Module: Elasticsearch::Helpers::ESQLHelper

Defined in:

lib/elasticsearch/helpers/esql_helper.rb

Overview

Elasticsearch Client Helper for the ES|QL API

See Also:

• https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-query-api.html

Class Method Summary

• .query(client, query, params = {}, parser: {}) ⇒ Object

  Query helper for ES|QL.

Class Method Details

.query(client, query, params = {}, parser: {}) ⇒ Object

Query helper for ES|QL

By default, the esql.query API returns a Hash response with the following keys:

• columns with the value being an Array of ‘{ name: type }` Hashes for each column.

• values with the value being an Array of Arrays with the values for each row.

This helper function returns an Array of hashes with the columns as keys and the respective values: ‘{ column => value }`.

Examples:

Using the ES|QL helper

require 'elasticsearch/helpers/esql_helper'
query = "          FROM sample_data\n          | EVAL duration_ms = ROUND(event.duration / 1000000.0, 1)\n        ESQL\nresponse = Elasticsearch::Helpers::ESQLHelper.query(client, query)\n"

Using the ES|QL helper with a parser

response = Elasticsearch::Helpers::ESQLHelper.query(
             client,
             query,
             parser: { '@timestamp' => Proc.new { |t| DateTime.parse(t) } }
           )

Parameters:

• client (Elasticsearch::Client) —

  an instance of the Client to use for the query.

• query (Hash, String) —

  The query to be passed to the ES|QL query API.

• params (Hash) (defaults to: {}) —

  options to pass to the ES|QL query API.

• parser (Hash) (defaults to: {}) —

  Hash of column name keys and Proc values to transform the value of a given column.

See Also:

• https://www.elastic.co/guide/en/elasticsearch/client/ruby-api/current/Helpers.html#_esql_helper

# File 'lib/elasticsearch/helpers/esql_helper.rb', line 58

def self.query(client, query, params = {}, parser: {})
  response = client.esql.query({ body: { query: query }, format: 'json' }.merge(params))

  columns = response['columns']
  response['values'].map do |value|
    (value.length - 1).downto(0).map do |index|
      key = columns[index]['name']
      value[index] = parser[key].call(value[index]) if value[index] && parser[key]
      { key => value[index] }
    end.reduce({}, :merge)
  end
end