module Elasticsearch::API::Eql::Actions
Public Instance Methods
Deletes an async EQL search by ID. If the search is still running, the search request will be cancelled. Otherwise, the saved search results are deleted.
@option arguments [String] :id The async search ID @option arguments [Hash] :headers Custom HTTP headers
@see www.elastic.co/guide/en/elasticsearch/reference/8.16/eql-search-api.html
# File lib/elasticsearch/api/actions/eql/delete.rb, line 32 def delete(arguments = {}) request_opts = { endpoint: arguments[:endpoint] || 'eql.delete' } defined_params = [:id].each_with_object({}) do |variable, set_variables| set_variables[variable] = arguments[variable] if arguments.key?(variable) end request_opts[:defined_params] = defined_params unless defined_params.empty? raise ArgumentError, "Required argument 'id' missing" unless arguments[:id] arguments = arguments.clone headers = arguments.delete(:headers) || {} body = nil _id = arguments.delete(:id) method = Elasticsearch::API::HTTP_DELETE path = "_eql/search/#{Utils.__listify(_id)}" params = {} Elasticsearch::API::Response.new( perform_request(method, path, params, body, headers, request_opts) ) end
Returns async results from previously executed Event Query Language (EQL) search
@option arguments [String] :id The async search ID @option arguments [Time] :wait_for_completion_timeout Specify the time that the request should block waiting for the final response @option arguments [Time] :keep_alive Update the time interval in which the results (partial or final) for this search will be available @option arguments [Hash] :headers Custom HTTP headers
@see www.elastic.co/guide/en/elasticsearch/reference/8.16/eql-search-api.html
# File lib/elasticsearch/api/actions/eql/get.rb, line 34 def get(arguments = {}) request_opts = { endpoint: arguments[:endpoint] || 'eql.get' } defined_params = [:id].each_with_object({}) do |variable, set_variables| set_variables[variable] = arguments[variable] if arguments.key?(variable) end request_opts[:defined_params] = defined_params unless defined_params.empty? raise ArgumentError, "Required argument 'id' missing" unless arguments[:id] arguments = arguments.clone headers = arguments.delete(:headers) || {} body = nil _id = arguments.delete(:id) method = Elasticsearch::API::HTTP_GET path = "_eql/search/#{Utils.__listify(_id)}" params = Utils.process_params(arguments) Elasticsearch::API::Response.new( perform_request(method, path, params, body, headers, request_opts) ) end
Returns the status of a previously submitted async or stored Event Query Language (EQL) search
@option arguments [String] :id The async search ID @option arguments [Hash] :headers Custom HTTP headers
@see www.elastic.co/guide/en/elasticsearch/reference/8.16/eql-search-api.html
# File lib/elasticsearch/api/actions/eql/get_status.rb, line 32 def get_status(arguments = {}) request_opts = { endpoint: arguments[:endpoint] || 'eql.get_status' } defined_params = [:id].each_with_object({}) do |variable, set_variables| set_variables[variable] = arguments[variable] if arguments.key?(variable) end request_opts[:defined_params] = defined_params unless defined_params.empty? raise ArgumentError, "Required argument 'id' missing" unless arguments[:id] arguments = arguments.clone headers = arguments.delete(:headers) || {} body = nil _id = arguments.delete(:id) method = Elasticsearch::API::HTTP_GET path = "_eql/search/status/#{Utils.__listify(_id)}" params = {} Elasticsearch::API::Response.new( perform_request(method, path, params, body, headers, request_opts) ) end
Returns results matching a query expressed in Event Query Language (EQL)
@option arguments [String] :index The name of the index to scope the operation @option arguments [Time] :wait_for_completion_timeout Specify the time that the request should block waiting for the final response @option arguments [Boolean] :keep_on_completion Control whether the response should be stored in the cluster if it completed within the provided [wait_for_completion] time (default: false) @option arguments [Time] :keep_alive Update the time interval in which the results (partial or final) for this search will be available @option arguments [Hash] :headers Custom HTTP headers @option arguments [Hash] :body Eql
request body. Use the ‘query` to limit the query scope. (Required)
@see www.elastic.co/guide/en/elasticsearch/reference/8.16/eql-search-api.html
# File lib/elasticsearch/api/actions/eql/search.rb, line 36 def search(arguments = {}) request_opts = { endpoint: arguments[:endpoint] || 'eql.search' } defined_params = [:index].each_with_object({}) do |variable, set_variables| set_variables[variable] = arguments[variable] if arguments.key?(variable) end request_opts[:defined_params] = defined_params unless defined_params.empty? raise ArgumentError, "Required argument 'body' missing" unless arguments[:body] raise ArgumentError, "Required argument 'index' missing" unless arguments[:index] arguments = arguments.clone headers = arguments.delete(:headers) || {} body = arguments.delete(:body) _index = arguments.delete(:index) method = Elasticsearch::API::HTTP_POST path = "#{Utils.__listify(_index)}/_eql/search" params = Utils.process_params(arguments) Elasticsearch::API::Response.new( perform_request(method, path, params, body, headers, request_opts) ) end