Link Search Menu Expand Document

The Open Distro project is archived. Open Distro development has moved to OpenSearch. The Open Distro plugins will continue to work with legacy versions of Elasticsearch OSS, but we recommend upgrading to OpenSearch to take advantage of the latest features and improvements.

Identifiers

An identifier is an ID to name your database objects, such as index names, field names, aliases, and so on. Elasticsearch supports two types of identifiers: regular identifiers and delimited identifiers.

Regular identifiers

A regular identifier is a string of characters that starts with an ASCII letter (lower or upper case). The next character can either be a letter, digit, or underscore (_). It can’t be a reserved keyword. Whitespace and other special characters are also not allowed.

Elasticsearch supports the following regular identifiers:

  1. Identifiers prefixed by a dot . sign. Use to hide an index. For example .kibana.
  2. Identifiers prefixed by an @ sign. Use for meta fields generated by Logstash ingestion.
  3. Identifiers with hyphen - in the middle. Use for index names with date information.
  4. Identifiers with star * present. Use for wildcard match of index patterns.

For regular identifiers, you can use the name without any back tick or escape characters. In this example, source, fields, account_number, firstname, and lastname are all identifiers. Out of these, the source field is a reserved identifier.

source=accounts | fields account_number, firstname, lastname;
account_number firstname lastname
1 Amber Duke
6 Hattie Bond
13 Nanette Bates
18 Dale Adams

Delimited identifiers

A delimited identifier can contain special characters not allowed by a regular identifier. You must enclose delimited identifiers with back ticks (``). Back ticks differentiate the identifier from special characters.

If the index name includes a dot (.), for example, log-2021.01.11, use delimited identifiers with back ticks to escape it `log-2021.01.11`.

Typical examples of using delimited identifiers:

  1. Identifiers with reserved keywords.
  2. Identifiers with a . present. Similarly, - to include date information.
  3. Identifiers with other special characters. For example, Unicode characters.

To quote an index name with back ticks:

source=`accounts` | fields `account_number`;
account_number
1
6
13
18

Case sensitivity

Identifiers are case sensitive. They must be exactly the same as what’s stored in Elasticsearch.

For example, if you run source=Accounts, you’ll get an index not found exception because the actual index name is in lower case.