ES|QL

edit

Do not use ES|QL on production environments. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.

The Elasticsearch Query Language, ES|QL, has been created to make exploring your data faster and easier using the Discover application. From version 8.11 you can try this new feature, which is enabled by default.

An image of the Discover UI where users can access the ES|QL feature

This new piped language allows you to chain together multiple commands to query your data. Based on the query, Lens suggestions in Discover create a visualization of the query results.

ES|QL comes with its own dedicated ES|QL Compute Engine for greater efficiency. From one query you can search, aggregate, calculate and perform data transformations without leaving Discover. Write your query directly in Discover or use the Dev Tools with the ES|QL API.

ES|QL also features in-app help, so you can get started faster and don’t have to leave the application to check syntax.

An image of the Discover UI where users can browse the in-app help

For more detailed information about the ES|QL language, refer to Learning ES|QL.

Observability

edit

ES|QL makes it much easier to analyze metrics, logs and traces from a single query. Find performance issues fast by defining fields on the fly, enriching data with lookups, and using simultaneous query processing. Combining ES|QL with machine learning and AiOps can improve detection accuracy and use aggregated value thresholds.

Security

edit

Use ES|QL to retrieve important information for investigation by using lookups. Enrich data and create new fields on the go to gain valuable insight for faster decision-making and actions. For example, perform a lookup on an IP address to identify its geographical location, its association with known malicious entities, or whether it belongs to a known cloud service provider all from one search bar. ES|QL ensures more accurate alerts by incorporating aggregated values in detection rules.

What’s next?

edit

Full documentation for this language is available in the Elasticsearch documentation, refer to ES|QL.

Alternatively, a short tutorial is available in the Discover section Try ES|QLL.