Using ES|QL in Elastic Securityedit
You can use ES|QL in Elastic Security to investigate events in Timeline and create detection rules. Use the Elastic AI Assistant to build ES|QL queries, or answer questions about the ES|QL query language.
Use ES|QL to investigate events in Timelineedit
You can use ES|QL in Timeline to filter, transform, and analyze event data stored in Elasticsearch. To start using ES|QL, open the ES|QL tab. To learn more, refer to Investigate events in Timeline.
Use ES|QL to create detection rulesedit
Use the ES|QL rule type to create detection rules using ES|QL queries. The ES|QL rule type supports aggregating and non-aggregating queries. To learn more, refer to Create an ES|QL rule.
Elastic AI Assistantedit
Use the Elastic AI Assistant to build ES|QL queries, or answer questions about the ES|QL query language. To learn more, refer to AI Assistant.
For AI Assistant to answer questions about ES|QL and write ES|QL queries, you need to enable knowledge base.