Hi Team,
Can you please share when should we use the lucene query, KQL, DSL and EQL query types. For rules creation is it best to use the lucene query or KQL query?
Thank you
1 Like
Hi.
KQL and Lucene query are end-user facing syntaxes designed for fast data entry by mostly unsophisticated users. They expose a subset of the engine’s matching features and if users don’t add appropriate brackets can produce logic they didn’t expect.
DSL is a more formal JSON based syntax which can control the full range of features but is only authored by technical users.
So the answer to your question is largely dependent on who is authoring the rules.
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.