Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 7fcbe42465
Branches Tags
elasticsearch
/
docs
/
reference
/
eql
/
limitations.asciidoc

limitations.asciidoc 1.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142 
  1. [role="xpack"]
    2. 

  2. [testenv="basic"]
    3. 

  3. [[eql-limitations]]
    4. 

  4. == EQL limitations
    5. 

  5. ++++
    6. 

  6. <titleabbrev>Limitations</titleabbrev>
    7. 

  7. ++++
    8. 

  8. 

  9. experimental::[]
    10. 

  10. 

  11. [discrete]
    12. 

  12. [[eql-nested-fields]]
    13. 

  13. === EQL search on nested fields is not supported
    14. 

  14. 

  15. You cannot use EQL to search the values of a <<nested,`nested`>> field or the
    16. 

  16. sub-fields of a `nested` field. However, indices containing `nested` field
    17. 

  17. mappings are otherwise supported.
    18. 

  18. 

  19. [discrete]
    20. 

  20. [[eql-unsupported-syntax]]
    21. 

  21. === Unsupported syntax
    22. 

  22. 

  23. {es} supports a subset of {eql-ref}/index.html[EQL syntax]. {es} cannot run EQL
    24. 

  24. queries that contain:
    25. 

  25. 

  26. * Array functions:
    27. 

  27. ** {eql-ref}/functions.html#arrayContains[`arrayContains`]
    28. 

  28. ** {eql-ref}/functions.html#arrayCount[`arrayCount`]
    29. 

  29. ** {eql-ref}/functions.html#arraySearch[`arraySearch`]
    30. 

  30. 

  31. * {eql-ref}/joins.html[Joins]
    32. 

  32. 

  33. * {eql-ref}/basic-syntax.html#event-relationships[Lineage-related keywords]:
    34. 

  34. ** `child of`
    35. 

  35. ** `descendant of`
    36. 

  36. ** `event of`
    37. 

  37. 

  38. * {eql-ref}/pipes.html[Pipes]
    39. 

  39. 

  40. * {eql-ref}/sequences.html[State and timespan-related sequence keywords]:
    41. 

  41. ** `with maxspan`
    42. 

  42. ** `until`
    43.