String key, java.util.List<RuntimeField> value)
      API name: runtime_mappings

      Adds an entry to runtimeMappings.

    • size

      public final EqlSearchRequest.Builder size​(@Nullable java.lang.Number value)
      For basic queries, the maximum number of matching events to return. Defaults to 10

      API name: size

    • tiebreakerField

      public final EqlSearchRequest.Builder tiebreakerField​(@Nullable java.lang.String value)
      Field used to sort hits with the same timestamp in ascending order

      API name: tiebreaker_field

    • timestampField

      public final EqlSearchRequest.Builder timestampField​(@Nullable java.lang.String value)
      Field containing event timestamp. Default "@timestamp"

      API name: timestamp_field

    • waitForCompletionTimeout

      public final EqlSearchRequest.Builder waitForCompletionTimeout​(@Nullable Time value)
      API name: wait_for_completion_timeout

    • waitForCompletionTimeout

      public final EqlSearchRequest.Builder waitForCompletionTimeout​(java.util.function.Function<Time.Builder,​ObjectBuilder<Time>> fn)
      API name: wait_for_completion_timeout

    • self

      protected EqlSearchRequest.Builder self()
      Specified by:
      self in class WithJsonObjectBuilderBase<EqlSearchRequest.Builder>

    • build

      public EqlSearchRequest build()
      Builds a EqlSearchRequest.
      Specified by:
      build in interface ObjectBuilder<EqlSearchRequest>
      Throws:
      java.lang.NullPointerException - if some of the required fields are null.