[DOCS] Add top-level EQL docs page. Adds EQL requirements page. #51334
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Collaborator
|
Pinging @elastic/es-docs (>docs) |
Collaborator
|
Pinging @elastic/es-search (:Search/EQL) |
* **Creates a top-level page for EQL in the ES reference.** This page contains a high-level introduction and will include a nav for other EQL docs pages as they're built. * **Creates a requirements page.** This page outlines the fields needed to use EQL in ES.
jrodewig
changed the title
35 tasks
jrodewig
commented
Jan 23, 2020
Comment on lines
+24
to
+26
| * Use {es} for threat hunting or other security use cases | ||
| * Search time-series data or logs, such as network or system logs | ||
| * Want an easy way to explore relationships between events |
Contributor
Author
There was a problem hiding this comment.
@sethpayne Do you think this covers most of our major use cases for EQL within ES?
Contributor
Author
|
@elasticmachine update branch |
Contributor
Author
|
Thanks @aleksmaus! |
jrodewig
added a commit
that referenced
this pull request
Jan 27, 2020
* Creates a top-level page for EQL in the ES reference. This page contains a high-level introduction and will include a nav for other EQL docs pages as they're built. * Creates a requirements page. This page outlines the fields needed to use EQL in ES.
Contributor
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes
Creates a top-level page for EQL in the ES reference.
This page contains a high-level introduction and will include a nav for other EQL docs pages as they're built.
Creates a requirements page.
This page outlines the fields needed to use EQL in ES.
Note to reviewers
This PR isn't intended to encompass all needed EQL docs. I'll be working incrementally to add new pages. However, the overview page is a required first step for adding those new pages.