EQL has the concept of pipes which run logic on the results of an eql query and can be combined. Regardless of the fact that in some cases the execution of these pipes can be pushed down to the Search API and run as aggregations (this will be addressed in a later issue) we need to implement the logic in the EQL plugin since there are many cases, including any EQL queries using sequence or join where we will not be able to push the evaluation down to the search API.
The pipe operations that need to be implemented are:
EQL has the concept of pipes which run logic on the results of an eql query and can be combined. Regardless of the fact that in some cases the execution of these pipes can be pushed down to the Search API and run as aggregations (this will be addressed in a later issue) we need to implement the logic in the EQL plugin since there are many cases, including any EQL queries using sequence or join where we will not be able to push the evaluation down to the search API.
The pipe operations that need to be implemented are: