module Elasticsearch::API::Eql::Actions
Public Instance Methods
Source
# File lib/elasticsearch/api/actions/eql/delete.rb, line 36 def delete(arguments = {}) request_opts = { endpoint: arguments[:endpoint] || 'eql.delete' } defined_params = [:id].each_with_object({}) do |variable, set_variables| set_variables[variable] = arguments[variable] if arguments.key?(variable) end request_opts[:defined_params] = defined_params unless defined_params.empty? raise ArgumentError, "Required argument 'id' missing" unless arguments[:id] arguments = arguments.clone headers = arguments.delete(:headers) || {} body = nil _id = arguments.delete(:id) method = Elasticsearch::API::HTTP_DELETE path = "_eql/search/#{Utils.listify(_id)}" params = {} Elasticsearch::API::Response.new( perform_request(method, path, params, body, headers, request_opts) ) end
Delete an async EQL search. Delete an async EQL search or a stored synchronous EQL search. The API
also deletes results for the search.
@option arguments [String] :id Identifier for the search to delete.
A search ID is provided in the EQL search API's response for an async search. A search ID is also provided if the request’s +keep_on_completion+ parameter is +true+. (*Required*)
@option arguments [Hash] :headers Custom HTTP headers
@see www.elastic.co/docs/api/doc/elasticsearch/v9/operation/operation-eql-delete
Source
# File lib/elasticsearch/api/actions/eql/get.rb, line 37 def get(arguments = {}) request_opts = { endpoint: arguments[:endpoint] || 'eql.get' } defined_params = [:id].each_with_object({}) do |variable, set_variables| set_variables[variable] = arguments[variable] if arguments.key?(variable) end request_opts[:defined_params] = defined_params unless defined_params.empty? raise ArgumentError, "Required argument 'id' missing" unless arguments[:id] arguments = arguments.clone headers = arguments.delete(:headers) || {} body = nil _id = arguments.delete(:id) method = Elasticsearch::API::HTTP_GET path = "_eql/search/#{Utils.listify(_id)}" params = Utils.process_params(arguments) Elasticsearch::API::Response.new( perform_request(method, path, params, body, headers, request_opts) ) end
Get async EQL search results. Get the current status and available results for an async EQL search or a stored synchronous EQL search.
@option arguments [String] :id Identifier for the search. (Required) @option arguments [Time] :keep_alive Period for which the search and its results are stored on the cluster.
Defaults to the keep_alive value set by the search’s EQL search API request.
@option arguments [Time] :wait_for_completion_timeout Timeout duration to wait for the request to finish.
Defaults to no timeout, meaning the request waits for complete search results.
@option arguments [Hash] :headers Custom HTTP headers
@see www.elastic.co/docs/api/doc/elasticsearch/v9/operation/operation-eql-get
Source
# File lib/elasticsearch/api/actions/eql/get_status.rb, line 33 def get_status(arguments = {}) request_opts = { endpoint: arguments[:endpoint] || 'eql.get_status' } defined_params = [:id].each_with_object({}) do |variable, set_variables| set_variables[variable] = arguments[variable] if arguments.key?(variable) end request_opts[:defined_params] = defined_params unless defined_params.empty? raise ArgumentError, "Required argument 'id' missing" unless arguments[:id] arguments = arguments.clone headers = arguments.delete(:headers) || {} body = nil _id = arguments.delete(:id) method = Elasticsearch::API::HTTP_GET path = "_eql/search/status/#{Utils.listify(_id)}" params = {} Elasticsearch::API::Response.new( perform_request(method, path, params, body, headers, request_opts) ) end
Get the async EQL status. Get the current status for an async EQL search or a stored synchronous EQL search without returning results.
@option arguments [String] :id Identifier for the search. (Required) @option arguments [Hash] :headers Custom HTTP headers
@see www.elastic.co/docs/api/doc/elasticsearch/v9/operation/operation-eql-get-status
Source
# File lib/elasticsearch/api/actions/eql/search.rb, line 44 def search(arguments = {}) request_opts = { endpoint: arguments[:endpoint] || 'eql.search' } defined_params = [:index].each_with_object({}) do |variable, set_variables| set_variables[variable] = arguments[variable] if arguments.key?(variable) end request_opts[:defined_params] = defined_params unless defined_params.empty? raise ArgumentError, "Required argument 'body' missing" unless arguments[:body] raise ArgumentError, "Required argument 'index' missing" unless arguments[:index] arguments = arguments.clone headers = arguments.delete(:headers) || {} body = arguments.delete(:body) _index = arguments.delete(:index) method = Elasticsearch::API::HTTP_POST path = "#{Utils.listify(_index)}/_eql/search" params = Utils.process_params(arguments) Elasticsearch::API::Response.new( perform_request(method, path, params, body, headers, request_opts) ) end
Get EQL search results. Returns search results for an Event Query Language (EQL) query. EQL assumes each document in a data stream or index corresponds to an event.
@option arguments [String, Array] :index The name of the index to scope the operation (Required) @option arguments [Boolean] :allow_no_indices [TODO] Server default: true. @option arguments [Boolean] :allow_partial_search_results If true, returns partial results if there are shard failures. If false, returns an error with no partial results. Server default: true. @option arguments [Boolean] :allow_partial_sequence_results If true, sequence queries will return partial results in case of shard failures. If false, they will return no results at all.
This flag has effect only if allow_partial_search_results is true.
@option arguments [String, Array<String>] :expand_wildcards [TODO] Server default: open. @option arguments [Boolean] :ignore_unavailable If true, missing or closed indices are not included in the response. Server default: true. @option arguments [Time] :keep_alive Period for which the search and its results are stored on the cluster. Server default: 5d. @option arguments [Boolean] :keep_on_completion If true, the search and its results are stored on the cluster. @option arguments [Time] :wait_for_completion_timeout Timeout duration to wait for the request to finish. Defaults to no timeout, meaning the request waits for complete search results. @option arguments [Hash] :headers Custom HTTP headers @option arguments [Hash] :body request body
@see www.elastic.co/docs/api/doc/elasticsearch/v9/operation/operation-eql-search