Skip to content

[DOCS] EQL: Add search/index speed tip for functions #54346

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 1, 2020
Merged

[DOCS] EQL: Add search/index speed tip for functions #54346

merged 1 commit into from
Apr 1, 2020

Conversation

@jrodewig
Copy link
Contributor

@jrodewig jrodewig commented Mar 27, 2020

EQL functions are an easy way for users to transform indexed data
at search time. However, using multiple functions can make
queries difficult to write and slows search speeds.

Users can circumvent this by indexing fields containing the transformed
data, but that usually slows index speeds.

This adds a related tip and example covering these tradeoffs.

Depends on #53855

@jrodewig
[DOCS] EQL: Add search/index speed tip for functions
b57a9a4 
EQL functions are an easy way for users to transform indexed data
at search time. However, using multiple functions can make
queries difficult to write and slows search speeds.

Users can circumvent this by indexing fields containing the transformed
data, but that usually slows index speeds.

This adds a related tip and example covering these tradeoffs.
@jrodewig jrodewig added >docs General docs changes :Analytics/EQL EQL querying labels Mar 27, 2020
@elasticmachine
Copy link
Collaborator

elasticmachine commented Mar 27, 2020

Pinging @elastic/es-docs (>docs)

@elasticmachine
Copy link
Collaborator

elasticmachine commented Mar 27, 2020

Pinging @elastic/es-ql (:Query Languages/EQL)

@jrodewig jrodewig marked this pull request as ready for review March 31, 2020 17:11
@jrodewig jrodewig requested review from astefan and costin March 31, 2020 17:11
astefan
astefan approved these changes Apr 1, 2020
View reviewed changes
Copy link
Contributor

@astefan astefan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jrodewig jrodewig merged commit 658a331 into elastic:master Apr 1, 2020
@jrodewig jrodewig deleted the docs__add-fn-speed-tip branch April 1, 2020 12:21
@jrodewig
Copy link
Contributor Author

jrodewig commented Apr 1, 2020

Thanks @astefan!

@jrodewig jrodewig mentioned this pull request Apr 1, 2020
Merged
jrodewig added a commit that referenced this pull request Apr 1, 2020
@jrodewig
[DOCS] EQL: Add search/index speed tip for functions (#54346) (#54575)
92d570d 
EQL functions are an easy way for users to transform indexed data
at search time. However, using multiple functions can make
queries difficult to write and slows search speeds.

Users can circumvent this by indexing fields containing the transformed
data, but that usually slows index speeds.

This adds a related tip and example covering these tradeoffs.
@jrodewig
Copy link
Contributor Author

jrodewig commented Apr 1, 2020

Backport commits

master 658a331
7.x 92d570d

@jrodewig jrodewig mentioned this pull request Apr 2, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@astefan astefan astefan approved these changes

@costin costin Awaiting requested review from costin

Assignees

No one assigned

Labels

:Analytics/EQL EQL querying >docs General docs changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jrodewig @elasticmachine @astefan