github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-06-30 10:23:41 -04:00
Code Issues Projects Releases Packages Wiki Activity
elasticsearch/docs/reference/esql/processing-commands/enrich.asciidoc
Luigi Dell'Aquila 79596cc05c Add docs for ENRICH command (ESQL-1313) 
Co-authored-by: Abdon Pijpelink <abdon.pijpelink@elastic.co>
2023-06-23 12:13:06 +02:00

60 lines
2 KiB
Text
Raw Blame History

[[esql-enrich]]
=== `ENRICH`
You can use `ENRICH` to add data from your existing indices to incoming records.
It's similar to <<ingest-enriching-data, ingest enrich>>, but it works at query time.
[source.merge.styled,esql]
----
include::{esql-specs}/docs-ignoreCsvTests.csv-spec[tag=enrich]
----
[%header.monospaced.styled,format=dsv,separator=|]
|===
include::{esql-specs}/docs-ignoreCsvTests.csv-spec[tag=enrich-result]
|===
`ENRICH` requires an <<enrich-policy,enrich policy>> to be executed.
The enrich policy defines a match field (a key field) and a set of enrich fields.
`ENRICH` will look for records in the <<enrich-index,enrich index>> based on the match field value.
The matching key in the input dataset can be defined using `ON <field-name>`; if it's not specified,
the match will be performed on a field with the same name as the match field defined in the <<enrich-policy,enrich policy>>.
[source.merge.styled,esql]
----
include::{esql-specs}/docs-ignoreCsvTests.csv-spec[tag=enrich_on]
----
[%header.monospaced.styled,format=dsv,separator=|]
|===
include::{esql-specs}/docs-ignoreCsvTests.csv-spec[tag=enrich_on-result]
|===
You can specify which attributes (between those defined as enrich fields in the policy) have to be added to the result,
using `WITH <field1>, <field2>...` syntax.
[source.merge.styled,esql]
----
include::{esql-specs}/docs-ignoreCsvTests.csv-spec[tag=enrich_with]
----
[%header.monospaced.styled,format=dsv,separator=|]
|===
include::{esql-specs}/docs-ignoreCsvTests.csv-spec[tag=enrich_with-result]
|===
Attributes can also be renamed using `WITH new_name=<field1>`
[source.merge.styled,esql]
----
include::{esql-specs}/docs-ignoreCsvTests.csv-spec[tag=enrich_rename]
----
[%header.monospaced.styled,format=dsv,separator=|]
|===
include::{esql-specs}/docs-ignoreCsvTests.csv-spec[tag=enrich_rename-result]
|===
By default (if no `WITH` is defined), `ENRICH` will add all the enrich fields defined in the <<enrich-policy,enrich policy>>
to the result.
In case of name collisions, the newly created fields will override the existing fields.
Reference in a new issue View git blame Copy permalink