To have KQL (kusto query language) support within Kibana & ElasticSearch

[getkub]

Describe the feature: The default languages of Kibana does not have aggregation and on-the-fly transformation of dataset, but Microsoft Products like Sentinel have enabled it using Kusto Query Language (confusingly they also call KQL) https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/

The language is open source and can be ported to other products like Kibana & ElasticSearchh

This feature request is to check such portability options

Describe a specific use case for the feature:

Kusto Language is

• simple to learn
• workflow is simpler and can pipe and assign variable on the fly
• aggregate/lookup functions are all built-in etc
• Have similar structure to Splunk's SPL. So stakeholders who were familiar with Splunk can onboard to Kibana

[elasticmachine]

Pinging @elastic/kibana-app-services (Team:AppServices)

[elasticmachine]

Pinging @elastic/kibana-visualizations @elastic/kibana-visualizations-external (Team:Visualizations)

[PhiZ-9]

Dear Team,

is there any news on this topic?

[stratoula]

@PhiZ-9 hey! From 8.11 we are supporting our new ES|QL language which is piped and easy to learn. Have you seen it?

The ES|QL language:

• creates variables on the fly
• can run aggregations
• supports lookups with the enrich command. An enrich policy should exist but we are going to support joins without the need of a policy
• has similar structure to Splunk's SPL and is an SQL language making it very easy to learn

https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-getting-started.html

With that being said we are currently focusing on this language, supporting Kusto is not on our plans for now.