Piped Processing Language (PPL) lets users discover and explore search patterns across data stored in OpenSearch. By using a comprehensive portfolio of commands alongside functions, advanced operators, and expressions, users can effectively discover and explore log, monitoring, and observability data stored in OpenSearch.
PPL uses a set of commands delimited by pipes that provide read-only requests to process data and return results. Its highly simplified query syntax doesn’t have the steep learning curve or complexity of Query DSL or SQL, so new users can start uncovering insights from day one. With PPL, developers, engineers, and IT managers can effectively discover and explore log, monitoring, and observability data to remediate issues faster and provide a better experience for users.
The power of Piped Processing Language
Piped syntax
Every PPL query uses piped syntax, starting with the search command that specifies the index for the search and retrieval of documents. From there, you can place subsequent commands in any order.
Commands
PPL filters, transforms, and aggregates data using an extensive series of commands that include search, where, fields, rename, dedup, sort, eval, head, top, rare, and many more.
Event analytics
Using PPL queries, you can create data visualizations in OpenSearch Dashboards through Event analytics in OpenSearch Observability.
Functions
PPL functions pass input along stages of your observability pipeline, so you can compose elegant data transformation workflows.
The right blend of simplicity and capability
Enhanced analysis
PPL handles semi-structured data efficiently, so it’s particularly effective for observability data like logs, metrics, and traces.
Simplified queries
Simple query strings make writing, reading, and maintaining your queries more straightforward while providing greater tolerance for faults.
Powered by OpenSearch
PPL is powered by OpenSearch, so it fits naturally into the suite’s query tools and observability capabilities.
Expanded Workbench capabilities
The OpenSearch Query Workbench provides an interactive testing environment, so you can experiment with queries in a non-production environment.
Comprehensive commands
A wide array of commands means you can make your queries as flexible and extensive as you need.
Putting Piped Processing Language into action with OpenSearch Observability
Learn how to use PPL with OpenSearch to power more manageable and comprehensive observability.
| Understand syntax | Develop proficiency with PPL queries to unlock greater observability. |
| Integrate Calcite | Integrate an open -source framework for your PPL query engine. |
| Construct queries | Activate a full complement of querying tools to enhance observability. |
| Implement PPL | Run PPL queries programmatically or interactively in OpenSearch Dashboards. |
Get started with OpenSearch
Unlock actionable insights today. Explore our documentation for OpenSearch observability.
