Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

[DOCS] Note that EQL timestamp field can also be date_nanos

James Rodewig 5 years ago
parent
f420018bb2
commit
adc520b7c2
2 changed files with 6 additions and 6 deletions
Split View Show Diff Stats
  1. 1 1
      docs/reference/eql/requirements.asciidoc
  2. 5 5
      docs/reference/eql/search.asciidoc

+ 1 - 1
docs/reference/eql/requirements.asciidoc
View File 

@@ -33,7 +33,7 @@ A field containing the event classification, such as `process`, `file`, or
 
 
 Timestamp::
 
 A field containing the date and/or time the event occurred. This is typically
 
-mapped as a <<date,`date`>> field.
 
+mapped as a <<date,`date`>> or <<date_nanos,`date_nanos`>> field.
 
 
 [NOTE]
 
 ====

+ 5 - 5
docs/reference/eql/search.asciidoc
View File 

@@ -403,8 +403,8 @@ GET /sec_logs/_eql/search
 
 [[eql-search-specify-event-category-field]]
 
 === Specify an event category field
 
 
-The EQL search API uses `event.category` as the required
 
-<<eql-required-fields,event category field>> by default. You can use the
 
+By default, the EQL search API uses `event.category` as the
 
+<<eql-required-fields,event category field>>. You can use the
 
 `event_category_field` parameter to specify another event category field.
 
 
 .*Example*
 
@@ -429,9 +429,9 @@ GET /sec_logs/_eql/search
 
 [[eql-search-specify-timestamp-field]]
 
 === Specify a timestamp field
 
 
-The EQL search API uses `@timestamp` as the required <<eql-required-fields,event
 
-timestamp field>> by default. You can use the `timestamp_field` parameter to
 
-specify another timestamp field.
 
+By default, EQL searches use `@timestamp` as the <<eql-required-fields,event
 
+timestamp field>>. You can use the EQL search API's `timestamp_field` parameter
 
+to specify another timestamp field.
 
 
 .*Example*
 
 [%collapsible]