elasticsearch/docs/reference/esql/index.asciidoc

[[esql]]
= {esql}

:esql-tests: {elasticsearch-root}/x-pack/docs/{lang}/../../plugin/esql/qa
:esql-specs: {esql-tests}/testFixtures/src/main/resources

[partintro]

The {es} Query Language ({esql}) provides a powerful way to filter, transform,
and analyze data stored in {es}, and in the future in other runtimes. It is
designed to be easy to learn and use, by end users, SRE teams, application
developers, and administrators.

Users can author {esql} queries to find specific events, perform statistical
analysis, and generate visualizations. It supports a wide range of commands and
functions that enable users to perform various data operations, such as
filtering, aggregation, time-series analysis, and more.

The {es} Query Language ({esql}) makes use of "pipes" (|) to manipulate and
transform data in a step-by-step fashion. This approach allows users to compose
a series of operations, where the output of one operation becomes the input for
the next, enabling complex data transformations and analysis.

[discrete]
=== Documentation organization

The {esql} documentation is organized in these sections:

<<esql-getting-started>>::
A tutorial to help you get started with {esql}.

<<esql-language>>::

Reference documentation for the <<esql-syntax,{esql} syntax>>:

* Reference for <<esql-commands,commands>>, and <<esql-functions-operators,functions and
operators>>
* How to work with <<esql-metadata-fields,metadata
fields>> and <<esql-multivalued-fields,multivalued fields>>
* How to work with
<<esql-process-data-with-dissect-and-grok,DISSECT and
GROK>>, <<esql-enrich-data,ENRICH>>, and <<esql-lookup-join,LOOKUP join>>

<<esql-using>>::
An overview of:
* <<esql-rest,Using the {esql} rest API>>
* <<esql-for-search>>
* <<esql-kibana>>
* <<esql-elastic-security>>
* <<esql-cross-clusters>>
* <<esql-task-management>>

<<esql-limitations>>::
The current limitations of {esql}.

<<esql-examples>>::
A few examples of what you can do with {esql}.



include::esql-get-started.asciidoc[]

include::esql-language.asciidoc[]

include::esql-using.asciidoc[]

include::esql-limitations.asciidoc[]

include::esql-examples.asciidoc[]

:esql-tests!:
:esql-specs!:

[discrete]
=== The {esql} Compute Engine

{esql} is more than a language: it represents a significant investment in new
compute capabilities within {es}. To achieve both the functional and performance
requirements for {esql}, it was necessary to build an entirely new compute
architecture. {esql} search, aggregation, and transformation functions are
directly executed within Elasticsearch itself. Query expressions are not
transpiled to Query DSL for execution. This approach allows {esql} to be
extremely performant and versatile.

The new {esql} execution engine was designed with performance in mind — it
operates on blocks at a time instead of per row, targets vectorization and cache
locality, and embraces specialization and multi-threading. It is a separate
component from the existing Elasticsearch aggregation framework with different
performance characteristics.