Module: Elasticsearch::API::Eql::Actions

Defined in:

lib/elasticsearch/api/actions/eql/get.rb,
lib/elasticsearch/api/actions/eql/delete.rb,
lib/elasticsearch/api/actions/eql/search.rb,
lib/elasticsearch/api/actions/eql/get_status.rb

Instance Method Summary

• #delete(arguments = {}) ⇒ Object

  Delete an async EQL search.

• #get(arguments = {}) ⇒ Object

  Get async EQL search results.

• #get_status(arguments = {}) ⇒ Object

  Get the async EQL status.

• #search(arguments = {}) ⇒ Object

  Get EQL search results.

Instance Method Details

#delete(arguments = {}) ⇒ Object

Delete an async EQL search. Delete an async EQL search or a stored synchronous EQL search. The API also deletes results for the search.

Parameters:

• arguments (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (arguments):

• :id (String) —

  Identifier for the search to delete. A search ID is provided in the EQL search API’s response for an async search. A search ID is also provided if the request’s keep_on_completion parameter is true. (Required)

• :headers (Hash) —

  Custom HTTP headers

Raises:

• (ArgumentError)

See Also:

• https://www.elastic.co/docs/api/doc/elasticsearch/v9/operation/operation-eql-delete

# File 'lib/elasticsearch/api/actions/eql/delete.rb', line 36

def delete(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || 'eql.delete' }

  defined_params = [:id].each_with_object({}) do |variable, set_variables|
    set_variables[variable] = arguments[variable] if arguments.key?(variable)
  end
  request_opts[:defined_params] = defined_params unless defined_params.empty?

  raise ArgumentError, "Required argument 'id' missing" unless arguments[:id]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = nil

  _id = arguments.delete(:id)

  method = Elasticsearch::API::HTTP_DELETE
  path   = "_eql/search/#{Utils.listify(_id)}"
  params = {}

  Elasticsearch::API::Response.new(
    perform_request(method, path, params, body, headers, request_opts)
  )
end

#get(arguments = {}) ⇒ Object

Get async EQL search results. Get the current status and available results for an async EQL search or a stored synchronous EQL search.

Parameters:

• arguments (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (arguments):

• :id (String) —

  Identifier for the search. (Required)

• :keep_alive (Time) —

  Period for which the search and its results are stored on the cluster. Defaults to the keep_alive value set by the search’s EQL search API request.

• :wait_for_completion_timeout (Time) —

  Timeout duration to wait for the request to finish. Defaults to no timeout, meaning the request waits for complete search results.

• :headers (Hash) —

  Custom HTTP headers

Raises:

• (ArgumentError)

See Also:

• https://www.elastic.co/docs/api/doc/elasticsearch/v9/operation/operation-eql-get

# File 'lib/elasticsearch/api/actions/eql/get.rb', line 37

def get(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || 'eql.get' }

  defined_params = [:id].each_with_object({}) do |variable, set_variables|
    set_variables[variable] = arguments[variable] if arguments.key?(variable)
  end
  request_opts[:defined_params] = defined_params unless defined_params.empty?

  raise ArgumentError, "Required argument 'id' missing" unless arguments[:id]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = nil

  _id = arguments.delete(:id)

  method = Elasticsearch::API::HTTP_GET
  path   = "_eql/search/#{Utils.listify(_id)}"
  params = Utils.process_params(arguments)

  Elasticsearch::API::Response.new(
    perform_request(method, path, params, body, headers, request_opts)
  )
end

#get_status(arguments = {}) ⇒ Object

Get the async EQL status. Get the current status for an async EQL search or a stored synchronous EQL search without returning results.

Parameters:

• arguments (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (arguments):

• :id (String) —

  Identifier for the search. (Required)

• :headers (Hash) —

  Custom HTTP headers

Raises:

• (ArgumentError)

See Also:

• https://www.elastic.co/docs/api/doc/elasticsearch/v9/operation/operation-eql-get-status

# File 'lib/elasticsearch/api/actions/eql/get_status.rb', line 33

def get_status(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || 'eql.get_status' }

  defined_params = [:id].each_with_object({}) do |variable, set_variables|
    set_variables[variable] = arguments[variable] if arguments.key?(variable)
  end
  request_opts[:defined_params] = defined_params unless defined_params.empty?

  raise ArgumentError, "Required argument 'id' missing" unless arguments[:id]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = nil

  _id = arguments.delete(:id)

  method = Elasticsearch::API::HTTP_GET
  path   = "_eql/search/status/#{Utils.listify(_id)}"
  params = {}

  Elasticsearch::API::Response.new(
    perform_request(method, path, params, body, headers, request_opts)
  )
end

#search(arguments = {}) ⇒ Object

Get EQL search results. Returns search results for an Event Query Language (EQL) query. EQL assumes each document in a data stream or index corresponds to an event.

Parameters:

• arguments (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (arguments):

• :index (String, Array) —

  The name of the index to scope the operation (Required)

• :allow_no_indices (Boolean) —

  TODO

  Server default: true.

• :allow_partial_search_results (Boolean) —

  If true, returns partial results if there are shard failures. If false, returns an error with no partial results. Server default: true.

• :allow_partial_sequence_results (Boolean) —

  If true, sequence queries will return partial results in case of shard failures. If false, they will return no results at all. This flag has effect only if allow_partial_search_results is true.

• :expand_wildcards (String, Array<String>) —

  TODO

  Server default: open.

• :ignore_unavailable (Boolean) —

  If true, missing or closed indices are not included in the response. Server default: true.

• :keep_alive (Time) —

  Period for which the search and its results are stored on the cluster. Server default: 5d.

• :keep_on_completion (Boolean) —

  If true, the search and its results are stored on the cluster.

• :wait_for_completion_timeout (Time) —

  Timeout duration to wait for the request to finish. Defaults to no timeout, meaning the request waits for complete search results.

• :headers (Hash) —

  Custom HTTP headers

• :body (Hash) —

  request body

Raises:

• (ArgumentError)

See Also:

• https://www.elastic.co/docs/api/doc/elasticsearch/v9/operation/operation-eql-search

# File 'lib/elasticsearch/api/actions/eql/search.rb', line 44

def search(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || 'eql.search' }

  defined_params = [:index].each_with_object({}) do |variable, set_variables|
    set_variables[variable] = arguments[variable] if arguments.key?(variable)
  end
  request_opts[:defined_params] = defined_params unless defined_params.empty?

  raise ArgumentError, "Required argument 'body' missing" unless arguments[:body]
  raise ArgumentError, "Required argument 'index' missing" unless arguments[:index]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = arguments.delete(:body)

  _index = arguments.delete(:index)

  method = Elasticsearch::API::HTTP_POST
  path   = "#{Utils.listify(_index)}/_eql/search"
  params = Utils.process_params(arguments)

  Elasticsearch::API::Response.new(
    perform_request(method, path, params, body, headers, request_opts)
  )
end