PPL

Piped Processing Language (PPL) is a query language that focuses on processing data in a sequential, step-by-step manner. PPL uses the pipe (|) operator to combine commands to find and retrieve data. It is particularly well suited for analyzing observability data, such as logs, metrics, and traces, due to its ability to handle semi-structured data efficiently.

PPL syntax

The following example shows the basic PPL syntax:

search source=<index-name> | <command_1> | <command_2> | ... | <command_n>

copy

See Syntax for specific PPL syntax examples.

PPL commands

PPL filters, transforms, and aggregates data using a series of commands. See Commands for a description and an example of each command.

Using PPL within OpenSearch

To use PPL, you must have installed OpenSearch Dashboards. PPL is available within the Query Workbench tool. See the Query Workbench documentation for a tutorial on using PPL within OpenSearch.

Developer documentation

Developers can find information in the following resources:

• Piped Processing Language specification
• OpenSearch PPL Reference Manual
• Observability using PPL-based visualizations
• PPL Data Types
• Cross-cluster search in PPL