Module: ElasticsearchServerless::API::Eql::Actions

Defined in:

lib/elasticsearch-serverless/api/eql/get.rb,
lib/elasticsearch-serverless/api/eql/delete.rb,
lib/elasticsearch-serverless/api/eql/search.rb,
lib/elasticsearch-serverless/api/eql/get_status.rb

Instance Method Summary

• #delete(arguments = {}) ⇒ Object

  Deletes an async EQL search or a stored synchronous EQL search.

• #get(arguments = {}) ⇒ Object

  Returns the current status and available results for an async EQL search or a stored synchronous EQL search.

• #get_status(arguments = {}) ⇒ Object

  Returns the current status for an async EQL search or a stored synchronous EQL search without returning results.

• #search(arguments = {}) ⇒ Object

  Returns results matching a query expressed in Event Query Language (EQL).

Instance Method Details

#delete(arguments = {}) ⇒ Object

Deletes an async EQL search or a stored synchronous EQL search. The API also deletes results for the search.

Parameters:

• arguments (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (arguments):

• :id (String) —

  Identifier for the search to delete. A search ID is provided in the EQL search API’s response for an async search. A search ID is also provided if the request’s keep_on_completion parameter is true. (Required)

• :headers (Hash) —

  Custom HTTP headers

Raises:

• (ArgumentError)

See Also:

• https://www.elastic.co/guide/en/elasticsearch/reference/current/eql-search-api.html

# File 'lib/elasticsearch-serverless/api/eql/delete.rb', line 35

def delete(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || "eql.delete" }

  defined_params = [:id].inject({}) do |set_variables, variable|
    set_variables[variable] = arguments[variable] if arguments.key?(variable)
    set_variables
  end
  request_opts[:defined_params] = defined_params unless defined_params.empty?

  raise ArgumentError, "Required argument 'id' missing" unless arguments[:id]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = nil

  _id = arguments.delete(:id)

  method = ElasticsearchServerless::API::HTTP_DELETE
  path   = "_eql/search/#{Utils.listify(_id)}"
  params = {}

  ElasticsearchServerless::API::Response.new(
    perform_request(method, path, params, body, headers, request_opts)
  )
end

#get(arguments = {}) ⇒ Object

Returns the current status and available results for an async EQL search or a stored synchronous EQL search.

Parameters:

• arguments (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (arguments):

• :id (String) —

  Identifier for the search. (Required)

• :keep_alive (Time) —

  Period for which the search and its results are stored on the cluster. Defaults to the keep_alive value set by the search’s EQL search API request.

• :wait_for_completion_timeout (Time) —

  Timeout duration to wait for the request to finish. Defaults to no timeout, meaning the request waits for complete search results.

• :headers (Hash) —

  Custom HTTP headers

Raises:

• (ArgumentError)

See Also:

• https://www.elastic.co/guide/en/elasticsearch/reference/current/get-async-eql-search-api.html

# File 'lib/elasticsearch-serverless/api/eql/get.rb', line 36

def get(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || "eql.get" }

  defined_params = [:id].inject({}) do |set_variables, variable|
    set_variables[variable] = arguments[variable] if arguments.key?(variable)
    set_variables
  end
  request_opts[:defined_params] = defined_params unless defined_params.empty?

  raise ArgumentError, "Required argument 'id' missing" unless arguments[:id]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = nil

  _id = arguments.delete(:id)

  method = ElasticsearchServerless::API::HTTP_GET
  path   = "_eql/search/#{Utils.listify(_id)}"
  params = Utils.process_params(arguments)

  ElasticsearchServerless::API::Response.new(
    perform_request(method, path, params, body, headers, request_opts)
  )
end

#get_status(arguments = {}) ⇒ Object

Returns the current status for an async EQL search or a stored synchronous EQL search without returning results.

Parameters:

• arguments (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (arguments):

• :id (String) —

  Identifier for the search. (Required)

• :headers (Hash) —

  Custom HTTP headers

Raises:

• (ArgumentError)

See Also:

• https://www.elastic.co/guide/en/elasticsearch/reference/current/get-async-eql-status-api.html

# File 'lib/elasticsearch-serverless/api/eql/get_status.rb', line 32

def get_status(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || "eql.get_status" }

  defined_params = [:id].inject({}) do |set_variables, variable|
    set_variables[variable] = arguments[variable] if arguments.key?(variable)
    set_variables
  end
  request_opts[:defined_params] = defined_params unless defined_params.empty?

  raise ArgumentError, "Required argument 'id' missing" unless arguments[:id]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = nil

  _id = arguments.delete(:id)

  method = ElasticsearchServerless::API::HTTP_GET
  path   = "_eql/search/status/#{Utils.listify(_id)}"
  params = {}

  ElasticsearchServerless::API::Response.new(
    perform_request(method, path, params, body, headers, request_opts)
  )
end

#search(arguments = {}) ⇒ Object

Returns results matching a query expressed in Event Query Language (EQL)

Parameters:

• arguments (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (arguments):

• :index (String, Array) —

  The name of the index to scope the operation (Required)

• :allow_no_indices (Boolean) —

  TODO

  Server default: true.

• :expand_wildcards (String, Array<String>) —

  TODO

  Server default: open.

• :ignore_unavailable (Boolean) —

  If true, missing or closed indices are not included in the response. Server default: true.

• :keep_alive (Time) —

  Period for which the search and its results are stored on the cluster. Server default: 5d.

• :keep_on_completion (Boolean) —

  If true, the search and its results are stored on the cluster.

• :wait_for_completion_timeout (Time) —

  Timeout duration to wait for the request to finish. Defaults to no timeout, meaning the request waits for complete search results.

• :headers (Hash) —

  Custom HTTP headers

• :body (Hash) —

  request body

Raises:

• (ArgumentError)

See Also:

• https://www.elastic.co/guide/en/elasticsearch/reference/current/eql-search-api.html

# File 'lib/elasticsearch-serverless/api/eql/search.rb', line 39

def search(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || "eql.search" }

  defined_params = [:index].inject({}) do |set_variables, variable|
    set_variables[variable] = arguments[variable] if arguments.key?(variable)
    set_variables
  end
  request_opts[:defined_params] = defined_params unless defined_params.empty?

  raise ArgumentError, "Required argument 'body' missing" unless arguments[:body]
  raise ArgumentError, "Required argument 'index' missing" unless arguments[:index]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = arguments.delete(:body)

  _index = arguments.delete(:index)

  method = ElasticsearchServerless::API::HTTP_POST
  path   = "#{Utils.listify(_index)}/_eql/search"
  params = Utils.process_params(arguments)

  ElasticsearchServerless::API::Response.new(
    perform_request(method, path, params, body, headers, request_opts)
  )
end