elastic · szabosteve · Feb 12, 2025 · Feb 12, 2025 · Feb 12, 2025 · Feb 12, 2025
@@ -122,7 +122,7 @@ In the following example, we’re adding 2 fields: A simple "Hello world" field,
 
 ### Visualize aggregated fields [_visualize_aggregated_fields]
 
-If a field can be [aggregated](../aggregations.md), you can quickly visualize it in detail by opening it in **Lens** from **Discover**. **Lens** is the default visualization editor in {{kib}}.
+If a field can be [aggregated](../query-filter/aggregations.md), you can quickly visualize it in detail by opening it in **Lens** from **Discover**. **Lens** is the default visualization editor in {{kib}}.
 
 1. In the list of fields, find an aggregatable field. For example, with the sample data, you can look for `day_of_week`.
    ![Top values for the day_of_week field](../../images/kibana-discover-day-of-week.png "title =60%")

@@ -48,7 +48,7 @@ Data is often messy and incomplete. [Ingest pipelines](../manage-data/ingest/tra
 
 ## Aggregate [geospatial-aggregate]
 
-[Aggregations](aggregations.md) summarizes your data as metrics, statistics, or other analytics. Use [bucket aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket.html) to group documents into buckets, also called bins, based on field values, ranges, or other criteria. Then, use [metric aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-metrics.html) to calculate metrics, such as a sum or average, from field values in each bucket. Compare metrics across buckets to gain insights from your data.
+[Aggregations](query-filter/aggregations.md) summarizes your data as metrics, statistics, or other analytics. Use [bucket aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket.html) to group documents into buckets, also called bins, based on field values, ranges, or other criteria. Then, use [metric aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-metrics.html) to calculate metrics, such as a sum or average, from field values in each bucket. Compare metrics across buckets to gain insights from your data.
 
 Geospatial bucket aggregations:
 

@@ -23,7 +23,7 @@ An aggregation summarizes your data as metrics, statistics, or other analytics.
 
 ## Run an aggregation [run-an-agg]
 
-You can run aggregations as part of a [search](../solutions/search/querying-for-search.md) by specifying the [search API](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-search.html)'s `aggs` parameter. The following search runs a [terms aggregation](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-terms-aggregation.html) on `my-field`:
+You can run aggregations as part of a [search](../../solutions/search/querying-for-search.md) by specifying the [search API](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-search.html)'s `aggs` parameter. The following search runs a [terms aggregation](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-terms-aggregation.html) on `my-field`:
 
 ```console
 GET /my-index-000001/_search
@@ -262,7 +262,7 @@ Some aggregations return a different aggregation type from the type in the reque
 
 ## Use scripts in an aggregation [use-scripts-in-an-agg] 
 
-When a field doesn’t exactly match the aggregation you need, you should aggregate on a [runtime field](../manage-data/data-store/mapping/runtime-fields.md):
+When a field doesn’t exactly match the aggregation you need, you should aggregate on a [runtime field](../../manage-data/data-store/mapping/runtime-fields.md):
 
 ```console
 GET /my-index-000001/_search?size=0

@@ -22,15 +22,15 @@ You’ll learn how to:
 
 You’ll need:
 
-1. A running instance of [{{es}}](../../get-started/deployment-options.md), either on {{serverless-full}} or together with {{kib}} on Elastic Cloud Hosted/Self Managed deployments.
+1. A running instance of [{{es}}](../../../get-started/deployment-options.md), either on {{serverless-full}} or together with {{kib}} on Elastic Cloud Hosted/Self Managed deployments.
 
-    * If you don’t have a deployment, you can run the following command in your terminal to set up a [local dev environment](../../solutions/search/get-started.md):
+    * If you don’t have a deployment, you can run the following command in your terminal to set up a [local dev environment](../../../solutions/search/get-started.md):
 
         ```sh
         curl -fsSL https://elastic.co/start-local | sh
         ```
 
-2. The [sample eCommerce data](../index.md#gs-get-data-into-kibana) loaded into {{es}}. To load sample data follow these steps in your UI:
+2. The [sample eCommerce data](../../index.md#gs-get-data-into-kibana) loaded into {{es}}. To load sample data follow these steps in your UI:
 
     * Open the **Integrations** pages by searching in the global search field.
     * Search for `sample data` in the **Integrations** search field.
@@ -40,7 +40,7 @@ You’ll need:
 
 ## Inspect index structure [aggregations-tutorial-inspect-data]
 
-Before we start analyzing the data, let’s examine the structure of the documents in our sample eCommerce index. Run this command to see the field [mappings](../../manage-data/data-store/index-basics.md#elasticsearch-intro-documents-fields-mappings):
+Before we start analyzing the data, let’s examine the structure of the documents in our sample eCommerce index. Run this command to see the field [mappings](../../../manage-data/data-store/index-basics.md#elasticsearch-intro-documents-fields-mappings):
 
 ```console
 GET kibana_sample_data_ecommerce/_mapping

@@ -48,7 +48,7 @@ You can also filter data using Query DSL. Filters enable you to include or exclu
 
 ### Analyze with Query DSL [search-analyze-data-query-dsl]
 
-[Aggregations](/explore-analyze/aggregations.md) are the primary tool for analyzing {{es}} data using Query DSL. Aggregations enable you to build complex summaries of your data and gain insight into key metrics, patterns, and trends.
+[Aggregations](../aggregations.md) are the primary tool for analyzing {{es}} data using Query DSL. Aggregations enable you to build complex summaries of your data and gain insight into key metrics, patterns, and trends.
 
 Because aggregations leverage the same data structures used for search, they are also very fast. This enables you to analyze and visualize your data in real time. You can search documents, filter results, and perform analytics at the same time, on the same data, in a single request. That means aggregations are calculated in the context of the search query.
 
@@ -58,7 +58,7 @@ The following aggregation types are available:
 * [Bucket](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket.html): Group documents into buckets based on field values, ranges, or other criteria.
 * [Pipeline](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-pipeline.html): Run aggregations on the results of other aggregations.
 
-Run aggregations by specifying the [search API](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-search.html)'s `aggs` parameter. Learn more in [Run an aggregation](/explore-analyze/aggregations.md#run-an-agg).
+Run aggregations by specifying the [search API](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-search.html)'s `aggs` parameter. Learn more in [Run an aggregation](/explore-analyze/query-filter/aggregations.md#run-an-agg).
 
 
 ## How does it work? [query-dsl]

@@ -36,7 +36,7 @@ Field values can be accessed from a script using [doc-values](#modules-scripting
 
 ### Accessing the score of a document within a script [scripting-score] 
 
-Scripts used in the [`function_score` query](https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-function-score-query.html), in [script-based sorting](https://www.elastic.co/guide/en/elasticsearch/reference/current/sort-search-results.html), or in [aggregations](../aggregations.md) have access to the `_score` variable which represents the current relevance score of a document.
+Scripts used in the [`function_score` query](https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-function-score-query.html), in [script-based sorting](https://www.elastic.co/guide/en/elasticsearch/reference/current/sort-search-results.html), or in [aggregations](../query-filter/aggregations.md) have access to the `_score` variable which represents the current relevance score of a document.
 
 Here’s an example of using a script in a [`function_score` query](https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-function-score-query.html) to alter the relevance `_score` of each document:
 

@@ -98,27 +98,10 @@ toc:
           - file: query-filter/tools/search-profiler.md
           - file: query-filter/tools/grok-debugger.md
           - file: query-filter/tools/playground.md
-      - file: query-filter/filtering.md
-  - file: scripting.md
-    children:
-      - file: scripting/modules-scripting-painless.md
-      - file: scripting/modules-scripting-using.md
-        children:
-          - file: scripting/scripts-search-speed.md
-          - file: scripting/dissect.md
-          - file: scripting/grok.md
-      - file: scripting/script-fields-api.md
-      - file: scripting/common-script-uses.md
+      - file: query-filter/aggregations.md
         children:
-          - file: scripting/scripting-field-extraction.md
-      - file: scripting/modules-scripting-fields.md
-      - file: scripting/modules-scripting-security.md
-      - file: scripting/modules-scripting-expression.md
-      - file: scripting/modules-scripting-engine.md
-      - file: scripting/painless-lab.md
-  - file: aggregations.md
-    children:
-      - file: aggregations/tutorial-analyze-ecommerce-data-with-aggregations-using-query-dsl.md
+          - file: query-filter/aggregations/tutorial-analyze-ecommerce-data-with-aggregations-using-query-dsl.md
+      - file: query-filter/filtering.md
   - file: geospatial-analysis.md
   - file: transforms.md
     children:
@@ -229,6 +212,23 @@ toc:
           - file: machine-learning/machine-learning-in-kibana/xpack-ml-dfanalytics.md
           - file: machine-learning/machine-learning-in-kibana/xpack-ml-aiops.md
           - file: machine-learning/machine-learning-in-kibana/inference-processing.md
+  - file: scripting.md
+    children:
+      - file: scripting/modules-scripting-painless.md
+      - file: scripting/modules-scripting-using.md
+        children:
+          - file: scripting/scripts-search-speed.md
+          - file: scripting/dissect.md
+          - file: scripting/grok.md
+      - file: scripting/script-fields-api.md
+      - file: scripting/common-script-uses.md
+        children:
+          - file: scripting/scripting-field-extraction.md
+      - file: scripting/modules-scripting-fields.md
+      - file: scripting/modules-scripting-security.md
+      - file: scripting/modules-scripting-expression.md
+      - file: scripting/modules-scripting-engine.md
+      - file: scripting/painless-lab.md
   - file: ai-assistant.md
   - file: discover.md
     children:

@@ -12,7 +12,7 @@ mapped_pages:
 # Plot big data [maps-aggregations]
 
 
-Use [aggregations](../../aggregations.md) to plot large data sets without overwhelming your network or your browser. When using aggregations, the documents stay in Elasticsearch and only the calculated values for each group are returned to your computer.
+Use [aggregations](../../query-filter/aggregations.md) to plot large data sets without overwhelming your network or your browser. When using aggregations, the documents stay in Elasticsearch and only the calculated values for each group are returned to your computer.
 
 Aggregations group your documents into buckets and calculate metrics for each bucket. Use metric aggregations for [data driven styling](vector-style.md#maps-vector-style-data-driven). For example, use the count aggregation to shade world countries by web log traffic.
 

@@ -114,7 +114,7 @@ This layer displays web log documents as points. The layer is only visible when
 
 ### Add a layer for aggregated data [_add_a_layer_for_aggregated_data]
 
-You’ll create a layer for [aggregated data](../../aggregations.md) and make it visible only when the map is zoomed out. Darker colors will symbolize grids with more web log traffic, and lighter colors will symbolize grids with less traffic. Larger circles will symbolize grids with more total bytes transferred, and smaller circles will symbolize grids with less bytes transferred.
+You’ll create a layer for [aggregated data](../../query-filter/aggregations.md) and make it visible only when the map is zoomed out. Darker colors will symbolize grids with more web log traffic, and lighter colors will symbolize grids with less traffic. Larger circles will symbolize grids with more total bytes transferred, and smaller circles will symbolize grids with less bytes transferred.
 
 1. Click **Add layer**, and select **Clusters**.
 2. Set **Data view** to **kibana_sample_data_logs**.

@@ -34,7 +34,7 @@ Runtime fields can replace many of the ways you can use scripting with the `_sea
 
 You can use [script fields](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-fields.html#script-fields) to access values in `_source` and return calculated values based on a script valuation. Runtime fields have the same capabilities, but provide greater flexibility because you can query and aggregate on runtime fields in a search request. Script fields can only fetch values.
 
-Similarly, you could write a [script query](https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-script-query.html) that filters documents in a search request based on a script. Runtime fields provide a very similar feature that is more flexible. You write a script to create field values and they are available everywhere, such as [`fields`](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-fields.html), [all queries](../../../explore-analyze/query-filter/languages/querydsl.md), and [aggregations](../../../explore-analyze/aggregations.md).
+Similarly, you could write a [script query](https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-script-query.html) that filters documents in a search request based on a script. Runtime fields provide a very similar feature that is more flexible. You write a script to create field values and they are available everywhere, such as [`fields`](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-fields.html), [all queries](../../../explore-analyze/query-filter/languages/querydsl.md), and [aggregations](../../../explore-analyze/query-filter/aggregations.md).
 
 You can also use scripts to [sort search results](https://www.elastic.co/guide/en/elasticsearch/reference/current/sort-search-results.html#script-based-sorting), but that same script works exactly the same in a runtime field.
 

@@ -11,7 +11,7 @@ These features are available on all Elastic deployment types: self-managed clust
 
 ## Data analysis [_data_analysis]
 
-[Aggregations](../../../explore-analyze/aggregations.md)
+[Aggregations](../../../explore-analyze/query-filter/aggregations.md)
 :   Use aggregations in your [`_search` API](https://www.elastic.co/docs/api/doc/elasticsearch-serverless/operation/operation-search#operation-search-body-application-json-aggregations) requests to summarize your data as metrics, statistics, or other analytics.
 
 $$$elasticsearch-explore-your-data-discover-your-data$$$

@@ -336,4 +336,4 @@ The results should show an aggregate of logs that occurred within your timestamp
 }
 ```
 
-For more on aggregation types and available aggregations, refer to the [Aggregations](../../../explore-analyze/aggregations.md) documentation.
+For more on aggregation types and available aggregations, refer to the [Aggregations](../../../explore-analyze/query-filter/aggregations.md) documentation.
@@ -49,7 +49,7 @@ You can also filter data using Query DSL. Filters enable you to include or exclu
 
 #### Analyze with Query DSL [search-analyze-data-query-dsl]
 
-[Aggregations](../../../explore-analyze/aggregations.md) are the primary tool for analyzing {{es}} data using Query DSL. Aggregrations enable you to build complex summaries of your data and gain insight into key metrics, patterns, and trends.
+[Aggregations](../../../explore-analyze/query-filter/aggregations.md) are the primary tool for analyzing {{es}} data using Query DSL. Aggregrations enable you to build complex summaries of your data and gain insight into key metrics, patterns, and trends.
 
 Because aggregations leverage the same data structures used for search, they are also very fast. This enables you to analyze and visualize your data in real time. You can search documents, filter results, and perform analytics at the same time, on the same data, in a single request. That means aggregations are calculated in the context of the search query.
 
@@ -59,7 +59,7 @@ The folowing aggregation types are available:
 * [Bucket](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket.html): Group documents into buckets based on field values, ranges, or other criteria.
 * [Pipeline](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-pipeline.html): Run aggregations on the results of other aggregations.
 
-Run aggregations by specifying the [search API](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-search.html)'s `aggs` parameter. Learn more in [Run an aggregation](../../../explore-analyze/aggregations.md#run-an-agg).
+Run aggregations by specifying the [search API](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-search.html)'s `aggs` parameter. Learn more in [Run an aggregation](../../../explore-analyze/query-filter/aggregations.md#run-an-agg).
 
 
 ### {{esql}} [search-analyze-data-esql]

@@ -7,7 +7,7 @@ The shard-level request cache module caches the local results on each shard. Thi
 You can control the size and expiration of the cache at the node level using the [shard request cache settings](https://www.elastic.co/guide/en/elasticsearch/reference/current/shard-request-cache-settings.html).
 
 ::::{important} 
-By default, the requests cache will only cache the results of search requests where `size=0`, so it will not cache `hits`, but it will cache `hits.total`,  [aggregations](../../../explore-analyze/aggregations.md), and [suggestions](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-suggesters.html).
+By default, the requests cache will only cache the results of search requests where `size=0`, so it will not cache `hits`, but it will cache `hits.total`,  [aggregations](../../../explore-analyze/query-filter/aggregations.md), and [suggestions](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-suggesters.html).
 
 Most queries that use `now` (see [Date Math](https://www.elastic.co/guide/en/elasticsearch/reference/current/common-options.html#date-math)) cannot be cached.
 

@@ -334,4 +334,4 @@ The results should show an aggregate of logs that occurred within your timestamp
 }
 ```
 
-For more on aggregation types and available aggregations, refer to the [Aggregations](../../../explore-analyze/aggregations.md) documentation.
+For more on aggregation types and available aggregations, refer to the [Aggregations](../../../explore-analyze/query-filter/aggregations.md) documentation.
-Original file line number
+Diff line change
@@ Expand Up @@
     }
     ```
-    For more on aggregation types and available aggregations, refer to the [Aggregations](../../../explore-analyze/aggregations.md) documentation.
+    For more on aggregation types and available aggregations, refer to the [Aggregations](../../../explore-analyze/query-filter/aggregations.md) documentation.