Module: Elasticsearch::Helpers::ESQLHelper

Defined in:

lib/elasticsearch/helpers/esql_helper.rb

Overview

Elasticsearch Client Helper for the ES|QL API

See Also:

• https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-query-api.html

Class Method Summary

• .query(client, query, params = {}, parser: {}) ⇒ Object

  Query helper for ES|QL.

Class Method Details

.query(client, query, params = {}, parser: {}) ⇒ Object

Query helper for ES|QL

By default, the ‘esql.query` API returns a Hash response with the following keys:

• ‘columns` with the value being an Array of `{ name: type }` Hashes for each column.

• ‘values` with the value being an Array of Arrays with the values for each row.

This helper function returns an Array of hashes with the columns as keys and the respective values: ‘{ column => value }`.

Examples:

Using the ES|QL helper

require 'elasticsearch/helpers/esql_helper'
query = <<~ESQL
          FROM sample_data
          | EVAL duration_ms = ROUND(event.duration / 1000000.0, 1)
        ESQL
response = Elasticsearch::Helpers::ESQLHelper.query(client, query)

Using the ES|QL helper with a parser

response = Elasticsearch::Helpers::ESQLHelper.query(
             client,
             query,
             parser: { '@timestamp' => Proc.new { |t| DateTime.parse(t) } }
           )

Parameters:

• client (Elasticsearch::Client) —

  an instance of the Client to use for the query.

• query (Hash, String) —

  The query to be passed to the ES|QL query API.

• params (Hash) (defaults to: {}) —

  options to pass to the ES|QL query API.

• parser (Hash) (defaults to: {}) —

  Hash of column name keys and Proc values to transform the value of a given column.

See Also:

• https://www.elastic.co/guide/en/elasticsearch/client/ruby-api/current/Helpers.html#_esql_helper

# File 'lib/elasticsearch/helpers/esql_helper.rb', line 58

def self.query(client, query, params = {}, parser: {})
  response = client.esql.query({ body: { query: query }, format: 'json' }.merge(params))

  columns = response['columns']
  response['values'].map do |value|
    (value.length - 1).downto(0).map do |index|
      key = columns[index]['name']
      value[index] = parser[key].call(value[index]) if value[index] && parser[key]
      { key => value[index] }
    end.reduce({}, :merge)
  end
end