From 99b5a469e26b46a278750a682ca6b92911bad744 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Mon, 11 Sep 2023 14:48:40 -0400 Subject: [PATCH] [API docs] Expands on docs for finding exception containers (#3456) Co-authored-by: Joe Peeples (cherry picked from commit 71e018d07290317140da1656ca895adfceb99cb1) --- .../api-find-exception-containers.asciidoc | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/docs/detections/api/exceptions/api-find-exception-containers.asciidoc b/docs/detections/api/exceptions/api-find-exception-containers.asciidoc index a0b6e8dfd5..da709a6805 100644 --- a/docs/detections/api/exceptions/api-find-exception-containers.asciidoc +++ b/docs/detections/api/exceptions/api-find-exception-containers.asciidoc @@ -34,15 +34,22 @@ See {ref}/search-request-body.html#request-body-search-search-after[Search After associated with a {kib} space or available in all spaces (`agnostic` or `single`). -|`filter` |String a|Filters the returned results according to the value of the -specified field, using the `:` syntax, where -`` can be: +|`filter` |String a|Filters the returned results according to the value of the specified field. + +Uses the `so type.field name:field value` syntax, where `so type` can be: + +* `exception-list`: Specify a space-aware exception list. +* `exception-list-agnostic`: Specify an exception list that is shared across spaces. + +And `field name` can be: * `name` * `type` * `created_by` * `updated_by` +|`search` |String a|Filters the returned results according to the {ref}/query-dsl-simple-query-string-query.html#simple-query-string-syntax[simple query] filter. + |============================================== ===== Example request