elasticsearch/docs/reference/esql/index.asciidoc

[[esql]]
= {esql}

:esql-tests: {elasticsearch-root}/x-pack/docs/{lang}/../../plugin/esql/qa
:esql-specs: {esql-tests}/testFixtures/src/main/resources

[partintro]

preview::["Do not use {esql} on production environments. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features."]

The {es} Query Language ({esql}) provides a powerful way to filter, transform,
and analyze data stored in {es}, and in the future in other runtimes. It is
designed to be easy to learn and use, by end users, SRE teams, application
developers, and administrators.

Users can author {esql} queries to find specific events, perform statistical
analysis, and generate visualizations. It supports a wide range of commands and
functions that enable users to perform various data operations, such as
filtering, aggregation, time-series analysis, and more.

The {es} Query Language ({esql}) makes use of "pipes" (|) to manipulate and
transform data in a step-by-step fashion. This approach allows users to compose
a series of operations, where the output of one operation becomes the input for
the next, enabling complex data transformations and analysis.

[discrete]
=== The {esql} Compute Engine

{esql} is more than a language: it represents a significant investment in new
compute capabilities within {es}. To achieve both the functional and performance
requirements for {esql}, it was necessary to build an entirely new compute
architecture. {esql} search, aggregation, and transformation functions are
directly executed within Elasticsearch itself. Query expressions are not
transpiled to Query DSL for execution. This approach allows {esql} to be
extremely performant and versatile.

The new {esql} execution engine was designed with performance in mind — it
operates on blocks at a time instead of per row, targets vectorization and cache
locality, and embraces specialization and multi-threading. It is a separate
component from the existing Elasticsearch aggregation framework with different
performance characteristics.

The {esql} documentation is organized in these sections:

<<esql-getting-started>>::
A tutorial to help you get started with {esql}.

<<esql-language>>::

Reference documentation for the <<esql-syntax,{esql} syntax>>,
<<esql-commands,commands>>, and <<esql-functions-operators,functions and
operators>>. Information about working with <<esql-metadata-fields,metadata
fields>> and <<esql-multivalued-fields,multivalued fields>>. And guidance for
<<esql-process-data-with-dissect-and-grok,data processing with DISSECT and
GROK>> and <<esql-enrich-data,data enrichment with ENRICH>>.

<<esql-using>>::
An overview of using the <<esql-rest>>, <<esql-kibana>>,
<<esql-elastic-security>>, <<esql-cross-clusters>>, and <<esql-task-management>>.

<<esql-limitations>>::
The current limitations of {esql}.

<<esql-examples>>::
A few examples of what you can do with {esql}.

include::esql-get-started.asciidoc[]

include::esql-language.asciidoc[]

include::esql-using.asciidoc[]

include::esql-limitations.asciidoc[]

include::esql-examples.asciidoc[]

:esql-tests!:
:esql-specs!: