github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-25 10:23:14 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/docs/concepts/esql.asciidoc
amyjtechwriter 2a4a6e890e
[DOCS] ES|QL pages in Kibana guide (#170226) 
## Summary

Two pages about ES|QL added to the Kibana guide. One page (titled ES|QL)
under the 'Kibana concepts' heading, which is an overview page. One page
added to the 'Discover' section (titled Try ES|QL) which is a short
tutorial.

Relates to:
[#244](https://github.com/elastic/platform-docs-team/issues/244)

---------

Co-authored-by: Abdon Pijpelink <abdon.pijpelink@elastic.co>
2023-11-02 13:45:17 +00:00

40 lines
No EOL
2.4 KiB
Text
Raw Permalink Blame History

[[esql]]
=== {esql}
preview::[]
The Elasticsearch Query Language, {esql}, has been created to make exploring your data faster and easier using the **Discover** application. From version 8.11 you can try this new feature, which is enabled by default.
[role="screenshot"]
image:images/esql-data-view-menu.png[An image of the Discover UI where users can access the {esql} feature, width=30%]
This new piped language allows you to chain together multiple commands to query your data. Based on the query, Lens suggestions in Discover create a visualization of the query results.
{esql} comes with its own dedicated {esql} Compute Engine for greater efficiency. From one query you can search, aggregate, calculate and perform data transformations without leaving **Discover**. Write your query directly in **Discover** or use the **Dev Tools** with the {ref}/esql-rest.html[{esql} API].
{esql} also features in-app help, so you can get started faster and don't have to leave the application to check syntax.
[role="screenshot"]
image:images/esql-in-app-help.png[An image of the Discover UI where users can browse the in-app help]
For more detailed information about the {esql} language, refer to {ref}/esql-language.html[Learning {esql}].
[float]
[[esql-observability]]
==== {observability}
{esql} makes it much easier to analyze metrics, logs and traces from a single query. Find performance issues fast by defining fields on the fly, enriching data with lookups, and using simultaneous query processing. Combining {esql} with {ml} and AiOps can improve detection accuracy and use aggregated value thresholds.
[float]
[[esql-security]]
==== Security
Use {esql} to retrieve important information for investigation by using lookups. Enrich data and create new fields on the go to gain valuable insight for faster decision-making and actions. For example, perform a lookup on an IP address to identify its geographical location, its association with known malicious entities, or whether it belongs to a known cloud service provider all from one search bar. {esql} ensures more accurate alerts by incorporating aggregated values in detection rules.
[float]
[[esql-whats-next]]
==== What's next?
Full documentation for this language is available in the {es} documentation, refer to {ref}/esql.html[{esql}].
Alternatively, a short tutorial is available in the **Discover** section <<try-esql, Try {esql}L>>.
Reference in a new issue View git blame Copy permalink