|
160 | 160 | scroll_helper.clear |
161 | 161 | ---- |
162 | 162 | -- |
| 163 | + |
| 164 | +[discrete] |
| 165 | +=== ES|QL Helper |
| 166 | + |
| 167 | +This helpers provides an Object response from the ESQL `query` API instead of the default JSON value. |
| 168 | + |
| 169 | +To use the ES|QL helper, require it in your code: |
| 170 | + |
| 171 | +[source,ruby] |
| 172 | +---- |
| 173 | +require 'elasticsearch/helpers/esql_helper' |
| 174 | +---- |
| 175 | + |
| 176 | +By default, the `query` API returns a Hash response with `columns` and `values` like so: |
| 177 | + |
| 178 | +[source,ruby] |
| 179 | +---- |
| 180 | +query = <<ESQL |
| 181 | + FROM sample_data |
| 182 | + | EVAL duration_ms = ROUND(event.duration / 1000000.0, 1) |
| 183 | +ESQL |
| 184 | +
|
| 185 | +response = client.esql.query(body: { query: query}) |
| 186 | +puts response |
| 187 | +
|
| 188 | +{"columns"=>[ |
| 189 | + {"name"=>"@timestamp", "type"=>"date"}, |
| 190 | + {"name"=>"client.ip", "type"=>"ip"}, |
| 191 | + {"name"=>"event.duration", "type"=>"long"}, |
| 192 | + {"name"=>"message", "type"=>"keyword"}, |
| 193 | + {"name"=>"duration_ms", "type"=>"double"} |
| 194 | +], |
| 195 | +"values"=>[ |
| 196 | + ["2023-10-23T12:15:03.360Z", "172.21.2.162", 3450233, "Connected to 10.1.0.3", 3.5], |
| 197 | + ["2023-10-23T12:27:28.948Z", "172.21.2.113", 2764889, "Connected to 10.1.0.2", 2.8], |
| 198 | + ["2023-10-23T13:33:34.937Z", "172.21.0.5", 1232382, "Disconnected", 1.2], |
| 199 | + ["2023-10-23T13:51:54.732Z", "172.21.3.15", 725448, "Connection error", 0.7], |
| 200 | + ["2023-10-23T13:52:55.015Z", "172.21.3.15", 8268153, "Connection error", 8.3], |
| 201 | + ["2023-10-23T13:53:55.832Z", "172.21.3.15", 5033755, "Connection error", 5.0], |
| 202 | + ["2023-10-23T13:55:01.543Z", "172.21.3.15", 1756467, "Connected to 10.1.0.1", 1.8] |
| 203 | +]} |
| 204 | +---- |
| 205 | + |
| 206 | +The helper returns an Array of hashes with the columns as keys and the respective values. So for the previous example, it would return the following: |
| 207 | + |
| 208 | +[source,ruby] |
| 209 | +---- |
| 210 | +require 'elasticsearch/helpers/esql_helper' |
| 211 | +response = Elasticsearch::Helpers::ESQLHelper.query(client, query) |
| 212 | +
|
| 213 | +puts response |
| 214 | +{"duration_ms"=>3.5, "message"=>"Connected to 10.1.0.3", "event.duration"=>3450233, "client.ip"=>"172.21.2.162", "@timestamp"=>"2023-10-23T12:15:03.360Z"} |
| 215 | +{"duration_ms"=>2.8, "message"=>"Connected to 10.1.0.2", "event.duration"=>2764889, "client.ip"=>"172.21.2.113", "@timestamp"=>"2023-10-23T12:27:28.948Z"} |
| 216 | +{"duration_ms"=>1.2, "message"=>"Disconnected", "event.duration"=>1232382, "client.ip"=>"172.21.0.5", "@timestamp"=>"2023-10-23T13:33:34.937Z"} |
| 217 | +{"duration_ms"=>0.7, "message"=>"Connection error", "event.duration"=>725448, "client.ip"=>"172.21.3.15", "@timestamp"=>"2023-10-23T13:51:54.732Z"} |
| 218 | +{"duration_ms"=>8.3, "message"=>"Connection error", "event.duration"=>8268153, "client.ip"=>"172.21.3.15", "@timestamp"=>"2023-10-23T13:52:55.015Z"} |
| 219 | +{"duration_ms"=>5.0, "message"=>"Connection error", "event.duration"=>5033755, "client.ip"=>"172.21.3.15", "@timestamp"=>"2023-10-23T13:53:55.832Z"} |
| 220 | +{"duration_ms"=>1.8, "message"=>"Connected to 10.1.0.1", "event.duration"=>1756467, "client.ip"=>"172.21.3.15", "@timestamp"=>"2023-10-23T13:55:01.543Z"} |
| 221 | +---- |
0 commit comments