Piped Processing Language (PPL), powered by OpenSearch, enables OpenSearch users with exploration and discovery of, and finding search patterns in data stored in OpenSearch Or S3.
The PPL query start with search command and then flowing a set of command delimited by pipe (|). for example, the following query retrieve firstname and lastname from accounts if age larger than 18.
source=accounts
| where age > 18
| fields firstname, lastname
For additional examples see the next documentation.
-
Commands
-
Functions
Running PPL On Spark gives a basic overview of the PPL language an how it functions on top of Spark
See samples of PPL queries