We use macros stored in many queries to easily read the data and any change we need to make in the logic, we make the change in only one place and there is no need to access all the places that use the same logic to change them as well.
What is the solution for this in Elastic?
Hi @rachelei - sounds like you might be looking for search templates. These are also leveraged in search applications which you may find useful.
I want to clarify again to make sure your answer does answer my question.
I have a long and complex basic query and it serves as a basis for many other queries.
Until today (in another system) I used a macro command, every time I wanted to write the base query and add additional criteria to it, I used the name of the macro (an alias of the query) and added what was needed to it. (Sometimes in one query I used several different aliases) This is how the alias looks like: Azure_last_report, etc.
Now I want to transfer the complex query to Elastic, using ESQL.
Is it possible to save the same long and basic query with a specific name and in every new search that I create and have to use it as a basis for the search, I can use its alias and I won't have to write it down in full?
In a search template, it seems that only syntaxes / variables can be saved and not a full query, right?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.