_Released 2019-07-24_
Added
* Badges to README (PyPi, Twitter, ReadTheDocs, Gitter)
* Multiple values within `arrayContains()` function
* `arrayCount` function for counting the number of matches in an array
* Interactive shell with tables
* Validation system that matches types across schema and comparisons
* `SignatureMixin` class used to validate input and output arguments to functions, and pipes
* Better error messages with multiple carets
* Base class for all EQL errors
* Test data, queries, and the expected output for unit tests
* Signature base class
* Helper `Walker` classes with better methods and context for AST traversal
* `ParserConfig` class with context manager that toggles thread-specific parser settings
* Additional imports to the root `eql` module
* Autogenerated parser with `make parser` included in python module
* `is_stateful` function to `eql.utils` to determine if a parsed query is stateful
* `match_kv` function to `eql.utils` to autogenerate an AST from a dictionary of fields -> value(s)
Changed
* Rearranged imports, `eql.engines.native` is now `eql.engine`
* Using walker methods instead of NodeMethods to integrate with engine
* Moved function call evaluation to custom classes in `eql.functions`
* Moved highlighter from sphinx document generation to `eql.highlighters`
* Moved PipeCommand subclasses to `eql.pipes`
* Exception class names to all have **Eql** prefix
* Moved unit tests to `eql.tests` module and rearranged test
* Implementation of `by` for sequences, joins and pipes to perform case-insensitive checks
Fixed
* Bug where wildcards were only matched on the first line of text in a field
Removed
* Default EQL schema. Now accepts all input and event types by default