Run an ES|QL query
Get search results for an ES|QL (Elasticsearch query language) query.
Query parameters
-
format string
A short version of the Accept header, e.g. json, yaml.
Values are
csv
,json
,tsv
,txt
,yaml
,cbor
,smile
, orarrow
. -
delimiter string
The character to use between values within a CSV row. Only valid for the CSV format.
-
drop_null_columns boolean
Should columns that are entirely
null
be removed from thecolumns
andvalues
portion of the results? Defaults tofalse
. Iftrue
then the response will include an extra section under the nameall_columns
which has the name of all columns.
Body Required
-
columnar boolean
By default, ES|QL returns results as rows. For example, FROM returns each individual document as one row. For the JSON, YAML, CBOR and smile formats, ES|QL can return the results in a columnar fashion where one row represents all the values of a certain column in the results.
-
filter object
Additional properties are allowed.
-
locale string
-
params array[number | string | boolean | null | object]
To avoid any attempts of hacking or code injection, extract the values in a separate list of parameters. Use question mark placeholders (?) in the query string for each of the parameters.
A field value.
One of: Additional properties are allowed.
-
profile boolean
If provided and
true
the response will include an extraprofile
object with information on how the query was executed. This information is for human debugging and its format can change at any time but it can give some insight into the performance of each part of the query. -
The ES|QL query API accepts an ES|QL query string in the query parameter, runs it, and returns the results.
-
tables object
Tables to use with the LOOKUP operation. The top level key is the table name and the next level key is the column name.
curl \
-X POST http://api.example.com/_query \
-H "Content-Type: application/json" \
-d '"{\n \"query\": \"\"\"\n FROM library\n | EVAL year = DATE_TRUNC(1 YEARS, release_date)\n | STATS MAX(page_count) BY year\n | SORT year\n | LIMIT 5\n \"\"\"\n}"'
{
"query": """
FROM library
| EVAL year = DATE_TRUNC(1 YEARS, release_date)
| STATS MAX(page_count) BY year
| SORT year
| LIMIT 5
"""
}
{}