Skip to content

Commit

Permalink
Modifies description of
Browse files Browse the repository at this point in the history
  • Loading branch information
natasha-moore-elastic committed Sep 27, 2023
1 parent 007543c commit a0f021c
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
6 changes: 3 additions & 3 deletions docs/detections/api/rules/rules-api-create.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -255,7 +255,7 @@ uses both `and` and `or` logic.
|==============================================
|Name |Type |Description

|new_terms_fields |String[] |Fields to monitor for new values. Must contain 1–3 field names.
|new_terms_fields |String[] |Fields to monitor for new values. Must contain 1 field name.

|history_window_start |String |Start date to use when checking if a term has been seen before.
Supports relative dates – for example, `now-30d` will search the last 30 days of data when checking if a term
Expand Down Expand Up @@ -833,7 +833,7 @@ POST api/detection_engine/rules
"type": "new_terms",
"language": "kuery",
"query": "*",
"new_terms_fields": ["user.id", "source.ip"],
"new_terms_fields": ["user.id"],
"history_window_start": "now-30d",
"index": ["auditbeat*"]
}
Expand Down Expand Up @@ -1196,7 +1196,7 @@ Example response for a new terms rule:
],
"query": "*",
"language": "kuery",
"new_terms_fields": ["user.id", "source.ip"],
"new_terms_fields": ["user.id"],
"history_window_start": "now-30d",
"related_integrations": [], <1>
"required_fields": [], <1>
Expand Down
2 changes: 1 addition & 1 deletion docs/detections/api/rules/rules-api-update.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -173,7 +173,7 @@ uses both `and` and `or` logic.
|==============================================
|Name |Type |Description

|new_terms_fields |String[] |Fields to monitor for new values. Must contain 1–3 field names.
|new_terms_fields |String[] |Fields to monitor for new values. Must contain 1 field name.

|history_window_start |String |Start date to use when checking if a term has been seen before.
Supports relative dates – for example, `now-30d` will search the last 30 days of data when checking if a term
Expand Down

0 comments on commit a0f021c

Please sign in to comment.