ES|QL simple search

Discover in Kibana showing ES|QL simple search in light and dark themeDiscover in Kibana showing ES|QL simple search in light and dark theme

Problem

ES|QL is powerful, but its syntax is a barrier. In Kibana’s classic KQL experience, typing something like generic automatically searches across all fields — fast and forgiving. In ES|QL, that same search requires writing FROM logs-* | WHERE QSTR(“generic”), a jump in complexity for what should be a basic query. Users who were comfortable in KQL suddenly had to learn a new language to get to their data.

The gap wasn’t just about syntax. It was about pace. Analysts who used to type a few words and get results were now writing multi-line queries just to replicate what they already knew how to do. The learning curve was slowing down adoption of ES|QL across the product.

Solution

ES|QL simple search sits on top of ES|QL and quietly generates valid queries while users interact with a familiar search interface. It has two modes. By default, it uses natural language: users describe what they’re looking for in plain English, and ES|QL simple search translates that into a fully formed ES|QL query. For users already working in KQL, there’s a dedicated KQL mode that takes their existing expressions and converts them to ES|QL automatically — making the migration path feel seamless rather than disruptive.

Users can open the simple search input by clicking the search button in the editor toolbar or by pressing Command+K, giving it the feel of a native command palette. Once open, they enter a query in natural language or KQL — depending on the mode — and an ES|QL query is generated for them. Every generated query is visible and editable, so simple search also works as a learning mechanism — users gradually absorb ES|QL syntax through repeated exposure rather than formal study.

This was also the first project I prototyped and presented using Vibe Kibana, which set a new pattern for how I design high fidelity prototypes.

Outcomes

ES|QL simple search removes the syntax barrier without removing ES|QL itself. Users get the power of the language without having to learn it upfront, and KQL users get a migration path that doesn’t ask them to stop what they’re doing and study documentation.

← Back