Simplify data investigation: Elasticsearch Piped Query Language (ES|QL)
Try our next-generation transformative piped query language and engine — currently in tech preview. It simplifies workflows and advanced searches while accelerating query response for efficient, seamless, and speedy data processing.
See how ES|QL works. Walk through an investigation and explore how you can improve observability and security workflows for faster, more accurate insights.
Demo ES|QLStart using ES|QL now for an improved Elasticsearch experience — and preview the impact it can make on your team and organization.
Read blogLearn more about ES|QL's evolution and the benefits for Elastic solutions.
Read blogTechnical features
Transform your workflows with a dynamic piped query engine
Intuitive and easy to use, ES|QL lets you search, aggregate, calculate, transform, and visualize all from one window for improved accuracy, simplified data investigation, and a unified query experience.
"ES|QL is going to change everything, and we've been looking forward to it for many years. Once released, it will be our primary query expression language."
Amreth Chandrasehar, director of ML engineering, observability, and site reliability engineering, Informatica
Demo
See ES|QL in action
Watch a demo to see how ES|QL queries work, dive into example commands, functions, and aggregations, see visualizations, explore alerting, and more.
ES|QL for Elastic Observability
Improve your operational efficiency
With ES|QL, you can use a single query to analyze logs, metrics, traces, and profiling data — plus pinpoint performance bottlenecks and systems issues, reducing time to resolution. And when you combine ES|QL with Elastic machine learning and AIOps, you can identify trends, isolate incidents, reduce false positives, and provide more actionable notifications for improved detection accuracy. Observability data can also be enriched with fields at query time, enabling more contextualized analysis.
ES|QL for Elastic Security
Hunt for threats faster and investigate iteratively
Built to meet the security community's needs, ES|QL transforms how analysts detect and pursue threats. It unleashes the power of piped queries at the speed of Elasticsearch, enhancing the SIEM, endpoint security, and cloud security capabilities of Elastic Security.
With incredibly fast search — and query output in full sight — analysts can draw closer to their target with each successive pipe.
ES|QL for Elastic Search
Simplify dev, optimize performance
Streamlining coding and querying with ES|QL. Dive deeper into your data, organize with ease, and troubleshoot effectively. With ES|QL's concurrent processing, you achieve swift performance while saving time and cost. It's not just a query language; it's a developer's pipe dream tool.
ES|QL questions? We have answers.
Get answers to your ES|QL questions, and view our demo to see how you can use it to simplify your workflows and accelerate actionable insights.
Is ES|QL currently available?
You can try out ES|QL today through our free cloud trial. It will be generally available in 2024.
How do Elastic customers try out the query engine and language?
ES|QL is available in tech preview in Elasticsearch version 8.11. You can download or try it out in our current cloud trial.
Why should Elastic users upgrade to ES|QL?
ES|QL offers:
Greater query speed
With Elasticsearch Query Engine, you can execute searches in multiple stages concurrently for greater speed and efficiency.
Simplified searching with Elasticsearch and your data
ES|QL makes ingesting and searching your data easier — regardless of data source, structure, complexity, or volume.
A new transformative search engine
Elasticsearch Query Engine delivers new capabilities like lookup. You can use one query search to aggregate, calculate and perform data transformations with ease. In the future, ES|QL will include other features like inline stats and joins.
Faster time to insights
Create visualizations, calculations, and aggregations directly from Kibana Discover to condense investigation workflows in one screen and get answers faster.
Alerting capabilities
With ES|QL, you can set up observability and security alerts with aggregated values as thresholds. Enhance detection accuracy by emphasizing meaningful trends over isolated incidents to reduce false positives and provide more actionable notifications.
How does ES|QL work?
ES|QL is a piped query language that enables the iterative exploration of demands. Review our documentation to see how it works.
