Module: ElasticsearchServerless::API::Eql::Actions

Defined in:

lib/elasticsearch-serverless/api/eql/get.rb,
lib/elasticsearch-serverless/api/eql/delete.rb,
lib/elasticsearch-serverless/api/eql/search.rb,
lib/elasticsearch-serverless/api/eql/get_status.rb

Instance Method Summary

• #delete(arguments = {}) ⇒ Object

  Deletes an async EQL search by ID.

• #get(arguments = {}) ⇒ Object

  Returns async results from previously executed Event Query Language (EQL) search.

• #get_status(arguments = {}) ⇒ Object

  Returns the status of a previously submitted async or stored Event Query Language (EQL) search.

• #search(arguments = {}) ⇒ Object

  Returns results matching a query expressed in Event Query Language (EQL).

Instance Method Details

#delete(arguments = {}) ⇒ Object

Deletes an async EQL search by ID. If the search is still running, the search request will be cancelled. Otherwise, the saved search results are deleted.

Options Hash (arguments):

• :id (String) —

  Identifier for the search to delete. A search ID is provided in the EQL search API’s response for an async search. A search ID is also provided if the request’s keep_on_completion parameter is true. (Required)

• :headers (Hash) —

  Custom HTTP headers

Raises:

• (ArgumentError)

See Also:

• https://www.elastic.co/guide/en/elasticsearch/reference/current/eql-search-api.html

# File 'lib/elasticsearch-serverless/api/eql/delete.rb', line 32

def delete(arguments = {})
  raise ArgumentError, "Required argument 'id' missing" unless arguments[:id]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = nil

  _id = arguments.delete(:id)

  method = ElasticsearchServerless::API::HTTP_DELETE
  path   = "_eql/search/#{Utils.listify(_id)}"
  params = {}

  ElasticsearchServerless::API::Response.new(
    perform_request(method, path, params, body, headers)
  )
end

#get(arguments = {}) ⇒ Object

Returns async results from previously executed Event Query Language (EQL) search

Options Hash (arguments):

• :id (String) —

  Identifier for the search. (Required)

• :keep_alive (Time) —

  Period for which the search and its results are stored on the cluster. Defaults to the keep_alive value set by the search’s EQL search API request.

• :wait_for_completion_timeout (Time) —

  Timeout duration to wait for the request to finish. Defaults to no timeout, meaning the request waits for complete search results.

• :headers (Hash) —

  Custom HTTP headers

Raises:

• (ArgumentError)

See Also:

• https://www.elastic.co/guide/en/elasticsearch/reference/current/get-async-eql-search-api.html

# File 'lib/elasticsearch-serverless/api/eql/get.rb', line 34

def get(arguments = {})
  raise ArgumentError, "Required argument 'id' missing" unless arguments[:id]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = nil

  _id = arguments.delete(:id)

  method = ElasticsearchServerless::API::HTTP_GET
  path   = "_eql/search/#{Utils.listify(_id)}"
  params = Utils.process_params(arguments)

  ElasticsearchServerless::API::Response.new(
    perform_request(method, path, params, body, headers)
  )
end

#get_status(arguments = {}) ⇒ Object

Returns the status of a previously submitted async or stored Event Query Language (EQL) search

Options Hash (arguments):

• :id (String) —

  Identifier for the search. (Required)

• :headers (Hash) —

  Custom HTTP headers

Raises:

• (ArgumentError)

See Also:

• https://www.elastic.co/guide/en/elasticsearch/reference/current/get-async-eql-status-api.html

# File 'lib/elasticsearch-serverless/api/eql/get_status.rb', line 32

def get_status(arguments = {})
  raise ArgumentError, "Required argument 'id' missing" unless arguments[:id]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = nil

  _id = arguments.delete(:id)

  method = ElasticsearchServerless::API::HTTP_GET
  path   = "_eql/search/status/#{Utils.listify(_id)}"
  params = {}

  ElasticsearchServerless::API::Response.new(
    perform_request(method, path, params, body, headers)
  )
end

#search(arguments = {}) ⇒ Object

Returns results matching a query expressed in Event Query Language (EQL)

Options Hash (arguments):

• :index (String, Array) —

  The name of the index to scope the operation (Required)

• :allow_no_indices (Boolean) —

  TODO

  Server default: true.

• :expand_wildcards (String, Array<String>) —

  TODO

  Server default: open.

• :ignore_unavailable (Boolean) —

  If true, missing or closed indices are not included in the response. Server default: true.

• :keep_alive (Time) —

  Period for which the search and its results are stored on the cluster. Server default: 5d.

• :keep_on_completion (Boolean) —

  If true, the search and its results are stored on the cluster.

• :wait_for_completion_timeout (Time) —

  Timeout duration to wait for the request to finish. Defaults to no timeout, meaning the request waits for complete search results.

• :headers (Hash) —

  Custom HTTP headers

• :body (Hash) —

  request body

Raises:

• (ArgumentError)

See Also:

• https://www.elastic.co/guide/en/elasticsearch/reference/current/eql-search-api.html

# File 'lib/elasticsearch-serverless/api/eql/search.rb', line 39

def search(arguments = {})
  raise ArgumentError, "Required argument 'body' missing" unless arguments[:body]
  raise ArgumentError, "Required argument 'index' missing" unless arguments[:index]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = arguments.delete(:body)

  _index = arguments.delete(:index)

  method = ElasticsearchServerless::API::HTTP_POST
  path   = "#{Utils.listify(_index)}/_eql/search"
  params = Utils.process_params(arguments)

  ElasticsearchServerless::API::Response.new(
    perform_request(method, path, params, body, headers)
  )
end