X-Pack ships with a script to run the SQL CLI in its bin directory:

$ ./bin/x-pack/sql-cli

The jar containing the SQL CLI is a stand alone Java application and the scripts just launch it. You can move it around to other machines without having to install Elasticsearch or X-Pack on them.

You can pass the URL of the Elasticsearch instance to connect to as the first parameter:

$ ./bin/x-pack/sql-cli https://some.server:9200

Once the CLI is running you can use any query that Elasticsearch supports:

sql> SELECT * FROM library WHERE page_count > 500 ORDER BY page_count DESC;
     author      |        name        |  page_count   | release_date
Peter F. Hamilton|Pandora's Star      |768            |1078185600000
Vernor Vinge     |A Fire Upon the Deep|613            |707356800000
Frank Herbert    |Dune                |604            |-144720000000
Alastair Reynolds|Revelation Space    |585            |953078400000
James S.A. Corey |Leviathan Wakes     |561            |1306972800000

If you are using Security you need to add a few permissions to users so they can run SQL. To run SQL using the CLI a user needs read, indices:admin/get, and cluster:monitor/main. The following example configures a role that can run SQL in the CLI for the test and bort indices:

    - "cluster:monitor/main"
    - names: test
      privileges: [read, "indices:admin/get"]
    - names: bort
      privileges: [read, "indices:admin/get"]