|
|
@@ -130,6 +130,14 @@ getting or searching for a document.
|
|
|
// end::document-def[]
|
|
|
--
|
|
|
|
|
|
+[[glossary-eql]]
|
|
|
+Event Query Language (EQL) ::
|
|
|
+// tag::eql-def[]
|
|
|
+A query language for event-based time series data, such as logs, metrics, and
|
|
|
+traces. EQL supports matching for event sequences. In the {security-app}, you
|
|
|
+use EQL to write event correlation rules. See {ref}/eql.html[EQL].
|
|
|
+// end::eql-def[]
|
|
|
+
|
|
|
[[glossary-field]] field ::
|
|
|
+
|
|
|
--
|
James Rodewig