Search and analyze data

You can use Elasticsearch as a basic document store to retrieve documents and their metadata. However, the real power of Elasticsearch comes from its advanced search and analytics capabilities.

You’ll use a combination of an API endpoint and a query language to interact with your data.

Use REST APIs to manage your Elasticsearch cluster, and to index and search your data. For testing purposes, you can submit requests directly from the command line or through the Dev Tools Console in Kibana. From your applications, you can use a client in your programming language of choice.

Refer to first steps with Elasticsearch for a hands-on example of using the _search endpoint, adding data to Elasticsearch, and running basic searches in Query DSL syntax.

Elasticsearch provides a number of query languages for interacting with your data.

Query DSL is the primary query language for Elasticsearch today.

ES|QL is a new piped query language and compute engine which was first added in version 8.11.

ES|QL does not yet support all the features of Query DSL, like full-text search and semantic search. Look forward to new ES|QL features and functionalities in each release.

Refer to Query languages for a full overview of the query languages available in Elasticsearch.

Query DSL is a full-featured JSON-style query language that enables complex searching, filtering, and aggregations. It is the original and most powerful query language for Elasticsearch today.

The _search endpoint accepts queries written in Query DSL syntax.

Query DSL support a wide range of search techniques, including the following:

Learn about the full range of queries supported by Query DSL.

You can also filter data using Query DSL. Filters enable you to include or exclude documents by retrieving documents that match specific field-level criteria. A query that uses the filter parameter indicates filter context.

Aggregations are the primary tool for analyzing Elasticsearch data using Query DSL. Aggregrations enable you to build complex summaries of your data and gain insight into key metrics, patterns, and trends.

Because aggregations leverage the same data structures used for search, they are also very fast. This enables you to analyze and visualize your data in real time. You can search documents, filter results, and perform analytics at the same time, on the same data, in a single request. That means aggregations are calculated in the context of the search query.

The folowing aggregation types are available:

Run aggregations by specifying the search API's aggs parameter. Learn more in Run an aggregation.

Elasticsearch Query Language (ES|QL) is a piped query language for filtering, transforming, and analyzing data. ES|QL is built on top of a new compute engine, where search, aggregation, and transformation functions are directly executed within Elasticsearch itself. ES|QL syntax can also be used within various Kibana tools.

The _query endpoint accepts queries written in ES|QL syntax.

Today, it supports a subset of the features available in Query DSL, like aggregations, filters, and transformations. It does not yet support full-text search or semantic search.

It comes with a comprehensive set of functions and operators for working with data and has robust integration with Kibana’s Discover, dashboards and visualizations.

Learn more in Getting started with ES|QL, or try our training course.

The following table summarizes all available Elasticsearch query languages, to help you choose the right one for your use case.