github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-25 02:09:32 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/docs/concepts/esql.asciidoc
Julia Rechkunova 40c90550f1
[Discover] Rename Saved Search to Discover Session (#202217) 
- Closes https://github.com/elastic/kibana/issues/174144

## Summary

This PR renames Saved Search into Discover Session in UI.

- [x] Discover
- [x] Saved Objects page and modal
- [x] Docs
- [x] Other occurrences 

<img width="810" alt="Screenshot 2024-12-16 at 15 20 10"
src="https://github.com/user-attachments/assets/e39083da-f496-4ed5-bbdc-8e184897fc41"
/>
<img width="1220" alt="Screenshot 2024-12-11 at 14 40 15"
src="https://github.com/user-attachments/assets/a6dc3e29-e1a5-4304-8148-0108231cc9de"
/>
<img width="1476" alt="Screenshot 2024-12-16 at 14 57 39"
src="https://github.com/user-attachments/assets/4b34c70e-e21a-4d82-85f2-f5a3cb7a3826"
/>


### Checklist

- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: wajihaparvez <wajiha.parvez@elastic.co>
Co-authored-by: Davis McPhee <davismcphee@hotmail.com>
Co-authored-by: Julia Bardi <90178898+juliaElastic@users.noreply.github.com>
2024-12-18 13:45:32 +01:00

50 lines
No EOL
2.6 KiB
Text
Raw Permalink Blame History

[[esql]]
=== {esql}
The Elasticsearch Query Language, {esql}, makes it faster and easier to explore your data.
{esql} is a piped language which allows you to chain together multiple commands to query your data.
Based on the query, Lens suggestions in Discover create a visualization of the query results.
{esql} comes with its own dedicated {esql} Compute Engine for greater efficiency. With one query you can search, aggregate, calculate and perform data transformations without leaving **Discover**. Write your query directly in **Discover** or use the **Dev Tools** with the {ref}/esql-rest.html[{esql} API].
You can switch to the ES|QL mode of Discover from the application menu bar.
{esql} also features in-app help and suggestions, so you can get started faster and don't have to leave the application to check syntax.
[role="screenshot"]
image:images/esql-in-app-help.png[The ES|QL syntax reference and the autocomplete menu]
You can also use ES|QL queries to create panels on your dashboards, create enrich policies, and create alerting rules.
For more detailed information about {esql} in Kibana, refer to {ref}/esql-kibana.html[Using {esql} in {kib}].
[NOTE]
====
{esql} is enabled by default in {kib}. It can be
disabled using the `enableESQL` setting from the
{kibana-ref}/advanced-options.html[Advanced Settings].
This will hide the {esql} user interface from various applications.
However, users will be able to access existing {esql} artifacts like saved Discover sessions and visualizations.
====
[float]
[[esql-observability]]
==== {observability}
{esql} makes it much easier to analyze metrics, logs and traces from a single query. Find performance issues fast by defining fields on the fly, enriching data with lookups, and using simultaneous query processing. Combining {esql} with {ml} and AiOps can improve detection accuracy and use aggregated value thresholds.
[float]
[[esql-security]]
==== Security
Use {esql} to retrieve important information for investigation by using lookups. Enrich data and create new fields on the go to gain valuable insight for faster decision-making and actions. For example, perform a lookup on an IP address to identify its geographical location, its association with known malicious entities, or whether it belongs to a known cloud service provider all from one search bar. {esql} ensures more accurate alerts by incorporating aggregated values in detection rules.
[float]
[[esql-whats-next]]
==== What's next?
The main documentation for {esql} lives in the {ref}/esql.html[{es} docs].
We also have a short tutorial in the **Discover** docs: <<try-esql,Using {esql}>>.
Reference in a new issue View git blame Copy permalink