Skip to content

[8.14] [Request][8.14] improved ES|QL investigation (highlighted) fields (backport #5182) #5235

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 20, 2024
Merged

[8.14] [Request][8.14] improved ES|QL investigation (highlighted) fields (backport #5182) #5235

merged 3 commits into from
May 20, 2024

Conversation

@mergify
Copy link
Contributor

@mergify mergify bot commented May 20, 2024

Contributes to #5054

Preview:
Made several updates to the Create an ES|QL rule section:

  • Updated the explanations for the fields that are returned by aggregating and non-aggregating queries.
  • Added definitions and examples of new fields that can be created for either query type.
  • Updated the limitations section so it no longer shows that new fields can't be added to a rule's custom highlighted fields.
  • Created a new, short section about adding new fields to a rule's custom highlighted fields.

Twin Serverless PR: https://github.com/elastic/staging-serverless-security-docs/pull/349

This is an automatic backport of pull request #5182 done by Mergify.

@nastasha-solomon @benironside @mergify
[Request][8.14] improved ES|QL investigation (highlighted) fields (#5182
e6fb869 
)

* First draft

* Additional information

* Small edits

* Part of Vitalii's feedback

* Re-orged info

* Re-adding into sen

* Update docs/detections/rules-ui-create.asciidoc

* Update docs/detections/rules-ui-create.asciidoc

* Draft of Vitalii's input

* Update docs/detections/rules-ui-create.asciidoc

* Expanding definition for new fields

* Update docs/detections/rules-ui-create.asciidoc

* Update docs/detections/rules-ui-create.asciidoc

* Update docs/detections/rules-ui-create.asciidoc

Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>

* Update docs/detections/rules-ui-create.asciidoc

Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>

* Update docs/detections/rules-ui-create.asciidoc

Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>

* Update docs/detections/rules-ui-create.asciidoc

Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>

* Update docs/detections/rules-ui-create.asciidoc

* Update docs/detections/rules-ui-create.asciidoc

* Update docs/detections/rules-ui-create.asciidoc

---------

Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>
(cherry picked from commit 9bb14b7)
@mergify mergify bot added the backport label May 20, 2024
@mergify mergify bot requested a review from a team as a code owner May 20, 2024 18:20
@github-actions
Copy link

A documentation preview will be available soon.

Request a new doc build by commenting
  • Rebuild this PR: run docs-build
  • Rebuild this PR and all Elastic docs: run docs-build rebuild

run docs-build is much faster than run docs-build rebuild. A rebuild should only be needed in rare situations.

If your PR continues to fail for an unknown reason, the doc build pipeline may be broken. Elastic employees can check the pipeline status here.

@nastasha-solomon nastasha-solomon merged commit f50bd40 into 8.14 May 20, 2024
@nastasha-solomon nastasha-solomon deleted the mergify/bp/8.14/pr-5182 branch May 20, 2024 21:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nastasha-solomon nastasha-solomon nastasha-solomon approved these changes

Assignees

@nastasha-solomon nastasha-solomon

Labels

backport

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nastasha-solomon