Home Explore Help
Register Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 9beddb18d6
Branches Tags
elasticsearch
/
docs
/
reference
/
esql
/
source-commands
/
from.asciidoc

from.asciidoc 822 B
History Raw

123456789101112131415161718192021222324252627282930313233343536 
  1. [[esql-from]]
    2. 

  2. === `FROM`
    3. 

  3. 

  4. The `FROM` source command returns a table with up to 10,000 documents from a
    5. 

  5. data stream, index, or alias. Each row in the resulting table represents a
    6. 

  6. document. Each column corresponds to a field, and can be accessed by the name
    7. 

  7. of that field.
    8. 

  8. 

  9. [source,esql]
    10. 

  10. ----
    11. 

  11. FROM employees
    12. 

  12. ----
    13. 

  13. 

  14. You can use <<api-date-math-index-names,date math>> to refer to indices, aliases
    15. 

  15. and data streams. This can be useful for time series data, for example to access
    16. 

  16. today's index:
    17. 

  17. 

  18. [source,esql]
    19. 

  19. ----
    20. 

  20. FROM <logs-{now/d}>
    21. 

  21. ----
    22. 

  22. 

  23. Use comma-separated lists or wildcards to query multiple data streams, indices,
    24. 

  24. or aliases:
    25. 

  25. 

  26. [source,esql]
    27. 

  27. ----
    28. 

  28. FROM employees-00001,employees-*
    29. 

  29. ----
    30. 

  30. 

  31. Use the `METADATA` directive to enable <<esql-metadata-fields,metadata fields>>:
    32. 

  32. 

  33. [source,esql]
    34. 

  34. ----
    35. 

  35. FROM employees [METADATA _id]
    36. 

  36. ----
    37.