The highest tagged major version is
Documentation
¶
Overview ¶
Returns results matching a query expressed in Event Query Language (EQL)
Index ¶
- Variables
- type NewSearch
- type Request
- type RequestBuilder
- func (rb *RequestBuilder) Build() *Request
- func (rb *RequestBuilder) CaseSensitive(casesensitive bool) *RequestBuilder
- func (rb *RequestBuilder) EventCategoryField(eventcategoryfield types.Field) *RequestBuilder
- func (rb *RequestBuilder) FetchSize(fetchsize uint) *RequestBuilder
- func (rb *RequestBuilder) Fields(arg []types.FieldAndFormat) *RequestBuilder
- func (rb *RequestBuilder) Filter(arg []types.QueryContainer) *RequestBuilder
- func (rb *RequestBuilder) FromJSON(data string) (*Request, error)
- func (rb *RequestBuilder) KeepAlive(keepalive *types.DurationBuilder) *RequestBuilder
- func (rb *RequestBuilder) KeepOnCompletion(keeponcompletion bool) *RequestBuilder
- func (rb *RequestBuilder) Query(query string) *RequestBuilder
- func (rb *RequestBuilder) ResultPosition(resultposition resultposition.ResultPosition) *RequestBuilder
- func (rb *RequestBuilder) RuntimeMappings(runtimemappings *types.RuntimeFieldsBuilder) *RequestBuilder
- func (rb *RequestBuilder) Size(size uint) *RequestBuilder
- func (rb *RequestBuilder) TiebreakerField(tiebreakerfield types.Field) *RequestBuilder
- func (rb *RequestBuilder) TimestampField(timestampfield types.Field) *RequestBuilder
- func (rb *RequestBuilder) WaitForCompletionTimeout(waitforcompletiontimeout *types.DurationBuilder) *RequestBuilder
- type Search
- func (r *Search) AllowNoIndices(b bool) *Search
- func (r Search) Do(ctx context.Context) (*http.Response, error)
- func (r *Search) ExpandWildcards(value string) *Search
- func (r *Search) Header(key, value string) *Search
- func (r *Search) HttpRequest(ctx context.Context) (*http.Request, error)
- func (r *Search) IgnoreUnavailable(b bool) *Search
- func (r *Search) Index(v string) *Search
- func (r *Search) KeepAlive(value string) *Search
- func (r *Search) KeepOnCompletion(b bool) *Search
- func (r *Search) Raw(raw json.RawMessage) *Search
- func (r *Search) Request(req *Request) *Search
- func (r *Search) WaitForCompletionTimeout(value string) *Search
Constants ¶
This section is empty.
Variables ¶
var ErrBuildPath = errors.New("cannot build path, check for missing path parameters")
ErrBuildPath is returned in case of missing parameters within the build of the request.
Functions ¶
This section is empty.
Types ¶
type NewSearch ¶
NewSearch type alias for index.
func NewSearchFunc ¶
func NewSearchFunc(tp elastictransport.Interface) NewSearch
NewSearchFunc returns a new instance of Search with the provided transport. Used in the index of the library this allows to retrieve every apis in once place.
type Request ¶
type Request struct {
CaseSensitive *bool `json:"case_sensitive,omitempty"`
// EventCategoryField Field containing the event classification, such as process, file, or network.
EventCategoryField *types.Field `json:"event_category_field,omitempty"`
// FetchSize Maximum number of events to search at a time for sequence queries.
FetchSize *uint `json:"fetch_size,omitempty"`
// Fields Array of wildcard (*) patterns. The response returns values for field names
// matching these patterns in the fields property of each hit.
Fields []types.FieldAndFormat `json:"fields,omitempty"`
// Filter Query, written in Query DSL, used to filter the events on which the EQL query
// runs.
Filter []types.QueryContainer `json:"filter,omitempty"`
KeepAlive *types.Duration `json:"keep_alive,omitempty"`
KeepOnCompletion *bool `json:"keep_on_completion,omitempty"`
// Query EQL query you wish to run.
Query string `json:"query"`
ResultPosition *resultposition.ResultPosition `json:"result_position,omitempty"`
RuntimeMappings *types.RuntimeFields `json:"runtime_mappings,omitempty"`
// Size For basic queries, the maximum number of matching events to return. Defaults
// to 10
Size *uint `json:"size,omitempty"`
// TiebreakerField Field used to sort hits with the same timestamp in ascending order
TiebreakerField *types.Field `json:"tiebreaker_field,omitempty"`
// TimestampField Field containing event timestamp. Default "@timestamp"
TimestampField *types.Field `json:"timestamp_field,omitempty"`
WaitForCompletionTimeout *types.Duration `json:"wait_for_completion_timeout,omitempty"`
}
Request holds the request body struct for the package search
type RequestBuilder ¶
type RequestBuilder struct {
// contains filtered or unexported fields
}
RequestBuilder is the builder API for the search.Request
func NewRequestBuilder ¶
func NewRequestBuilder() *RequestBuilder
NewRequest returns a RequestBuilder which can be chained and built to retrieve a RequestBuilder
func (*RequestBuilder) Build ¶
func (rb *RequestBuilder) Build() *Request
Build finalize the chain and returns the Request struct.
func (*RequestBuilder) CaseSensitive ¶
func (rb *RequestBuilder) CaseSensitive(casesensitive bool) *RequestBuilder
func (*RequestBuilder) EventCategoryField ¶
func (rb *RequestBuilder) EventCategoryField(eventcategoryfield types.Field) *RequestBuilder
func (*RequestBuilder) FetchSize ¶
func (rb *RequestBuilder) FetchSize(fetchsize uint) *RequestBuilder
func (*RequestBuilder) Fields ¶
func (rb *RequestBuilder) Fields(arg []types.FieldAndFormat) *RequestBuilder
func (*RequestBuilder) Filter ¶
func (rb *RequestBuilder) Filter(arg []types.QueryContainer) *RequestBuilder
func (*RequestBuilder) FromJSON ¶
func (rb *RequestBuilder) FromJSON(data string) (*Request, error)
FromJSON allows to load an arbitrary json into the request structure
func (*RequestBuilder) KeepAlive ¶
func (rb *RequestBuilder) KeepAlive(keepalive *types.DurationBuilder) *RequestBuilder
func (*RequestBuilder) KeepOnCompletion ¶
func (rb *RequestBuilder) KeepOnCompletion(keeponcompletion bool) *RequestBuilder
func (*RequestBuilder) Query ¶
func (rb *RequestBuilder) Query(query string) *RequestBuilder
func (*RequestBuilder) ResultPosition ¶
func (rb *RequestBuilder) ResultPosition(resultposition resultposition.ResultPosition) *RequestBuilder
func (*RequestBuilder) RuntimeMappings ¶
func (rb *RequestBuilder) RuntimeMappings(runtimemappings *types.RuntimeFieldsBuilder) *RequestBuilder
func (*RequestBuilder) Size ¶
func (rb *RequestBuilder) Size(size uint) *RequestBuilder
func (*RequestBuilder) TiebreakerField ¶
func (rb *RequestBuilder) TiebreakerField(tiebreakerfield types.Field) *RequestBuilder
func (*RequestBuilder) TimestampField ¶
func (rb *RequestBuilder) TimestampField(timestampfield types.Field) *RequestBuilder
func (*RequestBuilder) WaitForCompletionTimeout ¶
func (rb *RequestBuilder) WaitForCompletionTimeout(waitforcompletiontimeout *types.DurationBuilder) *RequestBuilder
type Search ¶
type Search struct {
// contains filtered or unexported fields
}
func New ¶
func New(tp elastictransport.Interface) *Search
Returns results matching a query expressed in Event Query Language (EQL)
https://www.elastic.co/guide/en/elasticsearch/reference/current/eql-search-api.html
func (*Search) AllowNoIndices ¶
API name: allow_no_indices
func (*Search) ExpandWildcards ¶
API name: expand_wildcards
func (*Search) HttpRequest ¶
HttpRequest returns the http.Request object built from the given parameters.
func (*Search) IgnoreUnavailable ¶
IgnoreUnavailable If true, missing or closed indices are not included in the response. API name: ignore_unavailable
func (*Search) KeepAlive ¶
KeepAlive Period for which the search and its results are stored on the cluster. API name: keep_alive
func (*Search) KeepOnCompletion ¶
KeepOnCompletion If true, the search and its results are stored on the cluster. API name: keep_on_completion
func (*Search) Raw ¶
func (r *Search) Raw(raw json.RawMessage) *Search
Raw takes a json payload as input which is then passed to the http.Request If specified Raw takes precedence on Request method.
func (*Search) WaitForCompletionTimeout ¶
WaitForCompletionTimeout Timeout duration to wait for the request to finish. Defaults to no timeout, meaning the request waits for complete search results. API name: wait_for_completion_timeout
Source Files