OpenSearch/docs/reference/sql/language/index-patterns.asciidoc

[role="xpack"]
[testenv="basic"]
[[sql-index-pattern]]
== Index patterns

{es-sql} supports two types of patterns for matching multiple indices or tables:

* {es} multi-index

The {es} notation for enumerating, including or excluding <<multi-index,multi index syntax>>
is supported _as long_ as it is quoted or escaped as a table identifier.

For example:

["source","sql",subs="attributes,callouts,macros"]
----
include-tagged::{sql-specs}/docs.csv-spec[showTablesEsMultiIndex]
----

Notice the pattern is surrounded by double quotes `"`. It enumerated `*` meaning all indices however
it excludes (due to `-`) all indices that start with `l`.
This notation is very convenient and powerful as it allows both inclusion and exclusion, depending on
the target naming convention.

* SQL `LIKE` notation

The common `LIKE` statement (including escaping if needed) to match a wildcard pattern, based on one `_`
or multiple `%` characters.

Using `SHOW TABLES` command again:

["source","sql",subs="attributes,callouts,macros"]
----
include-tagged::{sql-specs}/docs.csv-spec[showTablesLikeWildcard]
----

The pattern matches all tables that start with `emp`. 

This command supports _escaping_ as well, for example:

["source","sql",subs="attributes,callouts,macros"]
----
include-tagged::{sql-specs}/docs.csv-spec[showTablesLikeEscape]
----

Notice how now `emp%` does not match any tables because `%`, which means match zero or more characters,
has been escaped by `!` and thus becomes an regular char. And since there is no table named `emp%`,
an empty table is returned.

In a nutshell, the differences between the two type of patterns are:

[cols="^h,^,^",options="header"]
|===
| Feature | Multi index | SQL `LIKE`

| Type of quoting    | `"` | `'`
| Inclusion          | Yes | Yes
| Exclusion          | Yes | No
| Enumeration        | Yes | No
| One char pattern   | No  | `_`
| Multi char pattern | `*` | `%`
| Escaping           | No  | `ESCAPE`

|===

Which one to use, is up to you however try to stick to the same one across your queries for consistency.

NOTE: As the query type of quoting between the two patterns is fairly similar (`"` vs `'`), {es-sql} _always_
requires the keyword `LIKE` for SQL `LIKE` pattern.
SQL: Show/desc commands now support table ids (#33363) Extend SHOW TABLES, DESCRIBE and SHOW COLUMNS to support table identifiers not just SQL LIKE pattern. This allows both Elasticsearch-style multi-index patterns and SQL LIKE. To disambiguate between the two (as the " vs ' can be easy to miss), the grammar now requires LIKE keyword as a prefix for all LIKE-like patterns. Also added some docs comparing the two types of patterns. Fix #33294 2018-09-04 09:54:10 -04:00			`[role="xpack"]`
			`[testenv="basic"]`
			`[[sql-index-pattern]]`
			`== Index patterns`

			`{es-sql} supports two types of patterns for matching multiple indices or tables:`

			`* {es} multi-index`

			`The {es} notation for enumerating, including or excluding <<multi-index,multi index syntax>>`
			`is supported _as long_ as it is quoted or escaped as a table identifier.`

			`For example:`

			`["source","sql",subs="attributes,callouts,macros"]`
			`----`
			`include-tagged::{sql-specs}/docs.csv-spec[showTablesEsMultiIndex]`
			`----`

			Notice the pattern is surrounded by double quotes `"`. It enumerated `*` meaning all indices however
			it excludes (due to `-`) all indices that start with `l`.
			`This notation is very convenient and powerful as it allows both inclusion and exclusion, depending on`
			`the target naming convention.`

			* SQL `LIKE` notation

			The common `LIKE` statement (including escaping if needed) to match a wildcard pattern, based on one `_`
			or multiple `%` characters.

			Using `SHOW TABLES` command again:

			`["source","sql",subs="attributes,callouts,macros"]`
			`----`
			`include-tagged::{sql-specs}/docs.csv-spec[showTablesLikeWildcard]`
			`----`

			The pattern matches all tables that start with `emp`.

			`This command supports _escaping_ as well, for example:`

			`["source","sql",subs="attributes,callouts,macros"]`
			`----`
			`include-tagged::{sql-specs}/docs.csv-spec[showTablesLikeEscape]`
			`----`

			Notice how now `emp%` does not match any tables because `%`, which means match zero or more characters,
			has been escaped by `!` and thus becomes an regular char. And since there is no table named `emp%`,
			`an empty table is returned.`

			`In a nutshell, the differences between the two type of patterns are:`

			`[cols="^h,^,^",options="header"]`
			`\|===`
			\| Feature \| Multi index \| SQL `LIKE`

			\| Type of quoting \| `"` \| `'`
			`\| Inclusion \| Yes \| Yes`
			`\| Exclusion \| Yes \| No`
			`\| Enumeration \| Yes \| No`
			\| One char pattern \| No \| `_`
			\| Multi char pattern \| `*` \| `%`
			\| Escaping \| No \| `ESCAPE`

			`\|===`

			`Which one to use, is up to you however try to stick to the same one across your queries for consistency.`

			NOTE: As the query type of quoting between the two patterns is fairly similar (`"` vs `'`), {es-sql} _always_
			requires the keyword `LIKE` for SQL `LIKE` pattern.