Skip to content

ES|QL: support nested fields #107434

New issue
New issue
Open
Open
ES|QL: support nested fields#107434
Labels
:Analytics/ES|QLAKA ESQL>enhancementTeam:AnalyticsMeta label for analytical engine team (ESQL/Aggs/Geo)
@thomasneirynck

Description

@thomasneirynck
thomasneirynck
opened on Apr 12, 2024

Description

ES|QL should support nested-fields.

Consider something along the lines of:

  • A command to unpack a nested fields into rows.

e.g.:
FROM foobar | EXPAND my_nested_field by_path "pathtonestedfield | ...

This would yield a denormalized table, something like

foobar1-fieldX, foobar1-fieldY, ..., childa
foobar1-fieldX, foobar1-fieldY, ..., childb
foobar2-fieldX, foobar2-fieldY, ..., childa
foobar2-fieldX, foobar2-fieldY, ..., childb
foobar2-fieldX, foobar2-fieldY, ..., childc
...
  • New/overloaded aggregations that support a path-parameter

e.g.

FROM foobar | STAT avg_nested(my_nested_field, "child_path") BY ...
  • ... or any other number of approaches

A downstream benefit is that nested-field support in ES|QL would immediately enable visualization support for them in Kibana (elastic/kibana#1084)

Metadata

Metadata

Assignees

No one assigned

    Labels

    :Analytics/ES|QLAKA ESQL>enhancementTeam:AnalyticsMeta label for analytical engine team (ESQL/Aggs/Geo)

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions