github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 01:38:56 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/docs/discover/try-esql.asciidoc
Kibana Machine 4c93ac6d7a
[8.12] [DOCS] Update tech preview to warn against using ES|QL in production (#174109) (#174182) 
# Backport

This will backport the following commits from `main` to `8.12`:
- [[DOCS] Update tech preview to warn against using ES|QL in production
(#174109)](https://github.com/elastic/kibana/pull/174109)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT
[{"author":{"name":"amyjtechwriter","email":"61687663+amyjtechwriter@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-01-03T14:19:18Z","message":"[DOCS]
Update tech preview to warn against using ES|QL in production
(#174109)\n\n## Summary\r\nAdds the sentence \"Do not use ES|QL on
production environments.\" to the\r\nES|QL tech preview banner on
pages:\r\n\r\nhttps://www.elastic.co/guide/en/kibana/current/esql.html\r\nhttps://www.elastic.co/guide/en/kibana/current/try-esql.html\r\n\r\nRelates
to:\r\n[#103797](https://github.com/elastic/elasticsearch/pull/103797)","sha":"e352943ee864df6bd551e4fffb1d5ffb7a7a19ae","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Docs","release_note:skip","docs","v8.12.1","v8.13.0","v8.11.4"],"title":"[DOCS]
Update tech preview to warn against using ES|QL in
production","number":174109,"url":"https://github.com/elastic/kibana/pull/174109","mergeCommit":{"message":"[DOCS]
Update tech preview to warn against using ES|QL in production
(#174109)\n\n## Summary\r\nAdds the sentence \"Do not use ES|QL on
production environments.\" to the\r\nES|QL tech preview banner on
pages:\r\n\r\nhttps://www.elastic.co/guide/en/kibana/current/esql.html\r\nhttps://www.elastic.co/guide/en/kibana/current/try-esql.html\r\n\r\nRelates
to:\r\n[#103797](https://github.com/elastic/elasticsearch/pull/103797)","sha":"e352943ee864df6bd551e4fffb1d5ffb7a7a19ae"}},"sourceBranch":"main","suggestedTargetBranches":["8.12","8.11"],"targetPullRequestStates":[{"branch":"8.12","label":"v8.12.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.13.0","branchLabelMappingKey":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/174109","number":174109,"mergeCommit":{"message":"[DOCS]
Update tech preview to warn against using ES|QL in production
(#174109)\n\n## Summary\r\nAdds the sentence \"Do not use ES|QL on
production environments.\" to the\r\nES|QL tech preview banner on
pages:\r\n\r\nhttps://www.elastic.co/guide/en/kibana/current/esql.html\r\nhttps://www.elastic.co/guide/en/kibana/current/try-esql.html\r\n\r\nRelates
to:\r\n[#103797](https://github.com/elastic/elasticsearch/pull/103797)","sha":"e352943ee864df6bd551e4fffb1d5ffb7a7a19ae"}},{"branch":"8.11","label":"v8.11.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: amyjtechwriter <61687663+amyjtechwriter@users.noreply.github.com>
2024-01-04 01:16:12 +10:30

91 lines
2.7 KiB
Text
Raw Permalink Blame History

[[try-esql]]
== Try {esql}
preview::["Do not use {esql} on production environments. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features."]
The Elasticsearch Query Language, {esql}, makes it easier to explore your data without leaving Discover.
In this tutorial we'll use the {kib} sample web logs in Discover and Lens to explore the data and create visualizations.
[float]
[[prerequisite]]
=== Prerequisite
To be able to select **Try {esql}** from the Data views menu the `discover:enableESQL` setting must be enabled from **Stack Management > Advanced Settings**. It is enabled by default.
[float]
[[tutorial-try-esql]]
=== Trying {esql}
To load the sample data:
. On the home page, click **Try sample data**.
. Click **Other sample data sets**.
. On the Sample web logs card, click **Add data**.
. Open the main menu and select *Discover*.
. From the Data views menu, select *Try {esql}*.
Let's say we want to find out what operating system users have and how much RAM is on their machine.
. Set the time range to **Last 7 days**.
. Expand image:images/expand-icon-2.png[An image of the expand icon] the query bar.
. Put each processing command on a new line for better readability.
. Copy the query below:
+
[source,esql]
----
FROM kibana_sample_data_logs
| KEEP machine.os, machine.ram
----
+
. Click **Update**.
+
[role="screenshot"]
image:images/esql-machine-os-ram.png[An image of the query result]
+
[NOTE]
====
{esql} keywords are not case sensitive.
====
Let's add `geo.dest` to our query, to find out the geographical destination of the visits, and limit the results.
. Copy the query below:
+
[source,esql]
----
FROM kibana_sample_data_logs
| KEEP machine.os, machine.ram, geo.dest
| LIMIT 10
----
+
. Click **Update**.
+
[role="screenshot"]
image:images/esql-limit.png[An image of the extended query result]
Let's sort the data by machine ram and filter out the destination GB.
. Copy the query below:
+
[source,esql]
----
FROM kibana_sample_data_logs
| KEEP machine.os, machine.ram, geo.dest
| SORT machine.ram desc
| WHERE geo.dest != "GB"
| LIMIT 10
----
+
. Click **Update**.
+
[role="screenshot"]
image:images/esql-full-query.png[]
+
. Click **Save** to save the query and visualization to a dashboard.
To make changes to the visualization you can use the visualization drop-down. To make changes to the colors used or the axes, or click the pencil icon. This opens an in-line editor where you can change the colors and axes of the visualization.
To learn more about {esql}, try other tutorials, see more examples and reference material, refer to {ref}/esql.html[{esql}].
Reference in a new issue View git blame Copy permalink