ES|QL KQL function
query- Query string in KQL query string format.
options-
(Optional) KQL additional options as function named parameters. Available in stack version 9.3.0 and later.
Performs a KQL query. Returns true if the provided KQL query string matches the row.
| query | options | result |
|---|---|---|
| keyword | named parameters | boolean |
| keyword | boolean | |
| text | named parameters | boolean |
| text | boolean |
case_insensitive- (boolean) If true, performs case-insensitive matching for keyword fields. Defaults to false.
time_zone- (keyword) UTC offset or IANA time zone used to interpret date literals in the query string.
default_field- (keyword) Default field to search if no field is provided in the query string. Supports wildcards (*).
boost-
(float) Floating point number used to decrease or increase the relevance scores of the query. Defaults to 1.0.
Use KQL to filter by a specific field value
FROM books
| WHERE KQL("author: Faulkner")
| book_no:keyword | author:text |
|---|---|
| 2378 | [Carol Faulkner, Holly Byers Ochoa, Lucretia Mott] |
| 2713 | William Faulkner |
| 2847 | Colleen Faulkner |
| 2883 | William Faulkner |
| 3293 | Danny Faulkner |
Use KQL with additional options for case-insensitive matching and custom settings
FROM employees
| WHERE KQL("mary", {"case_insensitive": true, "default_field": "first_name", "boost": 1.5})