Awesome
Open Distro for Elasticsearch SQL
Open Distro for Elasticsearch enables you to extract insights out of Elasticsearch using the familiar SQL query syntax. Use aggregations, group by, and where clauses to investigate your data. Read your data as JSON documents or CSV tables so you have the flexibility to use the format that works best for you.
SQL Related Projects
The following projects have been merged into this repository as separate folders as of July 9, 2020. Please refer to links below for details. This document will focus on the SQL plugin for Elasticsearch.
Documentation
Please refer to the SQL Language Reference Manual, Piped Processing Language (PPL) Reference Manual and Technical Documentation for detailed information on installing and configuring opendistro-elasticsearch-sql plugin. Looking to contribute? Read the instructions on Development Guide and then submit a patch!
Experimental
Recently we have been actively improving our query engine primarily for better correctness and extensibility. Behind the scene, the new enhanced engine has already supported the new released Piped Processing Language. However, it was experimental and disabled by default for SQL query processing. With most important features and full testing complete, now we're ready to promote it as our default SQL query engine. Please find more details in An Introduction to the New SQL Query Engine.
Setup
Install as plugin: build plugin from source code by following the instruction in Build section and install it to your Elasticsearch.
After doing this, you need to restart the Elasticsearch server. Otherwise you may get errors like Invalid index name [sql], must not start with '']; ","status":400}
.
Build
The package uses the Gradle build system.
- Checkout this package from version control.
- To build from command line set
JAVA_HOME
to point to a JDK >=14 - Run
./gradlew build
Basic Usage
To use the feature, send requests to the _opendistro/_sql
URI. You can use a request parameter or the request body (recommended).
- Simple query
POST https://<host>:<port>/_opendistro/_sql
{
"query": "SELECT * FROM my-index LIMIT 50"
}
- Explain SQL to elasticsearch query DSL
POST _opendistro/_sql/_explain
{
"query": "SELECT * FROM my-index LIMIT 50"
}
- For a sample curl command with the Open Distro for Elasticsearch Security plugin, try:
curl -XPOST https://localhost:9200/_opendistro/_sql -u admin:admin -k -d '{"query": "SELECT * FROM my-index LIMIT 10"}' -H 'Content-Type: application/json'
SQL Usage
-
Query
SELECT * FROM bank WHERE age >30 AND gender = 'm'
-
Aggregation
SELECT COUNT(*),SUM(age),MIN(age) as m, MAX(age),AVG(age) FROM bank GROUP BY gender HAVING m >= 20 ORDER BY SUM(age), m DESC
-
Join
SELECT b1.firstname, b1.lastname, b2.age FROM bank b1 LEFT JOIN bank b2 ON b1.age = b2.age AND b1.state = b2.state
-
Show
SHOW TABLES LIKE ban% DESCRIBE TABLES LIKE bank
-
Delete
DELETE FROM bank WHERE age >30 AND gender = 'm'
Beyond SQL
-
Search
SELECT address FROM bank WHERE address = matchQuery('880 Holmes Lane') ORDER BY _score DESC LIMIT 3
-
Nested Field
SELECT address FROM bank b, b.nestedField e WHERE b.state = 'WA' and e.name = 'test'
-
SELECT address, nested(nestedField.name) FROM bank WHERE nested(nestedField, nestedField.state = 'WA' AND nestedField.name = 'test') OR nested(nestedField.state) = 'CA'
-
-
Aggregations
-
range age group 20-25,25-30,30-35,35-40
SELECT COUNT(age) FROM bank GROUP BY range(age, 20,25,30,35,40)
-
range date group by day
SELECT online FROM online GROUP BY date_histogram(field='insert_time','interval'='1d')
-
range date group by your config
SELECT online FROM online GROUP BY date_range(field='insert_time','format'='yyyy-MM-dd' ,'2014-08-18','2014-08-17','now-8d','now-7d','now-6d','now')
-
-
ES Geographic
SELECT * FROM locations WHERE GEO_BOUNDING_BOX(fieldname,100.0,1.0,101,0.0)
-
Select type or pattern
SELECT * FROM indexName/type SELECT * FROM index*
SQL Features
- SQL Select
- SQL Delete
- SQL Where
- SQL Order By
- SQL Group By
- SQL Having
- SQL Inner Join
- SQL Left Join
- SQL Show
- SQL Describe
- SQL AND & OR
- SQL Like
- SQL COUNT distinct
- SQL In
- SQL Between
- SQL Aliases
- SQL Not Null
- SQL(ES) Date
- SQL avg()
- SQL count()
- SQL max()
- SQL min()
- SQL sum()
- SQL Nulls
- SQL isnull()
- SQL floor
- SQL trim
- SQL log
- SQL log10
- SQL substring
- SQL round
- SQL sqrt
- SQL concat_ws
- SQL union and minus
JDBC Support
Please check out JDBC driver repository for more details.
Beyond sql features
- ES TopHits
- ES MISSING
- ES STATS
- ES GEO_INTERSECTS
- ES GEO_BOUNDING_BOX
- ES GEO_DISTANCE
- ES GEOHASH_GRID aggregation
Attribution
This project is based on the Apache 2.0-licensed elasticsearch-sql project. Thank you eliranmoyal, shi-yuan, ansjsun and everyone else who contributed great code to that project. Read this for more details Attributions.
Code of Conduct
This project has adopted an Open Source Code of Conduct.
Security issue notifications
If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our vulnerability reporting page. Please do not create a public GitHub issue.
Licensing
See the LICENSE file for our project's licensing. We will ask you to confirm the licensing of your contribution.
Copyright
Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.