Module: Elasticsearch::API::Eql::Actions

Defined in:

lib/elasticsearch/api/actions/eql/get.rb,
lib/elasticsearch/api/actions/eql/delete.rb,
lib/elasticsearch/api/actions/eql/search.rb,
lib/elasticsearch/api/actions/eql/get_status.rb

Instance Method Summary

• #delete(arguments = {}) ⇒ Object

  Delete an async EQL search.

• #get(arguments = {}) ⇒ Object

  Get async EQL search results.

• #get_status(arguments = {}) ⇒ Object

  Get the async EQL status.

• #search(arguments = {}) ⇒ Object

  Get EQL search results.

Instance Method Details

#delete(arguments = {}) ⇒ Object

Delete an async EQL search. Delete an async EQL search or a stored synchronous EQL search. The API also deletes results for the search.

Parameters:

• arguments (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (arguments):

• :id (String) —

  Identifier for the search to delete. A search ID is provided in the EQL search API’s response for an async search. A search ID is also provided if the request’s ‘keep_on_completion` parameter is `true`. (Required)

• :error_trace (Boolean) —

  When set to ‘true` Elasticsearch will include the full stack trace of errors when they occur.

• :filter_path (String, Array<String>) —

  Comma-separated list of filters in dot notation which reduce the response returned by Elasticsearch.

• :human (Boolean) —

  When set to ‘true` will return statistics in a format suitable for humans. For example `“exists_time”: “1h”` for humans and `“exists_time_in_millis”: 3600000` for computers. When disabled the human readable values will be omitted. This makes sense for responses being consumed only by machines.

• :pretty (Boolean) —

  If set to ‘true` the returned JSON will be “pretty-formatted”. Only use this option for debugging only.

• :headers (Hash) —

  Custom HTTP headers

Raises:

• (ArgumentError)

See Also:

• https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-eql-delete

# File 'lib/elasticsearch/api/actions/eql/delete.rb', line 47

def delete(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || 'eql.delete' }

  defined_params = [:id].each_with_object({}) do |variable, set_variables|
    set_variables[variable] = arguments[variable] if arguments.key?(variable)
  end
  request_opts[:defined_params] = defined_params unless defined_params.empty?

  raise ArgumentError, "Required argument 'id' missing" unless arguments[:id]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = nil

  _id = arguments.delete(:id)

  method = Elasticsearch::API::HTTP_DELETE
  path   = "_eql/search/#{Utils.listify(_id)}"
  params = Utils.process_params(arguments)

  Elasticsearch::API::Response.new(
    perform_request(method, path, params, body, headers, request_opts)
  )
end

#get(arguments = {}) ⇒ Object

Get async EQL search results. Get the current status and available results for an async EQL search or a stored synchronous EQL search.

Parameters:

• arguments (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (arguments):

• :id (String) —

  Identifier for the search. (Required)

• :keep_alive (Time) —

  Period for which the search and its results are stored on the cluster. Defaults to the keep_alive value set by the search’s EQL search API request.

• :wait_for_completion_timeout (Time) —

  Timeout duration to wait for the request to finish. Defaults to no timeout, meaning the request waits for complete search results.

• :error_trace (Boolean) —

  When set to ‘true` Elasticsearch will include the full stack trace of errors when they occur.

• :filter_path (String, Array<String>) —

  Comma-separated list of filters in dot notation which reduce the response returned by Elasticsearch.

• :human (Boolean) —

  When set to ‘true` will return statistics in a format suitable for humans. For example `“exists_time”: “1h”` for humans and `“exists_time_in_millis”: 3600000` for computers. When disabled the human readable values will be omitted. This makes sense for responses being consumed only by machines.

• :pretty (Boolean) —

  If set to ‘true` the returned JSON will be “pretty-formatted”. Only use this option for debugging only.

• :headers (Hash) —

  Custom HTTP headers

Raises:

• (ArgumentError)

See Also:

• https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-eql-get

# File 'lib/elasticsearch/api/actions/eql/get.rb', line 48

def get(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || 'eql.get' }

  defined_params = [:id].each_with_object({}) do |variable, set_variables|
    set_variables[variable] = arguments[variable] if arguments.key?(variable)
  end
  request_opts[:defined_params] = defined_params unless defined_params.empty?

  raise ArgumentError, "Required argument 'id' missing" unless arguments[:id]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = nil

  _id = arguments.delete(:id)

  method = Elasticsearch::API::HTTP_GET
  path   = "_eql/search/#{Utils.listify(_id)}"
  params = Utils.process_params(arguments)

  Elasticsearch::API::Response.new(
    perform_request(method, path, params, body, headers, request_opts)
  )
end

#get_status(arguments = {}) ⇒ Object

Get the async EQL status. Get the current status for an async EQL search or a stored synchronous EQL search without returning results.

Parameters:

• arguments (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (arguments):

• :id (String) —

  Identifier for the search. (Required)

• :error_trace (Boolean) —

  When set to ‘true` Elasticsearch will include the full stack trace of errors when they occur.

• :filter_path (String, Array<String>) —

  Comma-separated list of filters in dot notation which reduce the response returned by Elasticsearch.

• :human (Boolean) —

  When set to ‘true` will return statistics in a format suitable for humans. For example `“exists_time”: “1h”` for humans and `“exists_time_in_millis”: 3600000` for computers. When disabled the human readable values will be omitted. This makes sense for responses being consumed only by machines.

• :pretty (Boolean) —

  If set to ‘true` the returned JSON will be “pretty-formatted”. Only use this option for debugging only.

• :headers (Hash) —

  Custom HTTP headers

Raises:

• (ArgumentError)

See Also:

• https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-eql-get-status

# File 'lib/elasticsearch/api/actions/eql/get_status.rb', line 44

def get_status(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || 'eql.get_status' }

  defined_params = [:id].each_with_object({}) do |variable, set_variables|
    set_variables[variable] = arguments[variable] if arguments.key?(variable)
  end
  request_opts[:defined_params] = defined_params unless defined_params.empty?

  raise ArgumentError, "Required argument 'id' missing" unless arguments[:id]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = nil

  _id = arguments.delete(:id)

  method = Elasticsearch::API::HTTP_GET
  path   = "_eql/search/status/#{Utils.listify(_id)}"
  params = Utils.process_params(arguments)

  Elasticsearch::API::Response.new(
    perform_request(method, path, params, body, headers, request_opts)
  )
end

#search(arguments = {}) ⇒ Object

Get EQL search results. Returns search results for an Event Query Language (EQL) query. EQL assumes each document in a data stream or index corresponds to an event.

Parameters:

• arguments (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (arguments):

• :index (String, Array) —

  The name of the index to scope the operation (Required)

• :allow_no_indices (Boolean) —

  Whether to ignore if a wildcard indices expression resolves into no concrete indices. (This includes ‘_all` string or when no indices have been specified) Server default: true.

• :allow_partial_search_results (Boolean) —

  If true, returns partial results if there are shard failures. If false, returns an error with no partial results. Server default: true.

• :allow_partial_sequence_results (Boolean) —

  If true, sequence queries will return partial results in case of shard failures. If false, they will return no results at all. This flag has effect only if allow_partial_search_results is true.

• :expand_wildcards (String, Array<String>) —

  Whether to expand wildcard expression to concrete indices that are open, closed or both. Server default: open.

• :ccs_minimize_roundtrips (Boolean) —

  Indicates whether network round-trips should be minimized as part of cross-cluster search requests execution Server default: true.

• :ignore_unavailable (Boolean) —

  If true, missing or closed indices are not included in the response. Server default: true.

• :keep_alive (Time) —

  Period for which the search and its results are stored on the cluster. Server default: 5d.

• :keep_on_completion (Boolean) —

  If true, the search and its results are stored on the cluster.

• :wait_for_completion_timeout (Time) —

  Timeout duration to wait for the request to finish. Defaults to no timeout, meaning the request waits for complete search results.

• :error_trace (Boolean) —

  When set to ‘true` Elasticsearch will include the full stack trace of errors when they occur.

• :filter_path (String, Array<String>) —

  Comma-separated list of filters in dot notation which reduce the response returned by Elasticsearch.

• :human (Boolean) —

  When set to ‘true` will return statistics in a format suitable for humans. For example `“exists_time”: “1h”` for humans and `“exists_time_in_millis”: 3600000` for computers. When disabled the human readable values will be omitted. This makes sense for responses being consumed only by machines.

• :pretty (Boolean) —

  If set to ‘true` the returned JSON will be “pretty-formatted”. Only use this option for debugging only.

• :headers (Hash) —

  Custom HTTP headers

• :body (Hash) —

  request body

Raises:

• (ArgumentError)

See Also:

• https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-eql-search

# File 'lib/elasticsearch/api/actions/eql/search.rb', line 56

def search(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || 'eql.search' }

  defined_params = [:index].each_with_object({}) do |variable, set_variables|
    set_variables[variable] = arguments[variable] if arguments.key?(variable)
  end
  request_opts[:defined_params] = defined_params unless defined_params.empty?

  raise ArgumentError, "Required argument 'body' missing" unless arguments[:body]
  raise ArgumentError, "Required argument 'index' missing" unless arguments[:index]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = arguments.delete(:body)

  _index = arguments.delete(:index)

  method = Elasticsearch::API::HTTP_POST
  path   = "#{Utils.listify(_index)}/_eql/search"
  params = Utils.process_params(arguments)

  Elasticsearch::API::Response.new(
    perform_request(method, path, params, body, headers, request_opts)
  )
end