mirror of
https://github.com/elastic/elasticsearch.git
synced 2025-06-29 09:54:06 -04:00
64cc549958
I think it's a bit easier to deal with the files this way. They also make a page per command so it lines up with the files which is nice. Also I moved some of the examples into the docs. They were mostly there already, but I linked them. --------- Co-authored-by: Abdon Pijpelink <abdon.pijpelink@elastic.co>
29 lines
685 B
Text
29 lines
685 B
Text
[[esql-from]]
|
|
=== `FROM`
|
|
|
|
The `FROM` source command returns a table with up to 10,000 documents from a
|
|
data stream, index, or alias. Each row in the resulting table represents a
|
|
document. Each column corresponds to a field, and can be accessed by the name
|
|
of that field.
|
|
|
|
[source,esql]
|
|
----
|
|
FROM employees
|
|
----
|
|
|
|
You can use <<api-date-math-index-names,date math>> to refer to indices, aliases
|
|
and data streams. This can be useful for time series data, for example to access
|
|
today's index:
|
|
|
|
[source,esql]
|
|
----
|
|
FROM <logs-{now/d}>
|
|
----
|
|
|
|
Use comma-separated lists or wildcards to query multiple data streams, indices,
|
|
or aliases:
|
|
|
|
[source,esql]
|
|
----
|
|
FROM employees-00001,employees-*
|
|
----
|