Does watcher support EQL or KQL or eSQL?

Does watcher support EQL or SQL type syntax? it is too complex to understand DSL if someone else have written it in watcher and it recurses on and on :frowning: in DSL

if watcher doesn't support a simplified language, What is the strategy of running searches in scheduled manner in ELK? will this be watcher or any other methods? I can see the new SIEM modules have EQL formatted search, just checking is that kind of functionality available for watcher?

That is not a logstash question. Try moving it to the Elasticsearch forum instead of here.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.