Skip to content

Update ESQL for Search landing page, tutorial for 9.1 #1797

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 14 commits into from
Jul 7, 2025
Merged

Update ESQL for Search landing page, tutorial for 9.1 #1797

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
6847a34
Update ESQL for Search landing page, tutorial for 9.1
leemthompo Jun 19, 2025
ac59284
use present tense
leemthompo Jun 19, 2025
eae2ac8
fix on-page links
leemthompo Jun 20, 2025
fc82eb1
Update applies_to
leemthompo Jun 24, 2025
48ad356
Merge branch 'main' into leemthompo/esql-search-9.1
leemthompo Jun 27, 2025
d79f882
Updates per Carlos review
leemthompo Jul 2, 2025
1664d4c
restore explicit id
leemthompo Jul 2, 2025
444ea92
ok fine whatever docs-builder you got me
leemthompo Jul 2, 2025
82b9ff7
Merge branch 'main' into leemthompo/esql-search-9.1
leemthompo Jul 7, 2025
6b51b3d
Use variable, incorporate Bogi's suggestion
leemthompo Jul 7, 2025
824d8fa
fix urls
leemthompo Jul 7, 2025
8a4af09
should have gone back to bed
leemthompo Jul 7, 2025
8afd0f6
🫠
leemthompo Jul 7, 2025
7a6335c
Merge branch 'main' into leemthompo/esql-search-9.1
leemthompo Jul 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
164 changes: 57 additions & 107 deletions solutions/search/esql-for-search.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,162 +16,112 @@ products:
This page provides an overview of how to use {{esql}} for search use cases.

::::{tip}
Prefer to get started with a hands-on tutorial? Check out [Search and filter with {{esql}}](esql-search-tutorial.md).
For a hands-on tutorial check out [Search and filter with {{esql}}](esql-search-tutorial.md).
::::

## {{esql}} search quick reference

## Overview
The following table summarizes the key search features available in [{{esql}}](/explore-analyze/query-filter/languages/esql.md) and when they were introduced, organized chronologically by release.

The following table summarizes the key search features available in [{{esql}}](/explore-analyze/query-filter/languages/esql.md) and when they were introduced.
| Feature | Description | Available since |
|---------|-------------|----------------|
| [Match function/operator](#match-function-and-operator) | Perform basic text searches with `MATCH` function or match operator (`:`) | 8.17 |
| [Query string function](#query-string-qstr-function) | Execute complex queries with `QSTR` using Query String syntax | 8.17 |
| [Relevance scoring](#esql-for-search-scoring) | Calculate and sort by relevance with `METADATA _score` | 8.18/9.0 |
| [Semantic search](#semantic-search) | Perform semantic searches on `semantic_text` field types | 8.18/9.0 |
| [Hybrid search](#hybrid-search) | Combine lexical and semantic search approaches with custom weights | 8.18/9.0 |
| [Kibana Query Language](#kql-function) | Use Kibana Query Language with the `KQL` function | 8.18/9.0 |
| [Match phrase function](#match_phrase-function) | Perform phrase matching with `MATCH_PHRASE` function | 8.19/9.1 |

| Feature | Available since | Description |
|---------|----------------|-------------|
| [Full text search functions](elasticsearch://reference/query-languages/esql/functions-operators/search-functions.md) | 8.17 | Perform basic text searches with `MATCH` function or match operator (`:`) |
| [Query string function](#esql-for-search-query-string) | 8.17 | Execute complex queries with `QSTR` using Query String syntax |
| [Relevance scoring](#esql-for-search-scoring) | 8.18/9.0 | Calculate and sort by relevance with `METADATA _score` |
| Enhanced match options | 8.18/9.0 | Configure text searches with additional parameters for the `MATCH` function |
| [Kibana Query Language](#esql-for-search-kql) | 8.18/9.0 | Use Kibana Query Language with the `KQL` function |
| [Semantic search](#esql-for-search-semantic) | 8.18/9.0 | Perform semantic searches on `semantic_text` field types |
| [Hybrid search](#esql-for-search-hybrid) | 8.18/9.0 | Combine lexical and semantic search approaches with custom weights |
## How search works in {{esql}}

## Filtering vs. searching [esql-filtering-vs-searching]
{{esql}} provides two distinct approaches for finding documents: filtering and searching. Understanding the difference is crucial for building effective queries and choosing the right approach for your use case.

{{esql}} can be used for both simple filtering and relevance-based searching:
**Filtering** removes documents that don't meet your criteria. It's a binary yes/no decision - documents either match your conditions or they don't. Filtering is faster because it doesn't calculate relevance scores and leverages efficient index structures for exact matches, ranges, and boolean logic.

* **Filtering** removes non-matching documents without calculating relevance scores
* **Searching** both filters documents and ranks them by how well they match the query
**Searching** both filters documents and ranks them by relevance. It calculates a score for each matching document based on how well the content matches your query, allowing you to sort results from most relevant to least relevant. Search functions use advanced text analysis including stemming, synonyms, and fuzzy matching.

Note that filtering is faster than searching, because it doesn't require score calculations.
**When to choose filtering:**
- Exact category matches (`category.keyword == "Electronics"`)
- Date ranges (`date >= "2023-01-01"`)
- Numerical comparisons (`price < 100`)
- Any scenario where you want all matching results without ranking

### Relevance scoring [esql-for-search-scoring]

To get the most relevant results first, you need to use `METADATA _score` and sort by score. For example:

```esql
FROM books METADATA _score
| WHERE match(title, "Shakespeare") OR match(plot, "Shakespeare")
| SORT _score DESC
```

### How `_score` works [esql-for-search-how-scoring-works]
**When to choose searching:**
- Text queries where some results are more relevant than others
- Finding documents similar to a search phrase
- Any scenario where you want the "best" matches first
- You want to use [analyzers](elasticsearch://reference/elasticsearch/mapping-reference/analyzer.md) or [synonyms](/solutions/search/full-text/search-with-synonyms.md)

When working with relevance scoring in {{esql}}:
{{esql}}'s search functions address several key limitations that existed for text filtering: they work directly on multivalued fields, leverage analyzers for proper text analysis, and use optimized Lucene index structures for better performance.

* If you don't include `METADATA _score` in your query, this only performs filtering operations with no relevance calculation.
* When you include `METADATA _score`, any search function included in `WHERE` conditions contribute to the relevance score. This means that every occurrence of `MATCH`, `QSTR` and `KQL` will affect the score.
* Filtering operations that are not search functions, like range conditions and exact matches, don't affect the score.
* Including `METADATA _score` doesn't automatically sort your results by relevance. You must explicitly use `SORT _score DESC` or `SORT _score ASC` to order your results by relevance.
### Relevance scoring [esql-for-search-scoring]

## Full text search [esql-for-search-full-text]
To get relevance-ranked results, you must explicitly request scoring with `METADATA _score` and sort by the score. Without this, even search functions like `MATCH` will only filter documents without ranking them.

### `MATCH` function and operator [esql-for-search-match-function-operator]
**Without `METADATA _score`**: All operations are filtering-only, even `MATCH`, `QSTR`, and `KQL` functions. Documents either match or don't match - no ranking occurs.

{{esql}} offers two syntax options for `match`, which replicate the functionality of [match](elasticsearch://reference/query-languages/query-dsl/query-dsl-match-query.md) queries in Query DSL.
**With `METADATA _score`**: [Search functions](elasticsearch://reference/query-languages/esql/functions-operators/search-functions.md) contribute to relevance scores, while filtering operations (range conditions, exact matches) don't affect scoring. You must explicitly use `SORT _score DESC` to see the most relevant results first.

Use the compact operator syntax (`:`) for simple text matching with default parameters.
This gives you full control over when to use fast filtering versus slower but more powerful relevance-based searching.

```esql
FROM logs | WHERE message: "connection error"
```
## Search functions

Use the `match()` function syntax when you need to pass additional parameters:
The following functions provide text-based search capabilities in {{esql}} with different levels of precision and control.

```esql
FROM products | WHERE match(name, "laptop", { "boost": 2.0 })
```
### `MATCH` function and operator

These full-text functions address several key limitations that existed for text filtering in {{esql}}:
{{esql}} offers two syntax options for match, which replicate the functionality of [match](elasticsearch://reference/query-languages/query-dsl/query-dsl-match-query.md) queries in Query DSL.

* They work directly on multivalued fields, returning results when any value in a multivalued field matches the query
* They leverage analyzers, ensuring the query is analyzed with the same process as the indexed data (enabling case-insensitive matching, ASCII folding, stopword removal, and synonym support)
* They are highly performant, using Lucene index structures rather than pattern matching or regular expressions to locate terms in your data
- Use the compact [operator syntax (:)](elasticsearch://reference/query-languages/esql/functions-operators/operators.md#esql-match-operator) for simple text matching with default parameters.
- Use the [MATCH function syntax](elasticsearch://reference/query-languages/esql/functions-operators/search-functions.md#esql-match) for more control over the query, such as specifying analyzers, fuzziness, and other parameters.

Refer to this blog for more context: [Introducing full text filtering in {{esql}}](https://www.elastic.co/search-labs/blog/filtering-in-esql-full-text-search-match-qstr).
Refer to the [tutorial](esql-search-tutorial.md#step-3-basic-search-operations) for examples of both syntaxes.

::::{tip}
See [Match field parameters](elasticsearch://reference/query-languages/esql/functions-operators/search-functions.md#esql-match) for more advanced options using match.
::::
### `MATCH_PHRASE` function

::::{important}
These queries match documents but don't automatically sort by relevance. To get the most relevant results first, you need to use `METADATA _score` and sort by score. See [Relevance scoring](#esql-for-search-scoring) for more information.
::::
Use the [`MATCH_PHRASE` function](elasticsearch://reference/query-languages/esql/functions-operators/search-functions.md#esql-match_phrase) to perform a `match_phrase` query on the specified field. This is equivalent to using the [match_phrase query](elasticsearch://reference/query-languages/query-dsl/query-dsl-match-query-phrase.md) in Query DSL.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Use the [`MATCH_PHRASE` function](elasticsearch://reference/query-languages/esql/functions-operators/search-functions.md#esql-match_phrase) to perform a `match_phrase` query on the specified field. This is equivalent to using the [match_phrase query](elasticsearch://reference/query-languages/query-dsl/query-dsl-match-query-phrase.md) in Query DSL.
Use the [`MATCH_PHRASE` function](elasticsearch://reference/query-languages/esql/functions-operators/search-functions.md#esql-match_phrase) to perform a `match_phrase` query, equivalent to the [match_phrase query](elasticsearch://reference/query-languages/query-dsl/query-dsl-match-query-phrase.md) in Query DSL.


### Query string (`QSTR`) function [esql-for-search-query-string]
For exact phrase matching rather than individual word matching, use `MATCH_PHRASE`.

The [`qstr` function](elasticsearch://reference/query-languages/esql/functions-operators/search-functions.md#esql-qstr) provides the same functionality as the Query DSL's `query_string` query. This is for advanced use cases, such as wildcard searches, searches across multiple fields, and more.
### Query string (`QSTR`) function

```esql
FROM articles METADATA _score
| WHERE QSTR("(new york city) OR (big apple)")
| SORT _score DESC
| LIMIT 10
```
The [`qstr` function](elasticsearch://reference/query-languages/esql/functions-operators/search-functions.md#esql-qstr) provides the same functionality as the Query DSL's `query_string` query. This enables advanced search patterns with wildcards, boolean logic, and multi-field searches.

For complete details, refer to the [Query DSL `query_string` docs](elasticsearch://reference/query-languages/query-dsl/query-dsl-query-string-query.md).

### `KQL` function [esql-for-search-kql]

Use the [KQL function](elasticsearch://reference/query-languages/esql/functions-operators/search-functions.md#esql-kql) to use the [Kibana Query Language](/explore-analyze/query-filter/languages/kql.md) in your {{esql}} queries:

```esql
FROM logs*
| WHERE KQL("http.request.method:GET AND agent.type:filebeat")
```

The `kql` function is useful when transitioning queries from Kibana's Discover, Dashboard, or other interfaces that use KQL. This will allow you to gradually migrate queries to {{esql}} without needing to rewrite them all at once.
### `KQL` function

## Semantic search [esql-for-search-semantic]
Use the [KQL function](elasticsearch://reference/query-languages/esql/functions-operators/search-functions.md#esql-kql) to use the [Kibana Query Language](/explore-analyze/query-filter/languages/kql.md) in your {{esql}} queries.

You can perform semantic searches over [`semantic_text`](elasticsearch://reference/elasticsearch/mapping-reference/semantic-text.md) field types using the same match syntax as full-text search.
For migrating queries from other Kibana interfaces, the `KQL` function preserves existing query syntax and allows gradual migration to {{esql}} without rewriting existing Kibana queries.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure of the word "interfaces".

Suggested change
For migrating queries from other Kibana interfaces, the `KQL` function preserves existing query syntax and allows gradual migration to {{esql}} without rewriting existing Kibana queries.
If you are familiar with other query languages in Kibana before, the `KQL` function preserves existing query syntax and allows gradual migration to {{esql}} without rewriting existing Kibana queries.


This example uses the match operator `:`:
## Advanced search capabilities

```esql
FROM articles METADATA _score
| WHERE semantic_content: "What are the impacts of climate change on agriculture?"
| SORT _score DESC
```
### Semantic search

This example uses the match function:
[Semantic search](/solutions/search/semantic-search.md) leverages machine learning models to understand the meaning of text, enabling more accurate and context-aware search results.

```esql
FROM articles METADATA _score
| WHERE match(semantic_content, "What are the impacts of climate change on agriculture?")
| SORT _score DESC
```
In {{esql}}, you can perform semantic searches on [`semantic_text`](elasticsearch://reference/elasticsearch/mapping-reference/semantic-text.md) field types using the same match syntax as full-text search.

## Hybrid search [esql-for-search-hybrid]
Refer to [semantic search with semantic_text](/solutions/search/semantic-search/semantic-search-semantic-text.md) for an example or follow the [tutorial](esql-search-tutorial.md#step-5-semantic-search-and-hybrid-search).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Refer to [semantic search with semantic_text](/solutions/search/semantic-search/semantic-search-semantic-text.md) for an example or follow the [tutorial](esql-search-tutorial.md#step-5-semantic-search-and-hybrid-search).
For an example, see [semantic search with semantic_text](/solutions/search/semantic-search/semantic-search-semantic-text.md) or follow the [semantic search tutorial](esql-search-tutorial.md#step-5-semantic-search-and-hybrid-search).


[Hybrid search](/solutions/search/hybrid-search.md) combines lexical and semantic search with custom weights:
### Hybrid search

```esql
FROM books METADATA _score
| WHERE match(semantic_title, "fantasy adventure", { "boost": 0.75 })
OR match(title, "fantasy adventure", { "boost": 0.25 })
| SORT _score DESC
```
[Hybrid search](/solutions/search/hybrid-search.md) combines lexical and semantic search with custom weights to leverage both exact keyword matching and semantic understanding.

## Limitations [esql-for-search-limitations]

Refer to [{{esql}} limitations](elasticsearch://reference/query-languages/esql/limitations.md#esql-limitations-full-text-search) for a list of known limitations.
Refer to [hybrid search with semantic_text](hybrid-semantic-text.md) for an example or follow the [tutorial](esql-search-tutorial.md#step-5-semantic-search-and-hybrid-search).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same comment as before.


## Next steps [esql-for-search-next-steps]

### Tutorials and how-to guides [esql-for-search-tutorials]

- [Search and filter with {{esql}}](esql-search-tutorial.md): Hands-on tutorial for getting started with search tools in {{esql}}
- [Semantic search with semantic_text](semantic-search/semantic-search-semantic-text.md): Learn how to use the `semantic_text` field type
- [Search and filter with {{esql}}](esql-search-tutorial.md): Hands-on tutorial for getting started with search tools in {{esql}}, with concrete examples of the functionalities described in this page

### Technical reference [esql-for-search-reference]

- [Search functions](elasticsearch://reference/query-languages/esql/functions-operators/search-functions.md): Complete reference for all search functions
- [Limitations](elasticsearch://reference/query-languages/esql/limitations.md#esql-limitations-full-text-search): Current limitations for search in {{esql}}

### Background concepts [esql-for-search-concepts]

- [Analysis](/manage-data/data-store/text-analysis.md): Learn how text is processed for full-text search
- [Semantic search](semantic-search.md): Get an overview of semantic search in Elasticsearch
- [Query vs filter context](elasticsearch://reference/query-languages/query-dsl/query-filter-context.md): Understand the difference between query and filter contexts in Elasticsearch
- [Limitations](elasticsearch://reference/query-languages/esql/limitations.md#esql-limitations-full-text-search): Current limitations for search functions in {{esql}}

### Related blog posts [esql-for-search-blogs]

Expand Down
Loading
Loading