Skip to content

[DOCS] EQL: Remove support for single quote strings #62479

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Sep 17, 2020
Merged

[DOCS] EQL: Remove support for single quote strings #62479

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 21 additions & 6 deletions docs/reference/eql/syntax.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -250,14 +250,15 @@ process where ( 4.0 / process.args_count ) == 1
[[eql-syntax-strings]]
==== Strings

Strings are enclosed with double quotes (`"`) or single quotes (`'`).
Strings are enclosed with double quotes (`"`).

[source,eql]
----
"hello world"
"hello world with 'substring'"
----

Strings enclosed in single quotes (`'`) are not supported.

[discrete]
[[eql-syntax-wildcards]]
===== Wildcards
Expand Down Expand Up @@ -315,10 +316,13 @@ double quote (`"`), must be escaped with a preceding backslash (`\`).
|`\t` | A tab character
|`\\` | A backslash (`\`) character
|`\"` | A double quote (`"`) character
|`\'` | A single quote (`'`) character
|====
====

IMPORTANT: The single quote (`'`) character is reserved for future use. You
cannot use an escaped single quote (`\'`) for literal strings. Use an escaped
double quote (`\"`) instead.

[discrete]
[[eql-syntax-raw-strings]]
===== Raw strings
Expand All @@ -328,11 +332,11 @@ literal characters.

[source,eql]
----
?"String with a literal 'blackslash' \ character included"
?"String with a literal blackslash \ character included"
----

You can escape single quotes (`'`) and double quotes (`"`) with a backslash, but
the backslash remains in the resulting string.
You can escape double quotes (`"`) with a backslash, but the backslash remains
in the resulting string.

[source,eql]
----
Expand Down Expand Up @@ -670,6 +674,17 @@ You cannot use EQL to search the values of a <<nested,`nested`>> field or the
sub-fields of a `nested` field. However, data streams and indices containing
`nested` field mappings are otherwise supported.

[discrete]
[[single-quote-strings]]
==== Single quote strings

In {es} EQL, the single quote (`'`) character is reserved for future use.
Strings enclosed in single quotes are not supported. Enclose strings in
double quotes (`"`) instead.

You cannot use an escaped single quote (`\'`) for literal strings. Use an
escaped double quote (`\"`) instead.

[discrete]
[[eql-unsupported-syntax]]
==== Unsupported syntax
Expand Down