(cherry picked from commit ba65914285)
Co-authored-by: florent-leborgne <florent.leborgne@elastic.co>
Liam Thompson
GitHub
|
|
@ -9,9 +9,9 @@ You can use {esql} in {kib} to query and aggregate your data, create
|
|||
visualizations, and set up alerts.
|
||||
|
||||
This guide shows you how to use {esql} in Kibana. To follow along with the
|
||||
queries, load the "Sample web logs" sample data set by clicking *Try sample
|
||||
data* from the {kib} Home, selecting *Other sample data sets*, and clicking *Add
|
||||
data* on the *Sample web logs* card.
|
||||
queries, load the "Sample web logs" sample data set by selecting **Sample Data**
|
||||
from the **Integrations** page in {kib}, selecting *Other sample data sets*,
|
||||
and clicking *Add data* on the *Sample web logs* card.
|
||||
|
||||
[discrete]
|
||||
[[esql-kibana-enable]]
|
||||
|
|
@ -30,9 +30,7 @@ However, users will be able to access existing {esql} artifacts like saved searc
|
|||
|
||||
// tag::esql-mode[]
|
||||
To get started with {esql} in Discover, open the main menu and select
|
||||
*Discover*. Next, from the Data views menu, select *Language: ES|QL*.
|
||||
|
||||
image::images/esql/esql-data-view-menu.png[align="center",width=33%]
|
||||
*Discover*. Next, select *Try ES|QL* from the application menu bar.
|
||||
// end::esql-mode[]
|
||||
|
||||
[discrete]
|
||||
|
|
@ -54,8 +52,9 @@ A source command can be followed by one or more <<esql-commands,processing
|
|||
commands>>. In this query, the processing command is <<esql-limit>>. `LIMIT`
|
||||
limits the number of rows that are retrieved.
|
||||
|
||||
TIP: Click the help icon (image:images/esql/esql-icon-help.svg[Static,20]) to open the
|
||||
in-product reference documentation for all commands and functions.
|
||||
TIP: Click the **ES|QL help** button to open the
|
||||
in-product reference documentation for all commands and functions or to get
|
||||
recommended queries that will help you get started.
|
||||
|
||||
// tag::autocomplete[]
|
||||
To make it easier to write queries, auto-complete offers suggestions with
|
||||
|
|
@ -76,7 +75,7 @@ FROM kibana_sample_data_logs | LIMIT 10
|
|||
====
|
||||
|
||||
[discrete]
|
||||
==== Expand the query bar
|
||||
==== Make your query readable
|
||||
|
||||
For readability, you can put each processing command on a new line. The
|
||||
following query is identical to the previous one:
|
||||
|
|
@ -87,15 +86,12 @@ FROM kibana_sample_data_logs
|
|||
| LIMIT 10
|
||||
----
|
||||
|
||||
You can do that using the **Add line breaks on pipes** button from the query editor's footer.
|
||||
|
||||
image::https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/bltd5554518309e10f6/672d153cfeb8f9d479ebcc6e/esql-line-breakdown.gif[Automatic line breaks for ES|QL queries]
|
||||
|
||||
// tag::compact[]
|
||||
To make it easier to write multi-line queries, click the double-headed arrow
|
||||
button (image:images/esql/esql-icon-expand-query-bar.svg[]) to expand the query
|
||||
bar:
|
||||
|
||||
image::images/esql/esql-expanded-query-bar.png[align="center"]
|
||||
|
||||
To return to a compact query bar, click the minimize editor button
|
||||
(image:images/esql/esql-icon-minimize-query-bar.svg[]).
|
||||
You can adjust the editor's height by dragging its bottom border to your liking.
|
||||
// end::compact[]
|
||||
|
||||
[discrete]
|
||||
|
|
@ -110,9 +106,7 @@ detailed warning, expand the query bar, and click *warnings*.
|
|||
==== Query history
|
||||
|
||||
You can reuse your recent {esql} queries in the query bar.
|
||||
In the query bar click *Show recent queries*:
|
||||
|
||||
image::images/esql/esql-discover-show-recent-query.png[align="center",size="50%"]
|
||||
In the query bar click *Show recent queries*.
|
||||
|
||||
You can then scroll through your recent queries:
|
||||
|
||||
|
|
@ -220,8 +214,9 @@ FROM kibana_sample_data_logs
|
|||
=== Analyze and visualize data
|
||||
|
||||
Between the query bar and the results table, Discover shows a date histogram
|
||||
visualization. If the indices you're querying do not contain a `@timestamp`
|
||||
field, the histogram is not shown.
|
||||
visualization. By default, if the indices you're querying do not contain a `@timestamp`
|
||||
field, the histogram is not shown. But you can use a custom time field with the `?_tstart`
|
||||
and `?_tend` parameters to enable it.
|
||||
|
||||
The visualization adapts to the query. A query's nature determines the type of
|
||||
visualization. For example, this query aggregates the total number of bytes per
|
||||
|
|
@ -250,7 +245,7 @@ save button (image:images/esql/esql-icon-save-visualization.svg[]). Once saved
|
|||
to a dashboard, you'll be taken to the Dashboards page. You can continue to
|
||||
make changes to the visualization. Click the
|
||||
options button in the top-right (image:images/esql/esql-icon-options.svg[]) and
|
||||
select *Edit ESQL visualization* to open the in-line editor:
|
||||
select *Edit ES|QL visualization* to open the in-line editor:
|
||||
|
||||
image::images/esql/esql-kibana-edit-on-dashboard.png[align="center",width=66%]
|
||||
|
||||
|
|
|
|||
|
Before Width: | Height: | Size: 123 KiB After Width: | Height: | Size: 94 KiB |
|
Before Width: | Height: | Size: 187 KiB After Width: | Height: | Size: 284 KiB |
|
Before Width: | Height: | Size: 75 KiB |
|
Before Width: | Height: | Size: 168 KiB After Width: | Height: | Size: 274 KiB |
|
Before Width: | Height: | Size: 217 KiB After Width: | Height: | Size: 286 KiB |
|
Before Width: | Height: | Size: 234 KiB After Width: | Height: | Size: 159 KiB |
|
Before Width: | Height: | Size: 360 KiB After Width: | Height: | Size: 392 KiB |
|
Before Width: | Height: | Size: 72 KiB After Width: | Height: | Size: 84 KiB |
|
Before Width: | Height: | Size: 348 KiB After Width: | Height: | Size: 438 KiB |