You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# Delete the stream in order to clear old data
DELETE _data_stream/my-event-stream
# Define a template
PUT /_index_template/my-event-stream-template
{
"index_patterns": [
"my-event-stream*"
],
"data_stream": {},
"template": {
},
"priority": 500
}
GET /my-event-stream/_eql/search
{
"query": """
sequence by process.entity_id, process.name
[process where
event.type in ("start", "process_started") and
process.name : "msxsl.exe"]
[network where
event.type == "connection" and
network.direction == "outgoing"
]
"""}