Hi all
I'm exploring the ES SQL and I need more information. I only read the getting start on the documentation about SQL.
Is it possible to do a select on logstash or other index present in elastic?
I read examples on flights, but I don't understand where I could find the information about this table in the index pattern.
Thank you
Franco
Hi @franco.federico,
It's not entirely clear for me what you are looking for.
If I got your question right, you can find more information about tables using SHOW TABLES command or DESCRIBE TABLE.
Also, you can use a pattern if you want to query multiple tables.
If I want to do an ES SQL query on logstash index, what is the name of the table or the schema that implement logstash index?
And if I want to do an ES SQL query on other index what is the name of the table or the schema that show that implement a generic index?
Thank you
Franco
I am on the demo.elastic.com
I see filebeat index.
Now I'm trying to do a describe of filebeat in the dev tool and I have no response
Why?
I try with other index but I have the same result. Only for flights it's done.
Thank you
Franco
Because filebeat is not a table/index. By default, Filebeat writes events to multiple indices (daily) named filebeat-[Filebeat_version]-yyyy.MM.dd, where yyyy.MM.dd is the date when the events were indexed.
In demo.elastic.co, you should use
POST _sql?pretty&format=txt
{
"query":"SHOW TABLES LIKE 'filebeat%'"
}
to see the list of filebeat indices and then have a look at one of them with DESCRIBE sql command. For example:
POST _sql?pretty&format=txt
{
"query":"DESCRIBE \"filebeat-7.0.0-2019.05.07-000050\""
}
Thank you for information @Andrei_Stefan.
I suggest to add this example in the documentation because a basic user when found the SQL the first step is to try to exist index.
Bye
Franco
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.