mirror of
https://github.com/elastic/elasticsearch.git
synced 2025-04-25 15:47:23 -04:00
1256a49c3a
This copies the first line of the description of each command to just under the syntax so that it's "in order", before the `Parameters` section. That way if you are reading from top to bottom you see: ``` syntax short description parameter names and descriptions long description examples ``` I've also removed the `Description` section entirely if the description was just one sentence. So in some cases that just isn't `long description`.
60 lines
1.2 KiB
Text
60 lines
1.2 KiB
Text
[discrete]
|
|
[[esql-where]]
|
|
=== `WHERE`
|
|
|
|
The `WHERE` processing command produces a table that contains all the rows from
|
|
the input table for which the provided condition evaluates to `true`.
|
|
|
|
**Syntax**
|
|
|
|
[source,esql]
|
|
----
|
|
WHERE expression
|
|
----
|
|
|
|
*Parameters*
|
|
|
|
`expression`::
|
|
A boolean expression.
|
|
|
|
*Examples*
|
|
|
|
[source,esql]
|
|
----
|
|
include::{esql-specs}/docs.csv-spec[tag=where]
|
|
----
|
|
|
|
Which, if `still_hired` is a boolean field, can be simplified to:
|
|
|
|
[source,esql]
|
|
----
|
|
include::{esql-specs}/docs.csv-spec[tag=whereBoolean]
|
|
----
|
|
|
|
Use date math to retrieve data from a specific time range. For example, to
|
|
retrieve the last hour of logs:
|
|
|
|
[source,esql]
|
|
----
|
|
include::{esql-specs}/date.csv-spec[tag=docsNowWhere]
|
|
----
|
|
|
|
`WHERE` supports various <<esql-functions,functions>>. For example the
|
|
<<esql-length>> function:
|
|
|
|
[source,esql]
|
|
----
|
|
include::{esql-specs}/docs.csv-spec[tag=whereFunction]
|
|
----
|
|
|
|
For a complete list of all functions, refer to <<esql-functions>>.
|
|
|
|
include::../functions/predicates.asciidoc[tag=body]
|
|
|
|
include::../functions/like.asciidoc[tag=body]
|
|
|
|
include::../functions/rlike.asciidoc[tag=body]
|
|
|
|
include::../functions/in.asciidoc[tag=body]
|
|
|
|
For a complete list of all operators, refer to <<esql-operators>>.
|