ES|QL SET directive

The SET directive can be used to specify query settings that modify the behavior of an ES|QL query.

Syntax

SET setting_name = setting_value[, ..., settingN = valueN]; <query>
		

Multiple SET directives can be included in a single query, separated by semicolons. If the same setting is defined multiple times, the last definition takes precedence.

Allowed settings

Enables query approximation if possible for the query. A boolean value false (default) disables query approximation and true enables it with default settings. Map values enable query approximation with custom settings.

Type: boolean map_param

Map entries: - rows ([integer]): Number of sampled rows used for approximating the query. Must be at least 10,000. Null uses the system default.

• confidence_level ([double]): Confidence level of the computed confidence intervals. Default is 0.90. Null disables computing confidence intervals.

Approximate the sum using default settings.

SET approximation=true;
FROM many_numbers | STATS sum=SUM(sv)
		

Approximate the median based on 10,000 rows.

SET approximation={"rows":10000};
FROM many_numbers | STATS median=MEDIAN(sv)
		

The default timezone to be used in the query. Defaults to UTC, and overrides the time_zone request parameter. See timezones.

Type: keyword

SET time_zone = "+05:00";
TS k8s
| WHERE @timestamp == "2024-05-10T00:04:49.000Z"
| STATS by @timestamp, bucket = TBUCKET(3 hours)
| SORT @timestamp
| LIMIT 2
		

Defines how unmapped fields are treated. Possible values are:

• DEFAULT (default) - standard ESQL queries fail when referencing unmapped fields, while other query types (e.g. PromQL) may treat them differently;
• NULLIFY - treats unmapped fields as null values.
• LOAD - attempts to load the fields from the source.

Type: keyword

Make the field null if it is unmapped.

SET unmapped_fields="nullify";
FROM employees
| KEEP emp_*, foo
| SORT emp_no
| LIMIT 1