The Kibana Query Language (KQL) is a simple text-based query language designed for filtering Elasticsearch data. Unlike other query languages, KQL's primary role is data filtering; it does not handle aggregation, transformation, or sorting.
- Filter data using free text search or field-based queries
- Suggests field names, values, and operators as you type
- Ideal for precise data retrieval
- Filter documents where a value for a field exists:
http.request.method: *
- Match specific values:
http.request.method: GET
- Search within a range:
http.response.bytes < 10000
- Combine multiple range queries:
http.response.bytes > 10000 and http.response.bytes <= 20000
- Explore the KQL documentation for detailed syntax and examples
- Use KQL in Kibana's search bar for interactive queries
Kibana Query Language (KQL) is a powerful tool for filtering and querying Elasticsearch data. Whether you’re investigating security incidents, analyzing logs, or monitoring performance, KQL simplifies the process. As an open-source project, we invite you to contribute by reporting bugs, enhancing features, and engaging with the Kibana community. Let’s collaborate to make KQL even better! 🚀👍
Read More about license here