This documentation contains work-in-progress information for future Elastic Stack and Cloud releases. Use the version selector to view supported release docs. It also contains some Elastic Cloud serverless information. Check out our serverless docs for more details.
« Using ES|QL in Kibana Using ES|QL to query multiple indices »
Elastic Docs Elasticsearch Guide [8.x] ES|QL Using ES|QL

Using ES|QL in Elastic Security

edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.

Using ES|QL in Elastic Security

edit

You can use ES|QL in Elastic Security to investigate events in Timeline and create detection rules. Use the Elastic AI Assistant to build ES|QL queries, or answer questions about the ES|QL query language.

Use ES|QL to investigate events in Timeline

edit

You can use ES|QL in Timeline to filter, transform, and analyze event data stored in Elasticsearch. To start using ES|QL, open the ES|QL tab. To learn more, refer to Investigate events in Timeline.

Use ES|QL to create detection rules

edit

Use the ES|QL rule type to create detection rules using ES|QL queries. The ES|QL rule type supports aggregating and non-aggregating queries. To learn more, refer to Create an ES|QL rule.

Elastic AI Assistant

edit

Use the Elastic AI Assistant to build ES|QL queries, or answer questions about the ES|QL query language. To learn more, refer to AI Assistant.

« Using ES|QL in Kibana Using ES|QL to query multiple indices »