Simplify data investigation: elasticsearch Piped Query Language (ES|QL)

Try our next-generation transformative piped query language and engine — now generally available. It simplifies workflows and advanced searches while accelerating query response for efficient, seamless, and speedy data processing.

Explore ES|QL
Dive into the docs
Video thumbnail

See how ES|QL works. Walk through an investigation and explore how you can improve observability and security workflows for faster, more accurate insights.

Demo ES|QL

Start using ES|QL now for an improved elasticsearch experience — and preview the impact it can make on your team and organization.

Read blog

Learn more about ES|QL's evolution and the benefits for Elastic solutions.

Read blog

Technical features

Transform your workflows with a dynamic piped query engine

Intuitive and easy to use, ES|QL lets you search, aggregate, calculate, transform, and visualize all from one window for improved accuracy, simplified data investigation, and a unified query experience.

  • Faster queries

    With ES|QL, you can execute searches and aggregations in multiple stages concurrently for greater speed and efficiency.

  • Simplified user experience

    Effortlessly add new stages to refine your results, remap files, compute new items, and more. ES|QL's step-by-step refinement approach ensures easy maintenance and query optimization.

  • New search capabilities

    ES|QL delivers new capabilities — like lookup and joins, allowing you to effortlessly search, aggregate, calculate, and perform data transformations with one query.

  • Quicker insights

    Create visualizations, calculations, and aggregations directly from one screen to condense investigation workflows and get answers faster.

  • Accurate alerting

    Enhance detection accuracy with ES|QL. You can review meaningful trends over isolated incidents, reduce false positives, and get more actionable notifications.

  • Do more with less

    Reduce code complexity and minimize computational overhead. With ES|QL, you can eliminate the need for convoluted scripts and redundant queries.

Demo

See ES|QL in action

Watch a demo to see how ES|QL queries work, dive into example commands, functions, and aggregations, see visualizations, explore alerting, and more.

ES|QL for Elastic Observability

Improve your operational efficiency

With ES|QL, you can use a single query to analyze logs, metrics, traces, and profiling data — plus pinpoint performance bottlenecks and systems issues, reducing time to resolution. And when you combine ES|QL with Elastic machine learning and AIOps, you can identify trends, isolate incidents, reduce false positives, and provide more actionable notifications for improved detection accuracy. Observability data can also be enriched with fields at query time, enabling more contextualized analysis.

ES|QL for Elastic Security

Hunt for threats faster and investigate iteratively

Built to meet the security community's needs, ES|QL transforms how analysts detect and pursue threats. It unleashes the power of piped queries at the speed of elasticsearch, enhancing the SIEM, endpoint security, and cloud security capabilities of Elastic Security.

With incredibly fast search — and query output in full sight — analysts can draw closer to their target with each successive pipe.

ES|QL for Elastic Search

Simplify dev, optimize performance

Streamlining coding and querying with ES|QL. Dive deeper into your data, organize with ease, and troubleshoot effectively. With ES|QL's concurrent processing, you achieve swift performance while saving time and cost. It's not just a query language; it's a developer's pipe dream tool.

ES|QL questions? We have answers.

Get answers to your ES|QL questions, and view our demo to see how you can use it to simplify your workflows and accelerate actionable insights.

Is ES|QL currently available?

Yes! ES|QL is generally available and you can try out ES|QL today through our free cloud trial.

How do Elastic customers try out the query engine and language?

ES|QL is available in elasticsearch version 8.11 and newer releases. You can download or try it out in our current cloud trial.

Why should Elastic users upgrade to ES|QL?

ES|QL offers:

Greater query speed
With elasticsearch Query Engine, you can execute searches in multiple stages concurrently for greater speed and efficiency.

Simplified searching with elasticsearch and your data
ES|QL makes ingesting and searching your data easier — regardless of data source, structure, complexity, or volume.

A new transformative search engine
elasticsearch Query Engine delivers new capabilities like lookup. You can use one query search to aggregate, calculate and perform data transformations with ease. In the future, ES|QL will include other features like inline stats and joins.

Faster time to insights
Create visualizations, calculations, and aggregations directly from Kibana Discover to condense investigation workflows in one screen and get answers faster.

Alerting capabilities
With ES|QL, you can set up observability and security alerts with aggregated values as thresholds. Enhance detection accuracy by emphasizing meaningful trends over isolated incidents to reduce false positives and provide more actionable notifications.

How does ES|QL work?

ES|QL is a piped query language that enables the iterative exploration of demands. Review our documentation to see how it works.

Try ES|QL for yourself

Ready to take advantage of the simplicity and speed ES|QL offers? Try it today.

Start your trial