Skip to content

[DOCS] ES|QL: Adding a tip to the WHERE documentation #114050

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 14, 2024
Merged

[DOCS] ES|QL: Adding a tip to the WHERE documentation #114050

merged 3 commits into from
Oct 14, 2024

Conversation

KyleOnK8s
Copy link
Contributor

The WHERE clause in ES|QL will exclude null results when using a != operator. Examples provided in screenshots. This is the opposite behavior from other query languages supported in Elastic. I tested KQL, Query DSL, and Lucene. I did not test any scripting languages.

This can result in users accidentally excluding data they do not want to. This is especially concerning in Security applications where customers are building their rules to span multiple source types and those source types have mapping conflicts or other field disparity.

There is currently no information on this behavior in the ES|QL support docs. This PR is to address documentation.

No filters (for reference)
No Filters

KQL
KQL

Lucene
Lucene

Query DSL
Query DSL

ES|QL without filters (for reference)
ES|QL No Filters

ES|QL with NOT filter only (excludes the null result)
ES|QL with NOT filter

ES|QL with NOT or IS NULL filter (includes the null result)
ES|QL with NOT or IS NULL filter

@KyleOnK8s KyleOnK8s added the >docs General docs changes label Oct 3, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 3, 2024

Documentation preview:

@elasticsearchmachine
Copy link
Collaborator

@KyleOnK8s please enable the option "Allow edits and access to secrets by maintainers" on your PR. For more information, see the documentation.

@elasticsearchmachine elasticsearchmachine added v9.0.0 Team:Docs Meta label for docs team external-contributor Pull request authored by a developer outside the Elasticsearch team labels Oct 3, 2024
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-docs (Team:Docs)

@KyleOnK8s
Copy link
Contributor Author

@KyleOnK8s please enable the option "Allow edits and access to secrets by maintainers" on your PR. For more information, see the documentation.

This option does not appear to exist for me. Docs team, please let me know if you need me to do something differently.

@leemthompo leemthompo added the :Analytics/ES|QL AKA ESQL label Oct 14, 2024
@elasticsearchmachine elasticsearchmachine added the Team:Analytics Meta label for analytical engine team (ESQL/Aggs/Geo) label Oct 14, 2024
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-analytical-engine (Team:Analytics)

astefan
astefan reviewed Oct 14, 2024
View reviewed changes
@astefan astefan requested a review from leemthompo October 14, 2024 15:48
@leemthompo leemthompo added auto-backport Automatically create backport pull requests when merged v8.16.0 and removed external-contributor Pull request authored by a developer outside the Elasticsearch team labels Oct 14, 2024
leemthompo
leemthompo approved these changes Oct 14, 2024
View reviewed changes
Copy link
Contributor

@leemthompo leemthompo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a nit to remove parenthesis :)

@astefan How far do we need to backport this?

@astefan
Copy link
Contributor

astefan commented Oct 14, 2024

@leemthompo Not sure about backporting. This is the default behavior of ES|QL since the beginning I think, it's nothing new imo. But it's good that we are explicit about this behavior, since ES itself behaves slightly different.

astefan
astefan approved these changes Oct 14, 2024
View reviewed changes
Copy link
Contributor

@astefan astefan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@KyleOnK8s @leemthompo
Update docs/reference/esql/processing-commands/where.asciidoc
ba830d3 
Rephrasing for clarity

Co-authored-by: Liam Thompson <[email protected]>
leemthompo
leemthompo approved these changes Oct 14, 2024
View reviewed changes
Copy link
Contributor

@leemthompo leemthompo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚢

@KyleOnK8s KyleOnK8s merged commit ee74ce5 into main Oct 14, 2024
6 checks passed
@KyleOnK8s KyleOnK8s deleted the docs/esql-where-update branch October 14, 2024 18:05
davidkyle pushed a commit to davidkyle/elasticsearch that referenced this pull request Oct 14, 2024
@KyleOnK8s @astefan
@leemthompo @davidkyle
[DOCS] ES|QL: Adding a tip to the WHERE documentation (elastic#114050)
ee7589e 
* Adding a tip to make null field behavior more apparent.

* Update docs/reference/esql/processing-commands/where.asciidoc

Co-authored-by: Andrei Stefan <[email protected]>

* Update docs/reference/esql/processing-commands/where.asciidoc

Rephrasing for clarity

Co-authored-by: Liam Thompson <[email protected]>

---------

Co-authored-by: Andrei Stefan <[email protected]>
Co-authored-by: Liam Thompson <[email protected]>
davidkyle pushed a commit that referenced this pull request Oct 15, 2024
@KyleOnK8s @astefan
@leemthompo @davidkyle
[DOCS] ES|QL: Adding a tip to the WHERE documentation (#114050)
e314db3 
* Adding a tip to make null field behavior more apparent.

* Update docs/reference/esql/processing-commands/where.asciidoc

Co-authored-by: Andrei Stefan <[email protected]>

* Update docs/reference/esql/processing-commands/where.asciidoc

Rephrasing for clarity

Co-authored-by: Liam Thompson <[email protected]>

---------

Co-authored-by: Andrei Stefan <[email protected]>
Co-authored-by: Liam Thompson <[email protected]>
georgewallace pushed a commit to georgewallace/elasticsearch that referenced this pull request Oct 25, 2024
@KyleOnK8s @astefan
@leemthompo @georgewallace
[DOCS] ES|QL: Adding a tip to the WHERE documentation (elastic#114050)
71fb871 
* Adding a tip to make null field behavior more apparent.

* Update docs/reference/esql/processing-commands/where.asciidoc

Co-authored-by: Andrei Stefan <[email protected]>

* Update docs/reference/esql/processing-commands/where.asciidoc

Rephrasing for clarity

Co-authored-by: Liam Thompson <[email protected]>

---------

Co-authored-by: Andrei Stefan <[email protected]>
Co-authored-by: Liam Thompson <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@astefan astefan astefan approved these changes

@leemthompo leemthompo leemthompo approved these changes

Assignees

No one assigned

Labels

:Analytics/ES|QL AKA ESQL auto-backport Automatically create backport pull requests when merged >docs General docs changes Team:Analytics Meta label for analytical engine team (ESQL/Aggs/Geo) Team:Docs Meta label for docs team v8.14.0 v8.15.0 v8.16.0 v9.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@KyleOnK8s @elasticsearchmachine @astefan @leemthompo