Skip to content
Permalink
Browse files

Remove _type from docs

  • Loading branch information...
pwnbus committed May 2, 2019
1 parent 44b30dc commit 036ad5b6c12f09d69cc837607c78d8c897e961b5
Showing with 6 additions and 10 deletions.
  1. +1 −1 docs/source/mozdef_util/match_query_classes.rst
  2. +5 −9 docs/source/mozdef_util/search.rst
@@ -80,7 +80,7 @@ Used to apply specific "matchers" to a query. This will unlikely be used outside
ExistsMatch('details.ip')
]
must_not = [
TermMatch('_type', 'alert')
TermMatch('type', 'alert')
]
BooleanMatch(must=must, should=[], must_not=must_not)
@@ -50,8 +50,7 @@ Example simple result:
'category': 'excategory',
'summary': 'Test Summary',
'type': 'event'
},
'_type': 'doc'
}
}
],
'meta': {'timed_out': False}
@@ -68,7 +67,7 @@ Aggregate search
search_query = SearchQuery(hours=24)
search_query.add_must(TermMatch('category', 'brointel'))
search_query.add_aggregation(Aggregation('type'))
search_query.add_aggregation(Aggregation('source'))
results = search_query.execute(es_client)
AggregatedResults
@@ -119,8 +118,7 @@ When you perform an aggregated search (Ex: give me a count of all different ip a
'ip': '1.2.3.4',
'summary': 'Test Summary',
'type': 'event'
},
'_type': 'doc'
}
},
{
'_id': u'F1dLS66DR_W3v7ZWlX4Jwg',
@@ -133,8 +131,7 @@ When you perform an aggregated search (Ex: give me a count of all different ip a
'ip': '1.2.3.4',
'summary': 'Test Summary',
'type': 'event'
},
'_type': 'doc'
}
},
{
'_id': u'G1nGdxqoT6eXkL5KIjLecA',
@@ -147,8 +144,7 @@ When you perform an aggregated search (Ex: give me a count of all different ip a
'ip': '127.0.0.1',
'summary': 'Test Summary',
'type': 'event'
},
'_type': 'doc'
}
}
],
'meta': {

0 comments on commit 036ad5b

Please sign in to comment.
You can’t perform that action at this time.