The .es function is used to pull the data from the Elasticsearch instance. The .es function can have multiple parameters and each parameter has a name that can be set inside the parentheses to set the value of that property. The parameter also has an order and we must follow the order to run the expression. If we skip the name of the parameter, Timelion will automatically assign the name as per the chosen order for the values. Now, let's speak about the parameters:
- The first parameter is q, which is used in queries and is used to filter the data based on the given value:
.es(q=*)
.es(q=country:de)
- The second parameter is index, which can be used to specify the name of the Elasticsearch index on which we will perform the operations. In this way, we can apply the query on a single index instead of multiple indices:
.es(index=metricbeat-*)
.es(q=&apos...