Tech Topics

Improving Kibana’s Query Language

In 6.0, we introduced a new experimental language for Kibanas query bar. Since then, weve been listening to your feedback and making adjustments. Like all experiments, some things worked and some didnt. Lets walk through whats changing in 6.3, whats new, and where wed like to go next.

Another Origin Story

The first iteration of the Kibana query language was complicated. We wanted to unify the query bar and the filter bar, so the new language needed to support every type of filter available. We also wanted to maintain the ease of use of the current lucene query syntax. We ended up trying to smoosh an advanced functional syntax and a basic query syntax into a single language. This only created confusion for new users who werent sure when to use one syntax or the other.

Simplified Syntax

In 6.3, weve simplified the language significantly. Instead of trying to cram everything into a single box, were focusing solely on ease of use. The functional syntax is gone and the basic syntax has been enhanced. If youre used to the lucene query syntax currently used by default in Kibana, youll feel right at home with this new language. Its largely the same, with only a few adjustments and improvements. For example, the range operators changed slightly and we included scripted field support, carried over from the first iteration of the new language. You can read all about the new syntax in the docs.

So we have a new language that looks almost exactly like the old lucene query language, whats the big deal? Well, the main benefit of building a language just for Kibana is that Kibana understands it. With a language we can parse and introspect, we can build lots of cool features, and weve begun to do just that.


Kibana autocomplete

Thats right, in 6.3 were adding autocomplete to Kibanas query bar. Just start typing and well start giving you suggestions for fields, values (for keyword fields) and query operators. Give your fingers the rest they deserve. Stop trying to remember how to spell every field name. Prefer doing your searches one-handed? Now you can even build queries with your mouse. I wont say much more, youll simply have to try it for yourself. Beware: after trying autocomplete, most people say, Ill never be able to use an older version of Kibana again.

Give it a Spin

Alright, hopefully Ive enticed you to give this thing a try. The Lucene query syntax is still the default language in Kibana since were still experimenting, but opting in to the new language is easier than ever. You no longer have to change anything in Kibanas advanced settings. Instead just click the Options button in the query bar and enable the Turn on query features toggle.

Kibana query enhancement opt in

Once youve had some time to play with Kibanas new language, let us know what you think! Post in our Discuss forums or chat with us on IRC. File bug reports and enhancement requests on our Github repo. Most of the changes weve made since 6.0 are a result of user feedback. We really appreciate it! Autocomplete is just the tip of the iceberg. We have a bunch of other ideas in store for Kibanas new query language. Perhaps that advance language will even make a solo appearance sometime in the future 😎