Adds EQL, ESQL, features API example requests and responses.

szabosteve · lcawl · commit caa6ddd07066 · 2024-09-12T13:11:11.000-07:00
diff --git a/specification/eql/get_status/EqlGetStatusResponseExample1.json b/specification/eql/get_status/EqlGetStatusResponseExample1.json
@@ -0,0 +1,7 @@
+{
+  "summary": "A successful response for getting status information for an async EQL search.",
+  "description": "",
+  "type": "response",
+  "response_code": 200,
+  "value": "{\n  \"id\" : \"FmNJRUZ1YWZCU3dHY1BIOUhaenVSRkEaaXFlZ3h4c1RTWFNocDdnY2FSaERnUTozNDE=\",\n  \"is_running\" : true,\n  \"is_partial\" : true,\n  \"start_time_in_millis\" : 1611690235000,\n  \"expiration_time_in_millis\" : 1611690295000\n\n}"
+}
diff --git a/specification/eql/search/EqlSearchRequestExample1.json b/specification/eql/search/EqlSearchRequestExample1.json
@@ -0,0 +1,7 @@
+{
+  "summary": "Returns search results for an EQL query.",
+  "method_request": "GET /my-data-stream/_eql/search",
+  "description": "",
+  "type": "request",
+  "value": "{\n  \"query\": \"\"\"\n    process where process.name == \"regsvr32.exe\"\n  \"\"\"\n}"
+}
diff --git a/specification/eql/search/EqlSearchRequestExample2.json b/specification/eql/search/EqlSearchRequestExample2.json
@@ -0,0 +1,7 @@
+{
+  "summary": "Returns search results for an EQL query",
+  "method_request": "GET /my-data-stream/_eql/search",
+  "description": "",
+  "type": "request",
+  "value": "{\n  \"query\": \"\"\"\n    process where (process.name == \"cmd.exe\" and process.pid != 2013)\n  \"\"\"\n}"
+}
diff --git a/specification/eql/search/EqlSearchResponseExample2.json b/specification/eql/search/EqlSearchResponseExample2.json
@@ -0,0 +1,7 @@
+{
+  "summary": "A successful response for performing search with an EQL query.",
+  "description": "",
+  "type": "response",
+  "response_code": 200,
+  "value": "{\n  \"is_partial\": false,\n  \"is_running\": false,\n  \"took\": 6,\n  \"timed_out\": false,\n  \"hits\": {\n    \"total\": {\n      \"value\": 1,\n      \"relation\": \"eq\"\n    },\n    \"sequences\": [\n      {\n        \"join_keys\": [\n          2012\n        ],\n        \"events\": [\n          {\n            \"_index\": \".ds-my-data-stream-2099.12.07-000001\",\n            \"_id\": \"AtOJ4UjUBAAx3XR5kcCM\",\n            \"_source\": {\n              \"@timestamp\": \"2099-12-06T11:04:07.000Z\",\n              \"event\": {\n                \"category\": \"file\",\n                \"id\": \"dGCHwoeS\",\n                \"sequence\": 2\n              },\n              \"file\": {\n                \"accessed\": \"2099-12-07T11:07:08.000Z\",\n                \"name\": \"cmd.exe\",\n                \"path\": \"C:\\\\Windows\\\\System32\\\\cmd.exe\",\n                \"type\": \"file\",\n                \"size\": 16384\n              },\n              \"process\": {\n                \"pid\": 2012,\n                \"name\": \"cmd.exe\",\n                \"executable\": \"C:\\\\Windows\\\\System32\\\\cmd.exe\"\n              }\n            }\n          },\n          {\n            \"_index\": \".ds-my-data-stream-2099.12.07-000001\",\n            \"_id\": \"OQmfCaduce8zoHT93o4H\",\n            \"_source\": {\n              \"@timestamp\": \"2099-12-07T11:07:09.000Z\",\n              \"event\": {\n                \"category\": \"process\",\n                \"id\": \"aR3NWVOs\",\n                \"sequence\": 4\n              },\n              \"process\": {\n                \"pid\": 2012,\n                \"name\": \"regsvr32.exe\",\n                \"command_line\": \"regsvr32.exe  /s /u /i:https://...RegSvr32.sct scrobj.dll\",\n                \"executable\": \"C:\\\\Windows\\\\System32\\\\regsvr32.exe\"\n              }\n            }\n          }\n        ]\n      }\n    ]\n  }\n}"
+}
diff --git a/specification/esql/query/EsqlQueryApiRequestExample1.json b/specification/esql/query/EsqlQueryApiRequestExample1.json
@@ -0,0 +1,7 @@
+{
+  "summary": "Returns results for an ES|QL query.",
+  "method_request": "POST /_query",
+  "description": "",
+  "type": "request",
+  "value": "{\n  \"query\": \"\"\"\n    FROM library\n    | EVAL year = DATE_TRUNC(1 YEARS, release_date)\n    | STATS MAX(page_count) BY year\n    | SORT year\n    | LIMIT 5\n  \"\"\"\n}"
+}
diff --git a/specification/features/get_features/FeaturesApiResponseExample1.json b/specification/features/get_features/FeaturesApiResponseExample1.json
@@ -0,0 +1,7 @@
+{
+  "summary": "A successful response for retrieving a list of feature states that can be included when taking a snapshot.",
+  "description": "",
+  "type": "response",
+  "response_code": 200,
+  "value": "{\n    \"features\": [\n        {\n            \"name\": \"tasks\",\n            \"description\": \"Manages task results\"\n        },\n        {\n            \"name\": \"kibana\",\n            \"description\": \"Manages Kibana configuration and reports\"\n        }\n    ]\n}"
+}
diff --git a/specification/features/reset_features/ResetFeaturesResponseExample1.json b/specification/features/reset_features/ResetFeaturesResponseExample1.json
@@ -0,0 +1,7 @@
+{
+  "summary": "A successful response for clearing state information stored in system indices by Elasticsearch features.",
+  "description": "",
+  "type": "response",
+  "response_code": 200,
+  "value": "{\n  \"features\" : [\n    {\n      \"feature_name\" : \"security\",\n      \"status\" : \"SUCCESS\"\n    },\n    {\n      \"feature_name\" : \"tasks\",\n      \"status\" : \"SUCCESS\"\n    }\n  ]\n}"
+}
