Module: Elasticsearch::XPack::API::Eql::Actions

Included in:
EqlClient
Defined in:
lib/elasticsearch/xpack/api/namespace/eql.rb,
lib/elasticsearch/xpack/api/actions/eql/get.rb,
lib/elasticsearch/xpack/api/actions/eql/delete.rb,
lib/elasticsearch/xpack/api/actions/eql/search.rb,
lib/elasticsearch/xpack/api/actions/eql/get_status.rb,
lib/elasticsearch/xpack/api/actions/eql/params_registry.rb

Defined Under Namespace

Modules: ParamsRegistry

Instance Method Summary collapse

Instance Method Details

#delete(arguments = {}) ⇒ Object

Deletes an async EQL search by ID. If the search is still running, the search request will be cancelled. Otherwise, the saved search results are deleted.

Parameters:

  • arguments (Hash) (defaults to: {})

    a customizable set of options

Options Hash (arguments):

  • :id (String)

    The async search ID

  • :headers (Hash)

    Custom HTTP headers

Raises:

  • (ArgumentError)

See Also:



30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/elasticsearch/xpack/api/actions/eql/delete.rb', line 30

def delete(arguments = {})
  raise ArgumentError, "Required argument 'id' missing" unless arguments[:id]

  headers = arguments.delete(:headers) || {}

  arguments = arguments.clone

  _id = arguments.delete(:id)

  method = Elasticsearch::API::HTTP_DELETE
  path   = "_eql/search/#{Elasticsearch::API::Utils.__listify(_id)}"
  params = {}

  body = nil
  perform_request(method, path, params, body, headers).body
end

#get(arguments = {}) ⇒ Object

Returns async results from previously executed Event Query Language (EQL) search

Parameters:

  • arguments (Hash) (defaults to: {})

    a customizable set of options

Options Hash (arguments):

  • :id (String)

    The async search ID

  • :wait_for_completion_timeout (Time)

    Specify the time that the request should block waiting for the final response

  • :keep_alive (Time)

    Update the time interval in which the results (partial or final) for this search will be available

  • :headers (Hash)

    Custom HTTP headers

Raises:

  • (ArgumentError)

See Also:



32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/elasticsearch/xpack/api/actions/eql/get.rb', line 32

def get(arguments = {})
  raise ArgumentError, "Required argument 'id' missing" unless arguments[:id]

  headers = arguments.delete(:headers) || {}

  arguments = arguments.clone

  _id = arguments.delete(:id)

  method = Elasticsearch::API::HTTP_GET
  path   = "_eql/search/#{Elasticsearch::API::Utils.__listify(_id)}"
  params = Elasticsearch::API::Utils.__validate_and_extract_params arguments, ParamsRegistry.get(__method__)

  body = nil
  perform_request(method, path, params, body, headers).body
end

#get_status(arguments = {}) ⇒ Object

Returns the status of a previously submitted async or stored Event Query Language (EQL) search

Parameters:

  • arguments (Hash) (defaults to: {})

    a customizable set of options

Options Hash (arguments):

  • :id (String)

    The async search ID

  • :headers (Hash)

    Custom HTTP headers

Raises:

  • (ArgumentError)

See Also:



30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/elasticsearch/xpack/api/actions/eql/get_status.rb', line 30

def get_status(arguments = {})
  raise ArgumentError, "Required argument 'id' missing" unless arguments[:id]

  headers = arguments.delete(:headers) || {}

  arguments = arguments.clone

  _id = arguments.delete(:id)

  method = Elasticsearch::API::HTTP_GET
  path   = "_eql/search/status/#{Elasticsearch::API::Utils.__listify(_id)}"
  params = {}

  body = nil
  perform_request(method, path, params, body, headers).body
end

#search(arguments = {}) ⇒ Object

Returns results matching a query expressed in Event Query Language (EQL)

Parameters:

  • arguments (Hash) (defaults to: {})

    a customizable set of options

Options Hash (arguments):

  • :index (String)

    The name of the index to scope the operation

  • :wait_for_completion_timeout (Time)

    Specify the time that the request should block waiting for the final response

  • :keep_on_completion (Boolean)

    Control whether the response should be stored in the cluster if it completed within the provided [wait_for_completion] time (default: false)

  • :keep_alive (Time)

    Update the time interval in which the results (partial or final) for this search will be available

  • :headers (Hash)

    Custom HTTP headers

  • :body (Hash)

    Eql request body. Use the ‘query` to limit the query scope. (Required)

Raises:

  • (ArgumentError)

See Also:



34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
 
# File 'lib/elasticsearch/xpack/api/actions/eql/search.rb', line 34

def search(arguments = {})
  raise ArgumentError, "Required argument 'body' missing" unless arguments[:body]
  raise ArgumentError, "Required argument 'index' missing" unless arguments[:index]

  headers = arguments.delete(:headers) || {}

  arguments = arguments.clone
  arguments[:index] = UNDERSCORE_ALL if !arguments[:index] && arguments[:type]

  _index = arguments.delete(:index)

  method = Elasticsearch::API::HTTP_POST
  path   = "#{Elasticsearch::API::Utils.__listify(_index)}/_eql/search"
  params = Elasticsearch::API::Utils.__validate_and_extract_params arguments, ParamsRegistry.get(__method__)

  body = arguments[:body]
  perform_request(method, path, params, body, headers).body
end