ES|QL query APIedit

Returns search results for an ES|QL (Elasticsearch query language) query.

POST /_query
  "query": """
    FROM library
    | EVAL year = DATE_TRUNC(1 YEARS, release_date)
    | STATS MAX(page_count) BY year
    | SORT year
    | LIMIT 5


POST _query


  • If the Elasticsearch security features are enabled, you must have the read index privilege for the data stream, index, or alias you search.

Query parametersedit

(Optional, string) Separator for CSV results. Defaults to ,. The API only supports this parameter for CSV responses.
(Optional, boolean) Should columns that are entirely null be removed from the columns and values portion of the results? Defaults to false. If true the the response will include an extra section under the name all_columns which has the name of all columns.

(Optional, string) Format for the response. For valid values, refer to Response formats.

You can also specify a format using the Accept HTTP header. If you specify both this parameter and the Accept HTTP header, this parameter takes precedence.

Request bodyedit

(Optional, Boolean) If true, returns results in a columnar format. Defaults to false. The API only supports this parameter for CBOR, JSON, SMILE, and YAML responses. See Columnar results.
(Optional, string) Returns results (especially dates) formatted per the conventions of the locale. For syntax, refer to Returning localized results.
(Optional, array) Values for parameters in the query. For syntax, refer to Passing parameters to a query.
(Required, string) ES|QL query to run. For syntax, refer to Syntax reference.

Response bodyedit

(array of objects) Column name and type for each column returned in values. Each object is a single column.
(array of objects) Column name and type for each queried column. Each object is a single column. This is only returned if drop_null_columns is sent with the request.
(array of arrays) Values for the search results.