From 1d53fefa6ab7cca393db7e10770f8409c8932837 Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Wed, 10 Jan 2024 16:28:14 -0500 Subject: [PATCH] [8.11] [Request] [8.11.4 & 8.12][ESS] Document feature flag for the ES|QL Timeline tab (backport #4552) (#4590) * First draft * Small edit * Small edits * Update docs/events/timeline-ui-overview.asciidoc * Update docs/events/timeline-ui-overview.asciidoc * Update docs/events/timeline-ui-overview.asciidoc (cherry picked from commit 10b4fbab425f1705bd3c3b25ae84327e7e3126e3) Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> --- docs/events/timeline-ui-overview.asciidoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/events/timeline-ui-overview.asciidoc b/docs/events/timeline-ui-overview.asciidoc index 3acf3fc745..8a21211cf1 100644 --- a/docs/events/timeline-ui-overview.asciidoc +++ b/docs/events/timeline-ui-overview.asciidoc @@ -185,6 +185,8 @@ From the *Correlation* tab, you can also do the following: preview::["Do not use {esql} on production environments. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features."] +NOTE: The {esql} tab is available by default. Since it's in technical preview, you can remove it by editing your {cloud}/ec-manage-kibana-settings.html#ec-manage-kibana-settings[{kib} user settings] and adding the `xpack.securitySolution.enableExperimental: ["timelineEsqlTabDisabled"]` feature flag. + The {ref}/esql.html[Elasticsearch Query Language ({esql})] provides a powerful way to filter, transform, and analyze event data stored in {es}. {esql} queries use "pipes" to manipulate and transform data in a step-by-step fashion. This approach allows you to compose a series of operations, where the output of one operation becomes the input for the next, enabling complex data transformations and analysis. You can use {esql} in Timeline by opening the **{esql}** tab. From there, you can: