[8.11] [DOCS] ES|QL pages in Kibana guide (#170226) (#170419)

# Backport

This will backport the following commits from `main` to `8.11`:
- [[DOCS] ES|QL pages in Kibana guide
(#170226)](#170226)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT
[{"author":{"name":"amyjtechwriter","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-11-02T13:45:17Z","message":"[DOCS]
ES|QL pages in Kibana guide (#170226)\n\n## Summary\r\n\r\nTwo pages
about ES|QL added to the Kibana guide. One page (titled ES|QL)\r\nunder
the 'Kibana concepts' heading, which is an overview page. One
page\r\nadded to the 'Discover' section (titled Try ES|QL) which is a
short\r\ntutorial.\r\n\r\nRelates
to:\r\n[#244](https://github.com/elastic/platform-docs-team/issues/244)\r\n\r\n---------\r\n\r\nCo-authored-by:
Abdon Pijpelink
<[email protected]>","sha":"2a4a6e890ef6700437c5433378c3c4f2eb7d5000","branchLabelMapping":{"^v8.12.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Docs","release_note:skip","docs","v8.11.0","Feature:ES|QL","v8.12.0"],"number":170226,"url":"https://github.com/elastic/kibana/pull/170226","mergeCommit":{"message":"[DOCS]
ES|QL pages in Kibana guide (#170226)\n\n## Summary\r\n\r\nTwo pages
about ES|QL added to the Kibana guide. One page (titled ES|QL)\r\nunder
the 'Kibana concepts' heading, which is an overview page. One
page\r\nadded to the 'Discover' section (titled Try ES|QL) which is a
short\r\ntutorial.\r\n\r\nRelates
to:\r\n[#244](https://github.com/elastic/platform-docs-team/issues/244)\r\n\r\n---------\r\n\r\nCo-authored-by:
Abdon Pijpelink
<[email protected]>","sha":"2a4a6e890ef6700437c5433378c3c4f2eb7d5000"}},"sourceBranch":"main","suggestedTargetBranches":["8.11"],"targetPullRequestStates":[{"branch":"8.11","label":"v8.11.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.12.0","labelRegex":"^v8.12.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/170226","number":170226,"mergeCommit":{"message":"[DOCS]
ES|QL pages in Kibana guide (#170226)\n\n## Summary\r\n\r\nTwo pages
about ES|QL added to the Kibana guide. One page (titled ES|QL)\r\nunder
the 'Kibana concepts' heading, which is an overview page. One
page\r\nadded to the 'Discover' section (titled Try ES|QL) which is a
short\r\ntutorial.\r\n\r\nRelates
to:\r\n[#244](https://github.com/elastic/platform-docs-team/issues/244)\r\n\r\n---------\r\n\r\nCo-authored-by:
Abdon Pijpelink
<[email protected]>","sha":"2a4a6e890ef6700437c5433378c3c4f2eb7d5000"}}]}]
BACKPORT-->

Co-authored-by: amyjtechwriter <[email protected]>

docs/concepts/esql.asciidoc

@@ -0,0 +1,40 @@
+[[esql]]
+=== {esql}
+
+preview::[]
+
+The Elasticsearch Query Language, {esql}, has been created to make exploring your data faster and easier using the **Discover** application. From version 8.11 you can try this new feature, which is enabled by default. 
+
+[role="screenshot"]
+image:images/esql-data-view-menu.png[An image of the Discover UI where users can access the {esql} feature, width=30%]
+
+This new piped language allows you to chain together multiple commands to query your data. Based on the query, Lens suggestions in Discover create a visualization of the query results.
+
+{esql} comes with its own dedicated {esql} Compute Engine for greater efficiency. From one query you can search, aggregate, calculate and perform data transformations without leaving **Discover**. Write your query directly in **Discover** or use the **Dev Tools** with the {ref}/esql-rest.html[{esql} API]. 
+
+{esql} also features in-app help, so you can get started faster and don't have to leave the application to check syntax. 
+
+[role="screenshot"]
+image:images/esql-in-app-help.png[An image of the Discover UI where users can browse the in-app help]
+
+For more detailed information about the {esql} language, refer to {ref}/esql-language.html[Learning {esql}].
+
+[float]
+[[esql-observability]]
+==== {observability}
+
+{esql} makes it much easier to analyze metrics, logs and traces from a single query. Find performance issues fast by defining fields on the fly, enriching data with lookups, and using simultaneous query processing. Combining {esql} with {ml} and AiOps can improve detection accuracy and use aggregated value thresholds.   
+
+[float]
+[[esql-security]]
+==== Security 
+
+Use {esql} to retrieve important information for investigation by using lookups. Enrich data and create new fields on the go to gain valuable insight for faster decision-making and actions. For example, perform a lookup on an IP address to identify its geographical location, its association with known malicious entities, or whether it belongs to a known cloud service provider all from one search bar. {esql} ensures more accurate alerts by incorporating aggregated values in detection rules.
+
+[float]
+[[esql-whats-next]]
+==== What's next?
+
+Full documentation for this language is available in the {es} documentation, refer to {ref}/esql.html[{esql}].
+
+Alternatively, a short tutorial is available in the **Discover** section <<try-esql, Try {esql}L>>.

docs/concepts/index.asciidoc

@@ -155,8 +155,11 @@ include::data-views.asciidoc[]
 
 include::set-time-filter.asciidoc[]
 
+include::esql.asciidoc[]
+
 include::kuery.asciidoc[]
 
 include::lucene.asciidoc[]
 
 include::save-query.asciidoc[]
+

docs/discover/try-esql.asciidoc

@@ -0,0 +1,91 @@
+[[try-esql]]
+== Try {esql}
+
+preview::[]
+
+The Elasticsearch Query Language, {esql}, makes it easier to explore your data without leaving Discover. 
+
+In this tutorial we'll use the {kib} sample web logs in Discover and Lens to explore the data and create visualizations. 
+
+[float]
+[[prerequisite]]
+=== Prerequisite 
+
+To be able to select **Try {esql}** from the Data views menu the `discover:enableESQL` setting must be enabled from **Stack Management > Advanced Settings**. It is enabled by default. 
+
+[float]
+[[tutorial-try-esql]]
+=== Trying {esql}
+
+To load the sample data:
+
+. On the home page, click **Try sample data**.
+. Click **Other sample data sets**.
+. On the Sample web logs card, click **Add data**.
+. Open the main menu and select *Discover*.
+. From the Data views menu, select *Try {esql}*.
+
+Let's say we want to find out what operating system users have and how much RAM is on their machine.  
+
+. Set the time range to **Last 7 days**.
+. Expand image:images/expand-icon-2.png[An image of the expand icon] the query bar.
+. Put each processing command on a new line for better readability.
+. Copy the query below:
++
+[source,esql]
+----
+FROM kibana_sample_data_logs 
+| KEEP machine.os, machine.ram
+----
++
+. Click **Update**.
++
+[role="screenshot"]
+image:images/esql-machine-os-ram.png[An image of the query result]
++
+[NOTE]
+====
+{esql} keywords are not case sensitive. 
+====
+
+Let's add `geo.dest` to our query, to find out the geographical destination of the visits, and limit the results. 
+
+. Copy the query below:
++
+[source,esql]
+----
+FROM kibana_sample_data_logs 
+| KEEP machine.os, machine.ram, geo.dest
+| LIMIT 10
+----
++
+. Click **Update**.
++
+[role="screenshot"]
+image:images/esql-limit.png[An image of the extended query result]
+
+Let's sort the data by machine ram and filter out the destination GB. 
+
+. Copy the query below:
++
+[source,esql]
+----
+FROM kibana_sample_data_logs 
+| KEEP machine.os, machine.ram, geo.dest
+| SORT machine.ram desc
+| WHERE geo.dest != "GB"
+| LIMIT 10
+----
++
+. Click **Update**.
++
+[role="screenshot"]
+image:images/esql-full-query.png[]
++
+. Click **Save** to save the query and visualization to a dashboard. 
+
+To make changes to the visualization you can use the visualization drop-down. To make changes to the colors used or the axes, or click the pencil icon. This opens an in-line editor where you can change the colors and axes of the visualization. 
+
+To learn more about {esql}, try other tutorials, see more examples and reference material, refer to {ref}/esql.html[{esql}].
+
+

docs/user/discover.asciidoc

@@ -346,4 +346,7 @@ include::{kib-repo-dir}/discover/field-statistics.asciidoc[]
 
 include::{kib-repo-dir}/discover/log-pattern-analysis.asciidoc[]
 
-include::{kib-repo-dir}/discover/search-sessions.asciidoc[]
+include::{kib-repo-dir}/discover/search-sessions.asciidoc[]
+
+include::{kib-repo-dir}/discover/try-esql.asciidoc[]
+