mirror of
https://github.com/elastic/elasticsearch.git
synced 2025-04-26 08:07:27 -04:00
87 lines
2.2 KiB
Text
87 lines
2.2 KiB
Text
[discrete]
|
|
[[esql-where]]
|
|
=== `WHERE`
|
|
|
|
The `WHERE` processing command produces a table that contains all the rows from
|
|
the input table for which the provided condition evaluates to `true`.
|
|
|
|
[TIP]
|
|
====
|
|
In case of value exclusions, fields with `null` values will be excluded from search results.
|
|
In this context a `null` means either there is an explicit `null` value in the document or there is no value at all.
|
|
For example: `WHERE field != "value"` will be interpreted as `WHERE field != "value" AND field IS NOT NULL`.
|
|
====
|
|
|
|
**Syntax**
|
|
|
|
[source,esql]
|
|
----
|
|
WHERE expression
|
|
----
|
|
|
|
*Parameters*
|
|
|
|
`expression`::
|
|
A boolean expression.
|
|
|
|
*Examples*
|
|
|
|
[source,esql]
|
|
----
|
|
include::{esql-specs}/docs.csv-spec[tag=where]
|
|
----
|
|
|
|
Which, if `still_hired` is a boolean field, can be simplified to:
|
|
|
|
[source,esql]
|
|
----
|
|
include::{esql-specs}/docs.csv-spec[tag=whereBoolean]
|
|
----
|
|
|
|
Use date math to retrieve data from a specific time range. For example, to
|
|
retrieve the last hour of logs:
|
|
|
|
[source,esql]
|
|
----
|
|
include::{esql-specs}/date.csv-spec[tag=docsNowWhere]
|
|
----
|
|
|
|
`WHERE` supports various <<esql-functions,functions>>. For example the
|
|
<<esql-length>> function:
|
|
|
|
[source,esql]
|
|
----
|
|
include::{esql-specs}/docs.csv-spec[tag=whereFunction]
|
|
----
|
|
|
|
For a complete list of all functions, refer to <<esql-functions>>.
|
|
|
|
include::../functions/predicates.asciidoc[tag=body]
|
|
|
|
For matching text, you can use <<esql-search-functions,full text search functions>> like `MATCH`.
|
|
|
|
Use <<esql-match,`MATCH`>> to perform a <<query-dsl-match-query,match query>> on a specified field.
|
|
|
|
Match can be used on text fields, as well as other field types like boolean, dates, and numeric types.
|
|
|
|
[source.merge.styled,esql]
|
|
----
|
|
include::{esql-specs}/match-function.csv-spec[tag=match-with-field]
|
|
----
|
|
[%header.monospaced.styled,format=dsv,separator=|]
|
|
|===
|
|
include::{esql-specs}/match-function.csv-spec[tag=match-with-field-result]
|
|
|===
|
|
|
|
[TIP]
|
|
====
|
|
You can also use the shorthand <<esql-search-operators,match operator>> `:` instead of `MATCH`.
|
|
====
|
|
|
|
include::../functions/like.asciidoc[tag=body]
|
|
|
|
include::../functions/rlike.asciidoc[tag=body]
|
|
|
|
include::../functions/in.asciidoc[tag=body]
|
|
|
|
For a complete list of all operators, refer to <<esql-operators>>.
|