ES|QL
editES|QL
editThe Elasticsearch Query Language (ES|QL) provides a powerful way to filter, transform, and analyze data stored in Elasticsearch, and in the future in other runtimes. It is designed to be easy to learn and use, by end users, SRE teams, application developers, and administrators.
Users can author ES|QL queries to find specific events, perform statistical analysis, and generate visualizations. It supports a wide range of commands and functions that enable users to perform various data operations, such as filtering, aggregation, time-series analysis, and more.
The Elasticsearch Query Language (ES|QL) makes use of "pipes" (|) to manipulate and transform data in a step-by-step fashion. This approach allows users to compose a series of operations, where the output of one operation becomes the input for the next, enabling complex data transformations and analysis.
Documentation organization
editThe ES|QL documentation is organized in these sections:
- Getting started
- A tutorial to help you get started with ES|QL.
- ES|QL reference
-
Reference documentation for the ES|QL syntax:
- Reference for commands, and functions and operators
- How to work with metadata fields and multivalued fields
- How to work with DISSECT and GROK, ENRICH, and LOOKUP join
- Using ES|QL
-
An overview of:
- Limitations
- The current limitations of ES|QL.
- Examples
- A few examples of what you can do with ES|QL.