62 lines
1.2 KiB
Plaintext
62 lines
1.2 KiB
Plaintext
[discrete]
|
|
[[esql-where]]
|
|
=== `WHERE`
|
|
|
|
**Syntax**
|
|
|
|
[source,esql]
|
|
----
|
|
WHERE expression
|
|
----
|
|
|
|
*Parameters*
|
|
|
|
`expression`::
|
|
A boolean expression.
|
|
|
|
*Description*
|
|
|
|
The `WHERE` processing command produces a table that contains all the rows from
|
|
the input table for which the provided condition evaluates to `true`.
|
|
|
|
*Examples*
|
|
|
|
[source,esql]
|
|
----
|
|
include::{esql-specs}/docs.csv-spec[tag=where]
|
|
----
|
|
|
|
Which, if `still_hired` is a boolean field, can be simplified to:
|
|
|
|
[source,esql]
|
|
----
|
|
include::{esql-specs}/docs.csv-spec[tag=whereBoolean]
|
|
----
|
|
|
|
Use date math to retrieve data from a specific time range. For example, to
|
|
retrieve the last hour of logs:
|
|
|
|
[source,esql]
|
|
----
|
|
include::{esql-specs}/date.csv-spec[tag=docsNowWhere]
|
|
----
|
|
|
|
`WHERE` supports various <<esql-functions,functions>>. For example the
|
|
<<esql-length>> function:
|
|
|
|
[source,esql]
|
|
----
|
|
include::{esql-specs}/docs.csv-spec[tag=whereFunction]
|
|
----
|
|
|
|
For a complete list of all functions, refer to <<esql-functions>>.
|
|
|
|
include::../functions/predicates.asciidoc[tag=body]
|
|
|
|
include::../functions/like.asciidoc[tag=body]
|
|
|
|
include::../functions/rlike.asciidoc[tag=body]
|
|
|
|
include::../functions/in.asciidoc[tag=body]
|
|
|
|
For a complete list of all operators, refer to <<esql-operators>>. |