2023-10-17 23:36:14 +08:00
|
|
|
[[esql-query-api]]
|
2024-01-09 17:17:02 +08:00
|
|
|
=== {esql} query API
|
2023-10-17 23:36:14 +08:00
|
|
|
++++
|
|
|
|
|
<titleabbrev>{esql} query API</titleabbrev>
|
|
|
|
|
++++
|
|
|
|
|
|
|
|
|
|
Returns search results for an <<esql,ES|QL ({es} query language)>> query.
|
|
|
|
|
|
2023-10-23 22:45:42 +08:00
|
|
|
[source,console]
|
|
|
|
|
----
|
|
|
|
|
POST /_query
|
|
|
|
|
{
|
|
|
|
|
"query": """
|
|
|
|
|
FROM library
|
|
|
|
|
| EVAL year = DATE_TRUNC(1 YEARS, release_date)
|
|
|
|
|
| STATS MAX(page_count) BY year
|
|
|
|
|
| SORT year
|
|
|
|
|
| LIMIT 5
|
2024-05-23 22:36:15 +08:00
|
|
|
"""
|
2023-10-23 22:45:42 +08:00
|
|
|
}
|
|
|
|
|
----
|
|
|
|
|
// TEST[setup:library]
|
2023-10-17 23:36:14 +08:00
|
|
|
|
|
|
|
|
[discrete]
|
|
|
|
|
[[esql-query-api-request]]
|
2024-01-09 17:17:02 +08:00
|
|
|
==== {api-request-title}
|
2023-10-17 23:36:14 +08:00
|
|
|
|
|
|
|
|
`POST _query`
|
|
|
|
|
|
|
|
|
|
[discrete]
|
|
|
|
|
[[esql-query-api-prereqs]]
|
2024-01-09 17:17:02 +08:00
|
|
|
==== {api-prereq-title}
|
2023-10-17 23:36:14 +08:00
|
|
|
|
|
|
|
|
* If the {es} {security-features} are enabled, you must have the `read`
|
|
|
|
|
<<privileges-list-indices,index privilege>> for the data stream, index,
|
|
|
|
|
or alias you search.
|
|
|
|
|
|
|
|
|
|
[discrete]
|
|
|
|
|
[[esql-query-api-query-params]]
|
2024-01-09 17:17:02 +08:00
|
|
|
==== {api-query-parms-title}
|
2023-10-17 23:36:14 +08:00
|
|
|
|
|
|
|
|
`delimiter`::
|
|
|
|
|
(Optional, string) Separator for CSV results. Defaults to `,`. The API only
|
|
|
|
|
supports this parameter for CSV responses.
|
|
|
|
|
|
2024-01-17 22:06:19 +08:00
|
|
|
`drop_null_columns`::
|
|
|
|
|
(Optional, boolean) Should columns that are entirely `null` be removed from
|
|
|
|
|
the `columns` and `values` portion of the results? Defaults to `false`. If
|
2024-11-01 02:14:58 +08:00
|
|
|
`true` the response will include an extra section under the name
|
2024-01-17 22:06:19 +08:00
|
|
|
`all_columns` which has the name of all columns.
|
|
|
|
|
|
2023-10-17 23:36:14 +08:00
|
|
|
`format`::
|
|
|
|
|
(Optional, string) Format for the response. For valid values, refer to
|
|
|
|
|
<<esql-rest-format>>.
|
|
|
|
|
+
|
|
|
|
|
You can also specify a format using the `Accept` HTTP header. If you specify
|
|
|
|
|
both this parameter and the `Accept` HTTP header, this parameter takes
|
|
|
|
|
precedence.
|
|
|
|
|
|
|
|
|
|
[discrete]
|
|
|
|
|
[role="child_attributes"]
|
|
|
|
|
[[esql-query-api-request-body]]
|
2024-01-09 17:17:02 +08:00
|
|
|
==== {api-request-body-title}
|
2023-10-17 23:36:14 +08:00
|
|
|
|
|
|
|
|
`columnar`::
|
|
|
|
|
(Optional, Boolean) If `true`, returns results in a columnar format. Defaults to
|
|
|
|
|
`false`. The API only supports this parameter for CBOR, JSON, SMILE, and YAML
|
|
|
|
|
responses. See <<esql-rest-columnar>>.
|
|
|
|
|
|
2024-10-12 03:03:26 +08:00
|
|
|
`include_ccs_metadata`::
|
|
|
|
|
(Optional, boolean) If `true`, cross-cluster searches will include metadata about the query
|
|
|
|
|
on each cluster. Defaults to `false`. The API only supports this parameter for CBOR, JSON, SMILE,
|
|
|
|
|
and YAML responses. See <<ccq-cluster-details>>.
|
|
|
|
|
|
2024-02-06 17:36:51 +08:00
|
|
|
`locale`::
|
|
|
|
|
(Optional, string) Returns results (especially dates) formatted per the conventions of the locale.
|
|
|
|
|
For syntax, refer to <<esql-locale-param>>.
|
|
|
|
|
|
2023-10-17 23:36:14 +08:00
|
|
|
`params`::
|
|
|
|
|
(Optional, array) Values for parameters in the `query`. For syntax, refer to
|
|
|
|
|
<<esql-rest-params>>.
|
|
|
|
|
|
2024-07-11 20:20:31 +08:00
|
|
|
`profile`::
|
|
|
|
|
(Optional, boolean) If provided and `true` the response will include an extra `profile` object
|
|
|
|
|
with information about how the query was executed. It provides insight into the performance
|
|
|
|
|
of each part of the query. This is for human debugging as the object's format might change at any time.
|
2024-10-03 22:37:34 +08:00
|
|
|
Think of this like https://www.postgresql.org/docs/current/sql-explain.html[EXPLAIN ANALYZE] or
|
2024-10-03 23:30:03 +08:00
|
|
|
https://en.wikipedia.org/wiki/Query_plan[EXPLAIN PLAN].
|
2024-07-11 20:20:31 +08:00
|
|
|
|
2023-10-17 23:36:14 +08:00
|
|
|
`query`::
|
2024-04-15 22:50:00 +08:00
|
|
|
(Required, string) {esql} query to run. For syntax, refer to <<esql-syntax>>.
|
|
|
|
|
|
2024-10-12 03:03:26 +08:00
|
|
|
|
ESQL: Implement LOOKUP, an "inline" enrich (#107987)
This adds support for `LOOKUP`, a command that implements a sort of
inline `ENRICH`, using data that is passed in the request:
```
$ curl -uelastic:password -HContent-Type:application/json -XPOST \
'localhost:9200/_query?error_trace&pretty&format=txt' \
-d'{
"query": "ROW a=1::LONG | LOOKUP t ON a",
"tables": {
"t": {
"a:long": [ 1, 4, 2],
"v1:integer": [ 10, 11, 12],
"v2:keyword": ["cat", "dog", "wow"]
}
},
"version": "2024.04.01"
}'
v1 | v2 | a
---------------+---------------+---------------
10 |cat |1
```
This required these PRs: * #107624 * #107634 * #107701 * #107762 *
#107923 * #107894 * #107982 * #108012 * #108020 * #108169 * #108191 *
#108334 * #108482 * #108696 * #109040 * #109045
Closes #107306
2024-06-07 09:38:51 +08:00
|
|
|
ifeval::["{release-state}"=="unreleased"]
|
2024-11-20 09:52:24 +08:00
|
|
|
//`table`::
|
|
|
|
|
//(Optional, object) Named "table" parameters that can be referenced by the <<esql-lookup>> command.
|
ESQL: Implement LOOKUP, an "inline" enrich (#107987)
This adds support for `LOOKUP`, a command that implements a sort of
inline `ENRICH`, using data that is passed in the request:
```
$ curl -uelastic:password -HContent-Type:application/json -XPOST \
'localhost:9200/_query?error_trace&pretty&format=txt' \
-d'{
"query": "ROW a=1::LONG | LOOKUP t ON a",
"tables": {
"t": {
"a:long": [ 1, 4, 2],
"v1:integer": [ 10, 11, 12],
"v2:keyword": ["cat", "dog", "wow"]
}
},
"version": "2024.04.01"
}'
v1 | v2 | a
---------------+---------------+---------------
10 |cat |1
```
This required these PRs: * #107624 * #107634 * #107701 * #107762 *
#107923 * #107894 * #107982 * #108012 * #108020 * #108169 * #108191 *
#108334 * #108482 * #108696 * #109040 * #109045
Closes #107306
2024-06-07 09:38:51 +08:00
|
|
|
endif::[]
|
|
|
|
|
|
2023-10-17 23:36:14 +08:00
|
|
|
[discrete]
|
|
|
|
|
[role="child_attributes"]
|
|
|
|
|
[[esql-query-api-response-body]]
|
2024-01-09 17:17:02 +08:00
|
|
|
==== {api-response-body-title}
|
2023-10-17 23:36:14 +08:00
|
|
|
|
|
|
|
|
`columns`::
|
|
|
|
|
(array of objects)
|
2024-01-17 22:06:19 +08:00
|
|
|
Column `name` and `type` for each column returned in `values`. Each object is a single column.
|
|
|
|
|
|
|
|
|
|
`all_columns`::
|
|
|
|
|
(array of objects)
|
|
|
|
|
Column `name` and `type` for each queried column. Each object is a single column. This is only
|
|
|
|
|
returned if `drop_null_columns` is sent with the request.
|
2023-10-17 23:36:14 +08:00
|
|
|
|
2024-08-14 22:26:54 +08:00
|
|
|
`values`::
|
2023-10-17 23:36:14 +08:00
|
|
|
(array of arrays)
|
|
|
|
|
Values for the search results.
|
2024-07-11 20:20:31 +08:00
|
|
|
|
2024-10-12 03:03:26 +08:00
|
|
|
`_clusters`::
|
|
|
|
|
(object)
|
|
|
|
|
Metadata about clusters involved in the execution of a cross-cluster query. Only returned (1) for
|
|
|
|
|
cross-cluster searches and (2) when `include_ccs_metadata` is sent in the body and set to `true`
|
|
|
|
|
and (3) when `format` of the response is set to JSON (the default), CBOR, SMILE, or YAML.
|
|
|
|
|
See <<ccq-cluster-details>> for more information.
|
|
|
|
|
|
2024-07-11 20:20:31 +08:00
|
|
|
`profile`::
|
|
|
|
|
(object)
|
|
|
|
|
Profile describing the execution of the query. Only returned if `profile` was sent in the body.
|
2024-10-03 22:37:34 +08:00
|
|
|
The object itself is for human debugging and can change at any time. Think of this like
|
|
|
|
|
https://www.postgresql.org/docs/current/sql-explain.html[EXPLAIN ANALYZE] or
|
2024-10-03 23:30:03 +08:00
|
|
|
https://en.wikipedia.org/wiki/Query_plan[EXPLAIN PLAN].
|
