github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-06-28 17:34:17 -04:00
Code Issues Projects Releases Packages Wiki Activity
elasticsearch/docs/reference/esql/index.asciidoc
Liam Thompson 9b7e9b5d59
[DOCS] ESQL goes GA (#108342)
2024-05-07 14:12:50 +02:00

76 lines
2.9 KiB
Text
Raw Blame History

[[esql]]
= {esql}
:esql-tests: {elasticsearch-root}/x-pack/docs/{lang}/../../plugin/esql/qa
:esql-specs: {esql-tests}/testFixtures/src/main/resources
[partintro]
The {es} Query Language ({esql}) provides a powerful way to filter, transform,
and analyze data stored in {es}, and in the future in other runtimes. It is
designed to be easy to learn and use, by end users, SRE teams, application
developers, and administrators.
Users can author {esql} queries to find specific events, perform statistical
analysis, and generate visualizations. It supports a wide range of commands and
functions that enable users to perform various data operations, such as
filtering, aggregation, time-series analysis, and more.
The {es} Query Language ({esql}) makes use of "pipes" (|) to manipulate and
transform data in a step-by-step fashion. This approach allows users to compose
a series of operations, where the output of one operation becomes the input for
the next, enabling complex data transformations and analysis.
[discrete]
=== The {esql} Compute Engine
{esql} is more than a language: it represents a significant investment in new
compute capabilities within {es}. To achieve both the functional and performance
requirements for {esql}, it was necessary to build an entirely new compute
architecture. {esql} search, aggregation, and transformation functions are
directly executed within Elasticsearch itself. Query expressions are not
transpiled to Query DSL for execution. This approach allows {esql} to be
extremely performant and versatile.
The new {esql} execution engine was designed with performance in mind — it
operates on blocks at a time instead of per row, targets vectorization and cache
locality, and embraces specialization and multi-threading. It is a separate
component from the existing Elasticsearch aggregation framework with different
performance characteristics.
The {esql} documentation is organized in these sections:
<<esql-getting-started>>::
A tutorial to help you get started with {esql}.
<<esql-language>>::
Reference documentation for the <<esql-syntax,{esql} syntax>>,
<<esql-commands,commands>>, and <<esql-functions-operators,functions and
operators>>. Information about working with <<esql-metadata-fields,metadata
fields>> and <<esql-multivalued-fields,multivalued fields>>. And guidance for
<<esql-process-data-with-dissect-and-grok,data processing with DISSECT and
GROK>> and <<esql-enrich-data,data enrichment with ENRICH>>.
<<esql-using>>::
An overview of using the <<esql-rest>>, <<esql-kibana>>,
<<esql-elastic-security>>, <<esql-cross-clusters>>, and <<esql-task-management>>.
<<esql-limitations>>::
The current limitations of {esql}.
<<esql-examples>>::
A few examples of what you can do with {esql}.
include::esql-get-started.asciidoc[]
include::esql-language.asciidoc[]
include::esql-using.asciidoc[]
include::esql-limitations.asciidoc[]
include::esql-examples.asciidoc[]
:esql-tests!:
:esql-specs!:
Reference in a new issue View git blame Copy permalink