Elastic
Loading

Querying and filtering

Elastic Stack Serverless

You can use Elasticsearch as a basic document store to retrieve documents and their metadata. However, the real power of Elasticsearch comes from its advanced search and analytics capabilities.

  • Elasticsearch makes JSON documents searchable and aggregatable. The documents are stored in an index or data stream, which represent one type of data.
  • Searchable means that you can filter the documents for conditions. For example, you can filter for data "within the last 7 days" or data that "contains the word Kibana". Kibana provides many ways for you to construct filters, which are also called queries or search terms.
  • Aggregatable means that you can extract summaries from matching documents. The simplest aggregation is count, and it is frequently used in combination with the date histogram, to see count over time. The terms aggregation shows the most frequent values.

You’ll use a combination of an API endpoint and a query language to interact with your data.

  • Elasticsearch provides a number of query languages. From Query DSL to the newest ES|QL, find the one that's most appropriate for you.

  • You can call Elasticsearch's REST APIs by submitting requests directly from the command line or through the Dev Tools Console in Kibana. From your applications, you can use a client in your programming language of choice.

  • A number of tools are available for you to save, debug, and optimize your queries.

If you're just getting started with Elasticsearch, try the hands-on API quickstart to learn how to add data and run basic searches using Query DSL and the _search endpoint.

When querying your data in Kibana, additional options let you filter the results to just the subset you need. Some of these options are common to most Elastic apps. Check Filtering in Kibana for more details on how to recognize and use them in the UI.