Module: Elasticsearch::API::Eql::Actions

Included in:
EqlClient
Defined in:
lib/elasticsearch/api/namespace/eql.rb,
lib/elasticsearch/api/actions/eql/get.rb,
lib/elasticsearch/api/actions/eql/delete.rb,
lib/elasticsearch/api/actions/eql/search.rb,
lib/elasticsearch/api/actions/eql/get_status.rb

Instance Method Summary collapse

Instance Method Details

#delete(arguments = {}) ⇒ Object

Deletes an async EQL search by ID. If the search is still running, the search request will be cancelled. Otherwise, the saved search results are deleted.

Parameters:

  • arguments (Hash) (defaults to: {})

    a customizable set of options

Options Hash (arguments):

  • :id (String)

    The async search ID

  • :headers (Hash)

    Custom HTTP headers

Raises:

  • (ArgumentError)

See Also:



32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
# File 'lib/elasticsearch/api/actions/eql/delete.rb', line 32

def delete(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || "eql.delete" }

  defined_params = [:id].inject({}) do |set_variables, variable|
    set_variables[variable] = arguments[variable] if arguments.key?(variable)
    set_variables
  end
  request_opts[:defined_params] = defined_params unless defined_params.empty?

  raise ArgumentError, "Required argument 'id' missing" unless arguments[:id]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = nil

  _id = arguments.delete(:id)

  method = Elasticsearch::API::HTTP_DELETE
  path   = "_eql/search/#{Utils.__listify(_id)}"
  params = {}

  Elasticsearch::API::Response.new(
    perform_request(method, path, params, body, headers, request_opts)
  )
end

#get(arguments = {}) ⇒ Object

Returns async results from previously executed Event Query Language (EQL) search

Parameters:

  • arguments (Hash) (defaults to: {})

    a customizable set of options

Options Hash (arguments):

  • :id (String)

    The async search ID

  • :wait_for_completion_timeout (Time)

    Specify the time that the request should block waiting for the final response

  • :keep_alive (Time)

    Update the time interval in which the results (partial or final) for this search will be available

  • :headers (Hash)

    Custom HTTP headers

Raises:

  • (ArgumentError)

See Also:



34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# File 'lib/elasticsearch/api/actions/eql/get.rb', line 34

def get(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || "eql.get" }

  defined_params = [:id].inject({}) do |set_variables, variable|
    set_variables[variable] = arguments[variable] if arguments.key?(variable)
    set_variables
  end
  request_opts[:defined_params] = defined_params unless defined_params.empty?

  raise ArgumentError, "Required argument 'id' missing" unless arguments[:id]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = nil

  _id = arguments.delete(:id)

  method = Elasticsearch::API::HTTP_GET
  path   = "_eql/search/#{Utils.__listify(_id)}"
  params = Utils.process_params(arguments)

  Elasticsearch::API::Response.new(
    perform_request(method, path, params, body, headers, request_opts)
  )
end

#get_status(arguments = {}) ⇒ Object

Returns the status of a previously submitted async or stored Event Query Language (EQL) search

Parameters:

  • arguments (Hash) (defaults to: {})

    a customizable set of options

Options Hash (arguments):

  • :id (String)

    The async search ID

  • :headers (Hash)

    Custom HTTP headers

Raises:

  • (ArgumentError)

See Also:



32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
# File 'lib/elasticsearch/api/actions/eql/get_status.rb', line 32

def get_status(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || "eql.get_status" }

  defined_params = [:id].inject({}) do |set_variables, variable|
    set_variables[variable] = arguments[variable] if arguments.key?(variable)
    set_variables
  end
  request_opts[:defined_params] = defined_params unless defined_params.empty?

  raise ArgumentError, "Required argument 'id' missing" unless arguments[:id]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = nil

  _id = arguments.delete(:id)

  method = Elasticsearch::API::HTTP_GET
  path   = "_eql/search/status/#{Utils.__listify(_id)}"
  params = {}

  Elasticsearch::API::Response.new(
    perform_request(method, path, params, body, headers, request_opts)
  )
end

#search(arguments = {}) ⇒ Object

Returns results matching a query expressed in Event Query Language (EQL)

Parameters:

  • arguments (Hash) (defaults to: {})

    a customizable set of options

Options Hash (arguments):

  • :index (String)

    The name of the index to scope the operation

  • :wait_for_completion_timeout (Time)

    Specify the time that the request should block waiting for the final response

  • :keep_on_completion (Boolean)

    Control whether the response should be stored in the cluster if it completed within the provided [wait_for_completion] time (default: false)

  • :keep_alive (Time)

    Update the time interval in which the results (partial or final) for this search will be available

  • :headers (Hash)

    Custom HTTP headers

  • :body (Hash)

    Eql request body. Use the ‘query` to limit the query scope. (Required)

Raises:

  • (ArgumentError)

See Also:



36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# File 'lib/elasticsearch/api/actions/eql/search.rb', line 36

def search(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || "eql.search" }

  defined_params = [:index].inject({}) do |set_variables, variable|
    set_variables[variable] = arguments[variable] if arguments.key?(variable)
    set_variables
  end
  request_opts[:defined_params] = defined_params unless defined_params.empty?

  raise ArgumentError, "Required argument 'body' missing" unless arguments[:body]
  raise ArgumentError, "Required argument 'index' missing" unless arguments[:index]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body   = arguments.delete(:body)

  _index = arguments.delete(:index)

  method = Elasticsearch::API::HTTP_POST
  path   = "#{Utils.__listify(_index)}/_eql/search"
  params = Utils.process_params(arguments)

  Elasticsearch::API::Response.new(
    perform_request(method, path, params, body, headers, request_opts)
  )
end