[A&E] Refine query languages intro, ESQL and Query DSL (#306)

* add base 'write to scratch' content to Explore and Analyze

* img paths

* query languages intro, query dsl, and esql

* Update explore-analyze/query-filter.md

Co-authored-by: Liam Thompson <[email protected]>

* fix img paths back to relative

* more img paths

* img width

---------

Co-authored-by: Liam Thompson <[email protected]>

Author: florent-leborgne

explore-analyze/alerts/kibana/rule-type-es-query.md

@@ -37,7 +37,7 @@ When you create an {{es}} query rule, your choice of query type affects the info
 
     If you use [KQL](../../query-filter/languages/kql.md) or [Lucene](../../query-filter/languages/lucene-query-syntax.md), you must specify a data view then define a text-based query. For example, `http.request.referrer: "https://example.com"`.
 
-    If you use [ES|QL](../../query-filter/languages/esorql.md), you must provide a source command followed by an optional series of processing commands, separated by pipe characters (|). [8.16.0] For example:
+    If you use [ES|QL](../../query-filter/languages/esql.md), you must provide a source command followed by an optional series of processing commands, separated by pipe characters (|). [8.16.0] For example:
 
     ```sh
     FROM kibana_sample_data_logs

explore-analyze/discover/try-esql.md

@@ -10,7 +10,7 @@ The Elasticsearch Query Language, {{esql}}, makes it easier to explore your data
 In this tutorial we’ll use the {{kib}} sample web logs in Discover and Lens to explore the data and create visualizations.
 
 ::::{tip}
-For the complete {{esql}} documentation, including tutorials, examples and the full syntax reference, refer to the [{{es}} documentation](../query-filter/languages/esorql.md). For a more detailed overview of {{esql}} in {{kib}}, refer to [Use {{esql}} in Kibana](../query-filter/languages/esql-kibana.md).
+For the complete {{esql}} documentation, including tutorials, examples and the full syntax reference, refer to the [{{es}} documentation](../query-filter/languages/esql.md). For a more detailed overview of {{esql}} in {{kib}}, refer to [Use {{esql}} in Kibana](../query-filter/languages/esql-kibana.md).
 
 ::::
 

explore-analyze/geospatial-analysis.md

@@ -34,7 +34,7 @@ Data is often messy and incomplete. [Ingest pipelines](../manage-data/ingest/tra
 
 ## ES|QL [esql-query]
 
-[ES|QL](query-filter/languages/esorql.md) has support for [Geospatial Search](https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-functions-operators.html#esql-spatial-functions) functions, enabling efficient index searching for documents that intersect with, are within, are contained by, or are disjoint from a query geometry. In addition, the `ST_DISTANCE` function calculates the distance between two points.
+[ES|QL](query-filter/languages/esql.md) has support for [Geospatial Search](https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-functions-operators.html#esql-spatial-functions) functions, enabling efficient index searching for documents that intersect with, are within, are contained by, or are disjoint from a query geometry. In addition, the `ST_DISTANCE` function calculates the distance between two points.
 
 * [`ST_INTERSECTS`](https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-functions-operators.html#esql-st_intersects)
 * [`ST_DISJOINT`](https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-functions-operators.html#esql-st_disjoint)

explore-analyze/query-filter.md

@@ -7,88 +7,20 @@ mapped_pages:
 
 You can use {{es}} as a basic document store to retrieve documents and their metadata. However, the real power of {{es}} comes from its advanced search and analytics capabilities.
 
-You’ll use a combination of an API endpoint and a query language to interact with your data.
-
-
-## REST API [search-analyze-rest-api]
-
-Use REST APIs to manage your {{es}} cluster, and to index and search your data. For testing purposes, you can submit requests directly from the command line or through the Dev Tools [Console](query-filter/tools/console.md) in {{kib}}. From your applications, you can use a [client](https://www.elastic.co/guide/en/elasticsearch/client/index.md) in your programming language of choice.
-
-Refer to [first steps with Elasticsearch](../solutions/search/get-started.md) for a hands-on example of using the `_search` endpoint, adding data to {{es}}, and running basic searches in Query DSL syntax.
-
-
-## Query languages [search-analyze-query-languages]
-
-{{es}} provides a number of query languages for interacting with your data.
-
-**Query DSL** is the primary query language for {{es}} today.
-
-**{{esql}}** is a new piped query language and compute engine which was first added in version **8.11**.
-
-{{esql}} does not yet support all the features of Query DSL. Look forward to new {{esql}} features and functionalities in each release.
-
-Refer to [Query languages](#search-analyze-query-languages) for a full overview of the query languages available in {{es}}.
-
-
-### Query DSL [search-analyze-query-dsl]
-
-[Query DSL](query-filter/languages/querydsl.md) is a full-featured JSON-style query language that enables complex searching, filtering, and aggregations. It is the original and most powerful query language for {{es}} today.
-
-The [`_search` endpoint](../solutions/search/querying-for-search.md) accepts queries written in Query DSL syntax.
-
+## Querying
 
-#### Search and filter with Query DSL [search-analyze-query-dsl-search-filter]
-
-Query DSL support a wide range of search techniques, including the following:
-
-* [**Full-text search**](../solutions/search/full-text.md): Search text that has been analyzed and indexed to support phrase or proximity queries, fuzzy matches, and more.
-* [**Keyword search**](https://www.elastic.co/guide/en/elasticsearch/reference/current/keyword.html): Search for exact matches using `keyword` fields.
-* [**Semantic search**](../solutions/search/semantic-search/semantic-search-semantic-text.md): Search `semantic_text` fields using dense or sparse vector search on embeddings generated in your {{es}} cluster.
-* [**Vector search**](../solutions/search/vector/knn.md): Search for similar dense vectors using the kNN algorithm for embeddings generated outside of {{es}}.
-* [**Geospatial search**](https://www.elastic.co/guide/en/elasticsearch/reference/current/geo-queries.html): Search for locations and calculate spatial relationships using geospatial queries.
-
-Learn about the full range of queries supported by [Query DSL](query-filter/languages/querydsl.md).
-
-You can also filter data using Query DSL. Filters enable you to include or exclude documents by retrieving documents that match specific field-level criteria. A query that uses the `filter` parameter indicates [filter context](query-filter/languages/querydsl.md#filter-context).
-
-
-#### Analyze with Query DSL [search-analyze-data-query-dsl]
-
-[Aggregations](aggregations.md) are the primary tool for analyzing {{es}} data using Query DSL. Aggregrations enable you to build complex summaries of your data and gain insight into key metrics, patterns, and trends.
-
-Because aggregations leverage the same data structures used for search, they are also very fast. This enables you to analyze and visualize your data in real time. You can search documents, filter results, and perform analytics at the same time, on the same data, in a single request. That means aggregations are calculated in the context of the search query.
-
-The folowing aggregation types are available:
-
-* [Metric](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-metrics.html): Calculate metrics, such as a sum or average, from field values.
-* [Bucket](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket.html): Group documents into buckets based on field values, ranges, or other criteria.
-* [Pipeline](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-pipeline.html): Run aggregations on the results of other aggregations.
-
-Run aggregations by specifying the [search API](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-search.html)'s `aggs` parameter. Learn more in [Run an aggregation](aggregations.md#run-an-agg).
-
-
-### {{esql}} [search-analyze-data-esql]
-
-[Elasticsearch Query Language ({{esql}})](query-filter/languages/esorql.md) is a piped query language for filtering, transforming, and analyzing data. {{esql}} is built on top of a new compute engine, where search, aggregation, and transformation functions are directly executed within {{es}} itself. {{esql}} syntax can also be used within various {{kib}} tools.
-
-The [`_query` endpoint](query-filter/languages/esql-rest.md) accepts queries written in {{esql}} syntax.
-
-Today, it supports a subset of the features available in Query DSL, but it is rapidly evolving.
+You’ll use a combination of an API endpoint and a query language to interact with your data.
 
-It comes with a comprehensive set of [functions and operators](https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-functions-operators.html) for working with data and has robust integration with {{kib}}'s Discover, dashboards and visualizations.
+- Elasticsearch provides a number of [query languages](/explore-analyze/query-filter/languages.md). From Query DSL to the newest ES|QL, find the one that's most appropriate for you.
 
-Learn more in [Getting started with {{esql}}](../solutions/search/get-started.md), or try [our training course](https://www.elastic.co/training/introduction-to-esql).
+- You can call Elasticsearch's REST APIs by submitting requests directly from the command line or through the Dev Tools [Console](/explore-analyze/query-filter/tools/console.md) in {{kib}}. From your applications, you can use a [client](https://www.elastic.co/guide/en/elasticsearch/client/index.md) in your programming language of choice.
 
+- A number of [tools](/explore-analyze/query-filter/tools.md) are available for you to save, debug, and optimize your queries.
 
-## List of available query languages [search-analyze-data-query-languages-table]
+% todo: update link to the best target
+If you're just getting started with Elasticsearch, try the hands-on [API quickstart](/solutions/search/elasticsearch-basics-quickstart.md) to learn how to add data and run basic searches using Query DSL and the `_search` endpoint.
 
-The following table summarizes all available {{es}} query languages, to help you choose the right one for your use case.
+## Filtering
 
-| Name | Description | Use cases | API endpoint |
-| --- | --- | --- | --- |
-| [Query DSL](query-filter/languages/querydsl.md) | The primary query language for {{es}}. A powerful and flexible JSON-style language that enables complex queries. | Full-text search, semantic search, keyword search, filtering, aggregations, and more. | [`_search`](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-search.html) |
-| [{{esql}}](query-filter/languages/esorql.md) | Introduced in **8.11**, the Elasticsearch Query Language ({{esql}}) is a piped query language language for filtering, transforming, and analyzing data. | Initially tailored towards working with time series data like logs and metrics.Robust integration with {{kib}} for querying, visualizing, and analyzing data.Does not yet support full-text search. | [`_query`](query-filter/languages/esql-rest.md) |
-| [EQL](query-filter/languages/eql.md) | Event Query Language (EQL) is a query language for event-based time series data. Data must contain the `@timestamp` field to use EQL. | Designed for the threat hunting security use case. | [`_eql`](https://www.elastic.co/guide/en/elasticsearch/reference/current/eql-apis.html) |
-| [Elasticsearch SQL](query-filter/languages/sql.md) | Allows native, real-time SQL-like querying against {{es}} data. JDBC and ODBC drivers are available for integration with business intelligence (BI) tools. | Enables users familiar with SQL to query {{es}} data using familiar syntax for BI and reporting. | [`_sql`](https://www.elastic.co/guide/en/elasticsearch/reference/current/sql-apis.html) |
-| [Kibana Query Language (KQL)](query-filter/languages/kql.md) | {{kib}} Query Language (KQL) is a text-based query language for filtering data when you access it through the {{kib}} UI. | Use KQL to filter documents where a value for a field exists, matches a given value, or is within a given range. | N/A |
+When querying your data in Kibana, additional options let you filter the results to just the subset you need. Some of these options are common to most Elastic apps. Check [Filtering in Kibana](/explore-analyze/query-filter/filtering.md) for more details on how to recognize and use them in the UI.
 

explore-analyze/query-filter/filtering.md

@@ -25,25 +25,25 @@ Some apps provide more options, such as [Dashboards](../dashboards.md).
 
 Display data within a specified time range when your index contains time-based events, and a time-field is configured for the selected [{{data-source}}](../find-and-organize/data-views.md). The default time range is 15 minutes, but you can customize it in [Advanced Settings](https://www.elastic.co/guide/en/kibana/current/advanced-options.html).
 
-1. Click ![calendar icon](../../images/kibana-time-filter-icon.png).
+1. Click ![calendar icon](../../../images/kibana-time-filter-icon.png).
 2. Choose one of the following:
 
     * **Quick select**. Set a time based on the last or next number of seconds, minutes, hours, or other time unit.
     * **Commonly used**. Select a time range from options such as **Last 15 minutes**, **Today**, and **Week to date**.
     * **Recently used date ranges**. Use a previously selected data range.
     * **Refresh every**. Specify an automatic refresh rate.
-
-        :::{image} ../../../images/kibana-time-filter.png
-        :alt: Time filter menu
-        :width: 300px
-        :::
+        
+:::{image} ../../images/kibana-time-filter.png
+:alt: Time filter menu
+:width: 300px
+:::
 
 3. To set start and end times, click the bar next to the time filter. In the popup, select **Absolute**, **Relative** or **Now**, then specify the required options.
-
-    :::{image} ../../../images/kibana-time-relative.png
-    :alt: Time filter showing relative time
-    :class: screenshot
-    :::
+    
+:::{image} ../../images/kibana-time-relative.png
+:alt: Time filter showing relative time
+:width: 350px
+:::
 
 The global time filter limits the time range of data displayed. In most cases, the time filter applies to the time field in the data view, but some apps allow you to use a different time field.
 
@@ -55,4 +55,4 @@ To manually resubmit a search, click the **Refresh** button. This is useful when
 
 Structured filters are a more interactive way to create {{es}} queries, and are commonly used when building dashboards that are shared by multiple analysts. Each filter can be disabled, inverted, or pinned across all apps. Each of the structured filters is combined with AND logic on the rest of the query.
 
-![Add filter popup](../../images/kibana-add-filter-popup.png "")
+![Add filter popup](../../../images/kibana-add-filter-popup.png "")