2022年12月13日 · EQL lets you write and read queries intuitively, which makes for quick, iterative searching. EQL is designed for security use cases. While you can use it for any event-based …

You can use EQL samples to describe and match a chronologically unordered series of events. All events in a sample share the same value for one or more fields that are specified using the …

EQL查询需要一个 事件类别和匹配条件。 where关键字 将它们连接起来。 事件类别event category是事件类别字段的 索引值。 默认情况下，EQL搜索API使用来自 Elastic Common …

To search a remote cluster, use the <cluster>:<target> syntax. See Run an EQL search across clusters. This parameter’s behavior differs from the allow_no_indices parameter used in other …

Event Query Language (EQL) is a query language for event-based time series data, such as logs, metrics, and traces. EQL lets you express relationships between events. Many query …

2025年1月13日 · By default, an EQL query can only contain fields that exist in the dataset you’re searching. A field exists in a dataset if it has an explicit, dynamic, or runtime mapping.

2022年9月21日 · 事件查询语言（EQL） 是一种用于基于事件的 时间序列数据 （例如日志，指标和跟踪）的查询语言。 EQL 在 Elastic Security 中被广泛使用。 在 Elastic Security 平台上， …

2023年4月7日 · Introduced in Elasticsearch version 7.10, EQL is a game-changing language that simplifies the correlation of events in your data to help identify patterns and trends. EQL is …

2024年1月22日 · Event Query Language (EQL) is a query language designed for analyzing and correlating events in log data. It offers a simplified syntax for expressing complex queries,...

2025年1月13日 · Event Query Language (EQL) is a query language for event-based time series data, such as logs, metrics, and traces. EQL lets you express relationships between events. …