Skip to content

[DOCS] EQL: Document size limit for pipes #59085

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Jul 8, 2020
Merged

[DOCS] EQL: Document size limit for pipes #59085

merged 6 commits into from
Jul 8, 2020

Conversation

@jrodewig
Copy link
Contributor

@jrodewig jrodewig commented Jul 6, 2020
edited
Loading

Changes:

  • Documents the size default as 10.
  • Updates size param def to note its relation to pipes.
  • Updates the head and tail pipe docs to modify sequences.
  • Documents the fetch_size parameter.

Relates to #59014 and #59063

@jrodewig
[DOCS] EQL: Document size limit for pipes
c8e2a99 
Changes:
* Documents the `size` default as `10`.
* Updates the `head` and `tail` pipe docs to note their relation to the
  `size` param and better align examples with the new default.
@jrodewig jrodewig added :Analytics/EQL EQL querying >docs General docs changes v8.0.0 and removed v8.0.0 labels Jul 6, 2020
@jrodewig jrodewig marked this pull request as ready for review July 6, 2020 16:11
@elasticmachine
Copy link
Collaborator

elasticmachine commented Jul 6, 2020

Pinging @elastic/es-ql (:Query Languages/EQL)

@elasticmachine elasticmachine added the Team:QL (Deprecated) Meta label for query languages team label Jul 6, 2020
@elasticmachine
Copy link
Collaborator

elasticmachine commented Jul 6, 2020

Pinging @elastic/es-docs (>docs)

@elasticmachine elasticmachine added the Team:Docs Meta label for docs team label Jul 6, 2020
@jrodewig jrodewig requested review from astefan and costin July 6, 2020 16:11
@jrodewig jrodewig mentioned this pull request Jul 6, 2020
Merged
@jrodewig jrodewig removed request for astefan and costin July 6, 2020 17:02
@jrodewig jrodewig marked this pull request as draft July 6, 2020 17:02
@jrodewig
Copy link
Contributor Author

jrodewig commented Jul 6, 2020

Converting this to a draft so I can include changes from #59063

@rw-access
Copy link
Contributor

rw-access commented Jul 6, 2020

@costin quick question on the default size. How should we make EQL in Elasticsearch and Python consistent? The python default when unspecified has been 50. Should that existing behavior be changed to default instead to 10? Or should this be changed to match the existing default of 50?

costin
costin reviewed Jul 7, 2020
View reviewed changes
docs/reference/eql/eql-search-api.asciidoc
Common Schema (ECS)]. If an index does not contain the `event.category` field,
this value is required.

`fetch_size`::
Copy link
Member

@costin costin Jul 7, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently, this value has to be larger than 2. Note sure though whether it makes sense mentioning this.

Copy link
Member

@costin costin Jul 7, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would add that this value cannot be higher index_max_result_window (one can try but will end up with an exception from ES).

@costin
Copy link
Member

costin commented Jul 7, 2020

@costin quick question on the default size. How should we make EQL in Elasticsearch and Python consistent? The python default when unspecified has been 50. Should that existing behavior be changed to default instead to 10? Or should this be changed to match the existing default of 50?

Let's discuss this in our weekly meeting. In Elasticsearch, one would be able specify the default size (#58646) and default ordering.

Value 10 was used since this is the default for Elasticsearch document search.

Should that existing behavior be changed to default instead to 10?

That would be my preference in order to make things consistently across different Elasticsearch products.

@jrodewig jrodewig marked this pull request as ready for review July 7, 2020 17:51
@jrodewig jrodewig requested review from astefan and costin July 7, 2020 17:51
costin
costin reviewed Jul 7, 2020
View reviewed changes
Copy link
Member

@costin costin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jrodewig jrodewig merged commit 52bfe9e into elastic:master Jul 8, 2020
@jrodewig jrodewig deleted the docs__eql-size-changes branch July 8, 2020 15:52
@jrodewig jrodewig mentioned this pull request Jul 8, 2020
Merged
jrodewig added a commit that referenced this pull request Jul 8, 2020
@jrodewig
[DOCS] EQL: Document size limit for pipes (#59085) (#59236)
93a5eb0 
Changes:
* Documents the `size` default as `10`.
* Updates `size` param def to note its relation to pipes.
* Updates the `head` and `tail` pipe docs to modify sequences.
* Documents the `fetch_size` parameter.

Relates to #59014 and #59063
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@costin costin costin approved these changes

@astefan astefan Awaiting requested review from astefan

Assignees

No one assigned

Labels

:Analytics/EQL EQL querying >docs General docs changes Team:Docs Meta label for docs team Team:QL (Deprecated) Meta label for query languages team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jrodewig @elasticmachine @rw-access @costin