Skip to content

Commit cc02dcf

Browse files
dnhatnafoucret
dnhatn
authored and
afoucret
committed
Support window in more time-series aggregations (elastic#138456)
This change adds support for window functions for additional time-series aggregations, including `min_over_time`, `max_over_time`, `first_over_time`, `count_over_time`, and `sum_over_time`. These changes are straightforward. The main update in this PR is how the window is expanded before sliding over the partial results. For example, given these data points: ``` |_tsid| cluster| host | timestamp | metric | | t1 | prod | h1 | 2025-04-15T01:12:00Z | 100 | | t2 | prod | h2 | 2025-04-15T01:14:00Z | 200 | ``` With `bucket=5s` and no window: ``` TS ... | WHERE TRANGE('2025-04-15T01:10:00Z', '2025-04-15T01:15:00Z') | STATS sum(sum_over_time(metric)) BY host, TBUCKET(5s) ``` Yields: ``` cluster | bucket | SUM | prod | 2025-04-15T01:10:00Z | 300 | ``` With a window=5s: ``` TS ... | WHERE TRANGE('2025-04-15T01:10:00Z', '2025-04-15T01:15:00Z') | STATS sum(sum_over_time(metric, 5s)) BY host, TBUCKET(1s) ``` Yields: ``` cluster | bucket | SUM | prod | 2025-04-15T01:12:00Z | 100 | prod | 2025-04-15T01:14:00Z | 200 | ``` Ideally, all buckets from `2025-04-15T01:10:00Z` to `2025-04-15T01:14:00Z` should be generated: ``` cluster | bucket | SUM | prod | 2025-04-15T01:10:00Z | 300 | prod | 2025-04-15T01:11:00Z | 300 | prod | 2025-04-15T01:12:00Z | 300 | prod | 2025-04-15T01:13:00Z | 200 | prod | 2025-04-15T01:14:00Z | 200 | ``` With this change, buckets are expanded as if sliding over the raw input before combining for the final results.
1 parent 47d97d8 commit cc02dcf

File tree

47 files changed

+847
-139
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

47 files changed

+847
-139
lines changed

docs/reference/query-languages/esql/_snippets/functions/parameters/count_over_time.md

Lines changed: 3 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

docs/reference/query-languages/esql/_snippets/functions/parameters/first_over_time.md

Lines changed: 3 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

docs/reference/query-languages/esql/_snippets/functions/parameters/max_over_time.md

Lines changed: 3 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

docs/reference/query-languages/esql/_snippets/functions/parameters/min_over_time.md

Lines changed: 3 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

docs/reference/query-languages/esql/_snippets/functions/parameters/sum_over_time.md

Lines changed: 3 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

docs/reference/query-languages/esql/_snippets/functions/types/count_over_time.md

Lines changed: 21 additions & 21 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

docs/reference/query-languages/esql/_snippets/functions/types/first_over_time.md

Lines changed: 8 additions & 8 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

docs/reference/query-languages/esql/_snippets/functions/types/max_over_time.md

Lines changed: 14 additions & 14 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

docs/reference/query-languages/esql/_snippets/functions/types/min_over_time.md

Lines changed: 14 additions & 14 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

docs/reference/query-languages/esql/_snippets/functions/types/sum_over_time.md

Lines changed: 6 additions & 6 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)