From 8cac7021710c12e66cf7eaa31af3246161423096 Mon Sep 17 00:00:00 2001 From: James Rodewig Date: Wed, 15 Jul 2020 09:53:19 -0400 Subject: [PATCH] [DOCS] Note that EQL timestamp field can also be date_nanos --- docs/reference/eql/requirements.asciidoc | 2 +- docs/reference/eql/search.asciidoc | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/reference/eql/requirements.asciidoc b/docs/reference/eql/requirements.asciidoc index 81ec9cd9fa594..d2b6135aa0c09 100644 --- a/docs/reference/eql/requirements.asciidoc +++ b/docs/reference/eql/requirements.asciidoc @@ -33,7 +33,7 @@ A field containing the event classification, such as `process`, `file`, or Timestamp:: A field containing the date and/or time the event occurred. This is typically -mapped as a <> field. +mapped as a <> or <> field. [NOTE] ==== diff --git a/docs/reference/eql/search.asciidoc b/docs/reference/eql/search.asciidoc index 75117d1bbfe67..44badf3f24c6c 100644 --- a/docs/reference/eql/search.asciidoc +++ b/docs/reference/eql/search.asciidoc @@ -409,8 +409,8 @@ GET /sec_logs/_eql/search [[eql-search-specify-event-category-field]] === Specify an event category field -The EQL search API uses `event.category` as the required -<> by default. You can use the +By default, the EQL search API uses `event.category` as the +<>. You can use the `event_category_field` parameter to specify another event category field. .*Example* @@ -435,9 +435,9 @@ GET /sec_logs/_eql/search [[eql-search-specify-timestamp-field]] === Specify a timestamp field -The EQL search API uses `@timestamp` as the required <> by default. You can use the `timestamp_field` parameter to -specify another timestamp field. +By default, EQL searches use `@timestamp` as the <>. You can use the EQL search API's `timestamp_field` parameter +to specify another timestamp field. .*Example* [%collapsible]