OpenSearch icon indicating copy to clipboard operation
OpenSearch copied to clipboard

Published 20 hours ago • verified publisher icon opensearch-project

Event Query Language (EQL) for Opensearch

Open saeed-mcu opened this issue 1 year ago • 3 comments

Event Query Language (EQL) is a query language for event-based time series data, such as logs, metrics, and traces. Is there any way , I can use EQL in opensearch for searching logs ?

Something like EQL search in ElasticSearch. It is very useful for security analytics and Correlation rule.

saeed-mcu avatar Nov 10 '23 14:11 saeed-mcu

@opensearch-project/plugins , can you transfer the issue to core for further discussion

praveensameneni avatar Apr 03 '24 07:04 praveensameneni

Can someone from @opensearch-project/sql team add your comments?

bbarani avatar Apr 03 '24 17:04 bbarani

[Triage - attendees 1 2 3 4] @saeed-mcu Thanks for filing. We do not support Event Query Language today. However, have you looked at the features offered by the https://github.com/opensearch-project/security-analytics plugin? Also the https://github.com/opensearch-project/sql plugin offers additional query options that may be useful here as well.

andrross avatar May 08 '24 16:05 andrross