This is a meta issue to track the progress of documentation efforts for EQL support in Elasticsearch. To monitor ongoing development, see #49581. ### High-level content plan - [x] Top-level EQL page (intro + nav) #51334 - [x] EQL requirements #51334 - [x] Run an EQL search #51574 - [x] Add a Beats tip #53292 - [x] Specify timestamp and event type fields #52953 - [x] Filter using query DSL #52953 - [x] Async search #56704 - [x] EQL syntax reference #51821 - [x] Basic syntax (https://eql.readthedocs.io/en/latest/query-guide/index.html) #51821 - [x] EQL function reference - [x] `add` #55810 - [x] `between` #54950 - [x] `cidrMatch` #54216 - [x] `concat` #56239 - [x] `divide` #55810 - [x] `endsWith` #54521 - [x] `indexOf` #55071 - [x] `length` #54225 - [x] `match` #56134 - [x] `modulo` #55810 - [x] `multiply` #55810 - [x] `number`#56770 - [x] `startsWith` #54518 - [x] `string` #55086 - [x] `stringContains` #54968 - [x] `substring` #54203 - [x] `subtract` #55810 - [x] `wildcard` #54086 - [x] EQL pipe reference #58673 - [x] head #58673 - [x] tail #58673 - [x] Limitations (EQL features not supported in ES) #52001 - [x] EQL search API documentation #52384 ### Cleanup tasks - [x] Remove/swap `dev` admonitions #59259 - [x] Remove `ifdef` statements for including docs (cf. #51743, #52384) #59259
This is a meta issue to track the progress of documentation efforts for EQL support in Elasticsearch.
To monitor ongoing development, see #49581.
High-level content plan
add[DOCS] EQL: Document math functions #55810between[DOCS] EQL: Documentbetweenfunction #54950cidrMatch[DOCS] EQL: DocumentcidrMatchfunction #54216concat[DOCS] EQL: Documentconcatfunction #56239divide[DOCS] EQL: Document math functions #55810endsWith[DOCS] EQL: DocumentendsWithfunction #54521indexOf[DOCS] EQL: DocumentindexOffunction #55071length[DOCS] EQL: Documentlengthfunction #54225match[DOCS] EQL: Documentmatchfunction #56134modulo[DOCS] EQL: Document math functions #55810multiply[DOCS] EQL: Document math functions #55810number[DOCS] EQL: Documentnumberfunction #56770startsWith[DOCS] EQL: DocumentstartsWithfunction #54518string[DOCS] EQL: Documentstringfunction #55086stringContains[DOCS] EQL: DocumentstringContainsfunction #54968substring[7.x] [DOCS] EQL: Documentsubstringfunction (#53867) #54203subtract[DOCS] EQL: Document math functions #55810wildcard[DOCS] EQL: Documentwildcardfunction #54086headandtailpipes #58673headandtailpipes #58673headandtailpipes #58673Cleanup tasks
devadmonitions [DOCS] EQL: Prepare docs for release #59259ifdefstatements for including docs (cf. [DOCS] Include docs on permanently unreleased branches only #51743, [DOCS] Document EQL search REST API #52384) [DOCS] EQL: Prepare docs for release #59259