Query Elasticsearch indices directly using SQL
Maintainer(s):
tlinhart
Installing and Loading
INSTALL elasticsearch FROM community;
LOAD elasticsearch;
Example
-- Basic query.
SELECT * FROM elasticsearch_query(
host := 'localhost',
index := 'products'
);
-- Query with authentication.
SELECT * FROM elasticsearch_query(
host := 'localhost',
index := 'logs-*',
username := 'elastic',
password := 'secret',
use_ssl := true
);
-- Filter pushdown – WHERE clauses are translated to Elasticsearch Query DSL.
SELECT name, price FROM elasticsearch_query(
host := 'localhost',
index := 'products'
)
WHERE category = 'electronics' AND price > 100;
-- Geospatial query pushdown (requires the DuckDB spatial extension).
INSTALL spatial;
LOAD spatial;
SELECT name FROM elasticsearch_query(
host := 'localhost',
index := 'places'
)
WHERE ST_Intersects(ST_GeomFromGeoJSON(geometry), ST_Point(-122.4194, 37.7749));
-- Combine WHERE clause with a base Elasticsearch query.
SELECT title, author FROM elasticsearch_query(
host := 'localhost',
index := 'books',
query := '{"match": {"description": "science fiction"}}'
)
WHERE in_stock = true
LIMIT 10;
About elasticsearch
The DuckDB Elasticsearch extension enables querying Elasticsearch indices directly using SQL. It supports filter, projection and limit pushdown for optimized queries, automatic schema inference from index mappings and handles complex types like nested objects, arrays and geospatial types.
Key features:
- Filter pushdown –
WHEREclauses are translated to Elasticsearch Query DSL. - Projection pushdown – only requested columns are fetched via
_sourcefiltering. - Limit pushdown –
LIMIT/OFFSETclauses are pushed to Elasticsearch. - Automatic schema inference from index mappings with array detection.
- Support for multi-index queries (e.g.
logs-*). - Geospatial types (
geo_point,geo_shape) converted to GeoJSON format. - SSL/TLS support with configurable certificate verification.
- Automatic retry with exponential backoff for transient errors.
For detailed documentation, visit the extension repository.
Added Functions
| function_name | function_type | description | comment | examples |
|---|---|---|---|---|
| elasticsearch_clear_cache | scalar | NULL | NULL | |
| elasticsearch_query | table | NULL | NULL |
Overloaded Functions
| function_name | function_type | description | comment | examples | |—————|—————|————-|———|———-|
Added Types
| type_name | type_size | logical_type | type_category | internal | |———–|———-:|————–|—————|———-|
Added Settings
| name | description | input_type | scope | aliases |
|---|---|---|---|---|
| elasticsearch_batch_size | Number of documents fetched per scroll batch from Elasticsearch | INTEGER | GLOBAL | [] |
| elasticsearch_batch_size_threshold_factor | For small LIMITs, fetch all rows in one request if total rows <= batch_size * factor | INTEGER | GLOBAL | [] |
| elasticsearch_max_retries | Maximum number of retries for transient Elasticsearch errors | INTEGER | GLOBAL | [] |
| elasticsearch_retry_backoff_factor | Exponential backoff factor applied between retries | DOUBLE | GLOBAL | [] |
| elasticsearch_retry_interval | Initial wait time between retries in milliseconds | INTEGER | GLOBAL | [] |
| elasticsearch_sample_size | Number of documents to sample for array detection (0 to disable) | INTEGER | GLOBAL | [] |
| elasticsearch_scroll_time | Scroll context keep-alive duration for data fetching (e.g. '5m', '1h') | VARCHAR | GLOBAL | [] |
| elasticsearch_timeout | Request timeout for Elasticsearch connections in milliseconds | INTEGER | GLOBAL | [] |
| elasticsearch_verify_ssl | Whether to verify SSL certificates when connecting to Elasticsearch | BOOLEAN | GLOBAL | [] |