[Request][8.14] improved ES|QL investigation (highlighted) fields - Githubissues

elastic / security-docs

Home for Elastic Security Documentation

60 stars 170 forks source link

[Request][8.14] improved ES|QL investigation (highlighted) fields #5182

Closed nastasha-solomon closed 1 week ago

nastasha-solomon commented 3 weeks ago

Contributes to https://github.com/elastic/security-docs/issues/5054

Preview: Made several updates to the Create an ES|QL rule section:

Updated the explanations for the fields that are returned by aggregating and non-aggregating queries.
Added definitions and examples of new fields that can be created for either query type.
Updated the limitations section so it no longer shows that new fields can't be added to a rule's custom highlighted fields.
Created a new, short section about adding new fields to a rule's custom highlighted fields.

Twin Serverless PR: https://github.com/elastic/staging-serverless-security-docs/pull/349

github-actions[bot] commented 3 weeks ago

A documentation preview will be available soon.

🔨 Buildkite builds
📚 HTML diff
📙 Preview page

Request a new doc build by commenting

* Rebuild this PR: `run docs-build` * Rebuild this PR and all Elastic docs: `run docs-build rebuild` _{`run docs-build` is much faster than `run docs-build rebuild`. A `rebuild` should only be needed in rare situations.} _{If your PR continues to fail for an unknown reason, the doc build pipeline may be broken. Elastic employees can check the pipeline status [here](https://buildkite.com/elastic/docs-build).}