## WHERE

The `WHERE` command in ES|QL is a processing command that produces a table containing all the rows from the input table for which the provided condition evaluates to true. This command is particularly useful in filtering data based on specific conditions. 

The `WHERE` command supports various functions and operators, including date math for retrieving data from a specific time range, `LIKE` and `RLIKE` for filtering data based on string patterns, and the `IN` operator for testing whether a field or expression equals an element in a list of literals, fields, or expressions.

However, it's important to note that the `WHERE` command has certain limitations. For instance, it does not support configurations where the `_source` field is disabled. Also, full-text search is not yet supported because of the way ES|QL treats `text` values.

### Syntax:

`WHERE expression`

#### Parameters:

- `expression`: A boolean expression.

### Examples:

Here are some examples of how the `WHERE` command can be used in different scenarios:

1. Filtering employees who are still hired:

    ```esql
FROM employees
| KEEP first_name, last_name, still_hired
| WHERE still_hired == true
```

2. Retrieving the last hour of logs:

    ```esql
FROM sample_data
| WHERE @timestamp > NOW() - 1 hour
```

3. Filtering employees based on the length of their first name:

    ```esql
FROM employees
| KEEP first_name, last_name, height
| WHERE LENGTH(first_name) < 4
```

4. Filtering data based on string patterns using `LIKE`:

    ```esql
FROM employees
| WHERE first_name LIKE "?b*"
| KEEP first_name, last_name
```

5. Filtering data based on string patterns using `RLIKE`:

    ```esql
FROM employees
| WHERE first_name RLIKE ".leja.*"
| KEEP first_name, last_name
```

6. Using the `IN` operator to test whether a field or expression equals an element in a list:

    ```esql
ROW a = 1, b = 4, c = 3
| WHERE c-a IN (3, b / 2, a)
```