2022年12月13日 · Use EQL’s sample syntax to search for events that match one or more join keys and a set of filters. Samples are similar to sequences, but do not return events in …

By default, the EQL search API uses the event.category field from the Elastic Common Schema (ECS). You can specify another event category field using the API’s event_category_field …

2025年2月4日 · 事件查询语言（EQL）是一种用于基于事件的时间序列数据（例如日志，指标和跟踪）的查询语言。 在 Elastic Security 平台上，当输入有效的 EQL 时，查询会在数据节点上 …

2023年11月1日 · 事件查询语言Event Query Language (EQL) 是 基于事件的 时间序列数据 event-based time series data (如日志、度量和跟踪)的查询语言。 1、EQL允许您表达事件之间的关系 …

2019年6月5日 · We created the Event Query Language (EQL) for hunting and real-time detection, with a simple syntax that helps practitioners express complex queries without a high barrier to …

Abstract: This handbook is an Application Programming Interface (API) implementation guide to Smart Energy Profile 2.0 (SEP2) and how it is applied in Queensland. It applies to dynamic …

EQL is a language that can match events, generate sequences, stack data, build aggregations, and perform analysis. EQL is schemaless and supports multiple database backends. It …

2020年9月20日 · Elasticsearch supports several of EQL’s built-in functions. You can use these functions to convert data types, perform math, manipulate strings, and more. For a list of …

ES|QL 是 Elasticsearch® 原生的强大声明性语言，专为可组合性、表现力和速度而设计。 为什么要另一种语言？ Elasticsearch 支持多种语言，从古老的 queryDSL 到 EQL、KQL、SQL …

EQL is a declarative way to make hierarchical (and possibly nested) selections of information about data requirements. This repository contains the base specs and definitions for EQL …