Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

[DOCS] Fix syntax and wording in EQL docs (#59623)

James Rodewig 5 years ago
parent
1fb4a5ed31
commit
d250f94374
3 changed files with 15 additions and 14 deletions
Split View Show Diff Stats
  1. 3 3
      docs/reference/eql/requirements.asciidoc
  2. 2 1
      docs/reference/eql/search.asciidoc
  3. 10 10
      docs/reference/eql/syntax.asciidoc

+ 3 - 3
docs/reference/eql/requirements.asciidoc
View File 

@@ -13,8 +13,8 @@ EQL is schema-less and works well with most common log formats.
 
 [TIP]
 
 ====
 
 While no schema is required to use EQL in {es}, we recommend the
 
-{ecs-ref}[Elastic Common Schema (ECS)]. The EQL search API is designed to work
 
-with core ECS fields by default.
 
+{ecs-ref}[Elastic Common Schema (ECS)]. The <<eql-search-api,EQL search API>> is
 
+designed to work with core ECS fields by default.
 
 ====
 
 
 [discrete]
 
@@ -38,6 +38,6 @@ mapped as a <<date,`date`>> or <<date_nanos,`date_nanos`>> field.
 
 [NOTE]
 
 ====
 
 You cannot use a <<nested,`nested`>> field data type or the sub-fields of a
 
-`nested` field dataype as the timestamp or event category field. See
 
+`nested` field as the timestamp or event category field. See
 
 <<eql-nested-fields>>.
 
 ====

+ 2 - 1
docs/reference/eql/search.asciidoc
View File 

@@ -8,7 +8,8 @@ experimental::[]
 
 To start using EQL in {es}, first ensure your event data meets
 
 <<eql-requirements,EQL requirements>>. You can then use the <<eql-search-api,EQL
 
 search API>> to search event data stored in one or more {es} data streams or
 
-indices.
 
+indices. The API requires a query written in {es}'s supported <<eql-syntax,EQL
 
+syntax>>.
 
 
 .*Example*
 
 [%collapsible]

+ 10 - 10
docs/reference/eql/syntax.asciidoc
View File 

@@ -74,7 +74,7 @@ You can specify and combine these criteria using the following operators:
 
 
 You cannot use comparison operators to compare a variable, such as a field
 
 value, to another variable, even if those variables are modified using a
 
-<eql-functions,function>>.
 
+<<eql-functions,function>>.
 
 
 .*Example*
 
 [%collapsible]
 
@@ -102,12 +102,12 @@ process where process.parent.name == "foo" and process.name == "foo"
 
 
 [IMPORTANT]
 
 ====
 
-Avoid using the equal operator (`==`) to perform exact matching on `text` field
 
-values.
 
+Avoid using the equal operator (`==`) to perform exact matching on
 
+<<text,`text`>> field values.
 
 
-By default, {es} changes the values of <<text,`text`>> fields as part of
 
-<<analysis, analysis>>. This can make finding exact matches for `text` field
 
-values difficult.
 
+By default, {es} changes the values of `text` fields as part of <<analysis,
 
+analysis>>. This can make finding exact matches for `text` field values
 
+difficult.
 
 
 To search `text` fields, consider using a <<eql-search-filter-query-dsl,query
 
 DSL filter>> that contains a <<query-dsl-match-query,`match`>> query.
 
@@ -350,8 +350,8 @@ the backslash remains in the resulting string.
 
 
 [NOTE]
 
 ====
 
-Raw strings cannot contain only a single backslash. Additionally, raw strings
 
-cannot end in an odd number of backslashes.
 
+Raw strings cannot contain only a single backslash or end in an odd number of
 
+backslashes.
 
 ====
 
 
 [discrete]
 
@@ -375,8 +375,8 @@ dots (`.`), hyphens (`-`), or spaces, must be escaped using backticks (+++`+++).
 
 
 You can use EQL sequences to describe and match an ordered series of events.
 
 Each item in a sequence is an event category and event condition,
 
-surrounded by square brackets. Events are listed in ascending chronological
 
-order, with the most recent event listed last.
 
+surrounded by square brackets (`[ ]`). Events are listed in ascending
 
+chronological order, with the most recent event listed last.
 
 
 [source,eql]
 
 ----