mirror of
https://github.com/elastic/kibana.git
synced 2025-04-23 01:13:23 -04:00
4c93ac6d7a
# Backport This will backport the following commits from `main` to `8.12`: - [[DOCS] Update tech preview to warn against using ES|QL in production (#174109)](https://github.com/elastic/kibana/pull/174109) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"amyjtechwriter","email":"61687663+amyjtechwriter@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-01-03T14:19:18Z","message":"[DOCS] Update tech preview to warn against using ES|QL in production (#174109)\n\n## Summary\r\nAdds the sentence \"Do not use ES|QL on production environments.\" to the\r\nES|QL tech preview banner on pages:\r\n\r\nhttps://www.elastic.co/guide/en/kibana/current/esql.html\r\nhttps://www.elastic.co/guide/en/kibana/current/try-esql.html\r\n\r\nRelates to:\r\n[#103797](https://github.com/elastic/elasticsearch/pull/103797)","sha":"e352943ee864df6bd551e4fffb1d5ffb7a7a19ae","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Docs","release_note:skip","docs","v8.12.1","v8.13.0","v8.11.4"],"title":"[DOCS] Update tech preview to warn against using ES|QL in production","number":174109,"url":"https://github.com/elastic/kibana/pull/174109","mergeCommit":{"message":"[DOCS] Update tech preview to warn against using ES|QL in production (#174109)\n\n## Summary\r\nAdds the sentence \"Do not use ES|QL on production environments.\" to the\r\nES|QL tech preview banner on pages:\r\n\r\nhttps://www.elastic.co/guide/en/kibana/current/esql.html\r\nhttps://www.elastic.co/guide/en/kibana/current/try-esql.html\r\n\r\nRelates to:\r\n[#103797](https://github.com/elastic/elasticsearch/pull/103797)","sha":"e352943ee864df6bd551e4fffb1d5ffb7a7a19ae"}},"sourceBranch":"main","suggestedTargetBranches":["8.12","8.11"],"targetPullRequestStates":[{"branch":"8.12","label":"v8.12.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.13.0","branchLabelMappingKey":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/174109","number":174109,"mergeCommit":{"message":"[DOCS] Update tech preview to warn against using ES|QL in production (#174109)\n\n## Summary\r\nAdds the sentence \"Do not use ES|QL on production environments.\" to the\r\nES|QL tech preview banner on pages:\r\n\r\nhttps://www.elastic.co/guide/en/kibana/current/esql.html\r\nhttps://www.elastic.co/guide/en/kibana/current/try-esql.html\r\n\r\nRelates to:\r\n[#103797](https://github.com/elastic/elasticsearch/pull/103797)","sha":"e352943ee864df6bd551e4fffb1d5ffb7a7a19ae"}},{"branch":"8.11","label":"v8.11.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: amyjtechwriter <61687663+amyjtechwriter@users.noreply.github.com>
40 lines
No EOL
2.6 KiB
Text
40 lines
No EOL
2.6 KiB
Text
[[esql]]
|
|
=== {esql}
|
|
|
|
preview::["Do not use {esql} on production environments. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features."]
|
|
|
|
The Elasticsearch Query Language, {esql}, has been created to make exploring your data faster and easier using the **Discover** application. From version 8.11 you can try this new feature, which is enabled by default.
|
|
|
|
[role="screenshot"]
|
|
image:images/esql-data-view-menu.png[An image of the Discover UI where users can access the {esql} feature, width=30%]
|
|
|
|
This new piped language allows you to chain together multiple commands to query your data. Based on the query, Lens suggestions in Discover create a visualization of the query results.
|
|
|
|
{esql} comes with its own dedicated {esql} Compute Engine for greater efficiency. From one query you can search, aggregate, calculate and perform data transformations without leaving **Discover**. Write your query directly in **Discover** or use the **Dev Tools** with the {ref}/esql-rest.html[{esql} API].
|
|
|
|
{esql} also features in-app help, so you can get started faster and don't have to leave the application to check syntax.
|
|
|
|
[role="screenshot"]
|
|
image:images/esql-in-app-help.png[An image of the Discover UI where users can browse the in-app help]
|
|
|
|
For more detailed information about the {esql} language, refer to {ref}/esql-language.html[Learning {esql}].
|
|
|
|
[float]
|
|
[[esql-observability]]
|
|
==== {observability}
|
|
|
|
{esql} makes it much easier to analyze metrics, logs and traces from a single query. Find performance issues fast by defining fields on the fly, enriching data with lookups, and using simultaneous query processing. Combining {esql} with {ml} and AiOps can improve detection accuracy and use aggregated value thresholds.
|
|
|
|
[float]
|
|
[[esql-security]]
|
|
==== Security
|
|
|
|
Use {esql} to retrieve important information for investigation by using lookups. Enrich data and create new fields on the go to gain valuable insight for faster decision-making and actions. For example, perform a lookup on an IP address to identify its geographical location, its association with known malicious entities, or whether it belongs to a known cloud service provider all from one search bar. {esql} ensures more accurate alerts by incorporating aggregated values in detection rules.
|
|
|
|
[float]
|
|
[[esql-whats-next]]
|
|
==== What's next?
|
|
|
|
Full documentation for this language is available in the {es} documentation, refer to {ref}/esql.html[{esql}].
|
|
|
|
Alternatively, a short tutorial is available in the **Discover** section <<try-esql, Try {esql}L>>. |