Index patternsedit

Elasticsearch SQL supports two types of patterns for matching multiple indices or tables:

  • Elasticsearch multi-index

The Elasticsearch notation for enumerating, including or excluding multi index syntax is supported as long as it is quoted or escaped as a table identifier.

For example:

SHOW TABLES "*,-l*";

     name      |     type
---------------+---------------
emp            |BASE TABLE
employees      |ALIAS

Notice the pattern is surrounded by double quotes ". It enumerated * meaning all indices however it excludes (due to -) all indices that start with l. This notation is very convenient and powerful as it allows both inclusion and exclusion, depending on the target naming convention.

  • SQL LIKE notation

The common LIKE statement (including escaping if needed) to match a wildcard pattern, based on one _ or multiple % characters.

Using SHOW TABLES command again:

SHOW TABLES LIKE 'emp%';

     name      |     type
---------------+---------------
emp            |BASE TABLE
employees      |ALIAS

The pattern matches all tables that start with emp.

This command supports escaping as well, for example:

SHOW TABLES LIKE 'emp!%' ESCAPE '!';

     name      |     type
---------------+---------------

Notice how now emp% does not match any tables because %, which means match zero or more characters, has been escaped by ! and thus becomes an regular char. And since there is no table named emp%, an empty table is returned.

In a nutshell, the differences between the two type of patterns are:

Feature Multi index SQL LIKE

Type of quoting

"

'

Inclusion

Yes

Yes

Exclusion

Yes

No

Enumeration

Yes

No

One char pattern

No

_

Multi char pattern

*

%

Escaping

No

ESCAPE

Which one to use, is up to you however try to stick to the same one across your queries for consistency.

Note

As the query type of quoting between the two patterns is fairly similar (" vs '), Elasticsearch SQL always requires the keyword LIKE for SQL LIKE pattern.