Query languages
Elastic Stack Serverless
Elasticsearch provides a number of query languages for interacting with your data.
| Name | Description | Use cases | API endpoint |
|---|---|---|---|
| Query DSL | The primary query language for Elasticsearch. A powerful and flexible JSON-style language that enables complex queries. | Full-text search, semantic search, keyword search, filtering, aggregations, and more. | _search |
| ES|QL | Introduced in 8.11, the Elasticsearch Query Language (ES|QL) is a piped query language language for filtering, transforming, and analyzing data. | Initially tailored towards working with time series data like logs and metrics.Robust integration with Kibana for querying, visualizing, and analyzing data.Does not yet support full-text search. | _query |
| EQL | Event Query Language (EQL) is a query language for event-based time series data. Data must contain the @timestamp field to use EQL. |
Designed for the threat hunting security use case. | _eql |
| Elasticsearch SQL | Allows native, real-time SQL-like querying against Elasticsearch data. JDBC and ODBC drivers are available for integration with business intelligence (BI) tools. | Enables users familiar with SQL to query Elasticsearch data using familiar syntax for BI and reporting. | _sql |
| Kibana Query Language (KQL) | Kibana Query Language (KQL) is a text-based query language for filtering data when you access it through the Kibana UI. | Use KQL to filter documents where a value for a field exists, matches a given value, or is within a given range. | N/A |
ES|QL does not yet support all the features of Query DSL. Look forward to new ES|QL features and functionalities in each release.