Skip to content

Commit ade7ee1

Browse files
limotovalimotova
committed
count, first, last, sum, more avg
1 parent 2fac0c2 commit ade7ee1

File tree

5 files changed

+524
-0
lines changed

5 files changed

+524
-0
lines changed

x-pack/plugin/esql/qa/testFixtures/src/main/resources/k8s-timeseries-avg-over-time.csv-spec

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -221,3 +221,31 @@ bytes:double | pod:keyword | time_bucket:datetime
221221
1806.3333333333333 | two | 2024-05-09T23:50:00.000Z
222222
1760.8666666666668 | three | 2024-05-09T23:40:00.000Z
223223
;
224+
225+
avg_over_time_nested_expression
226+
required_capability: metrics_command
227+
required_capability: avg_over_time
228+
required_capability: k8s_dataset_additional_fields
229+
TS k8s | STATS sum = sum(avg_over_time(network.eth0.rx % 2)) by pod, time_bucket = bucket(@timestamp, 1minute) | SORT sum desc, time_bucket | LIMIT 5;
230+
231+
sum:double | pod:keyword | time_bucket:datetime
232+
3.0 | three | 2024-05-10T00:17:00.000Z
233+
2.333333333333333 | one | 2024-05-10T00:18:00.000Z
234+
2.0 | three | 2024-05-10T00:02:00.000Z
235+
2.0 | three | 2024-05-10T00:09:00.000Z
236+
2.0 | three | 2024-05-10T00:12:00.000Z
237+
;
238+
239+
avg_over_time_nested_expression_in_grouping_with_alias
240+
required_capability: metrics_command
241+
required_capability: avg_over_time
242+
required_capability: k8s_dataset_additional_fields
243+
TS k8s | STATS min = min(avg_over_time(network.bytes_in)) by rx = (network.eth0.rx + 2000), time_bucket = bucket(@timestamp, 1minute) | SORT rx desc, time_bucket | LIMIT 5;
244+
245+
min:double | rx:long | time_bucket:datetime
246+
557.0 | 3398 | 2024-05-10T00:21:00.000Z
247+
206.0 | 3398 | 2024-05-10T00:22:00.000Z
248+
557.0 | 3300 | 2024-05-10T00:21:00.000Z
249+
312.0 | 3262 | 2024-05-10T00:18:00.000Z
250+
312.0 | 3206 | 2024-05-10T00:18:00.000Z
251+
;

x-pack/plugin/esql/qa/testFixtures/src/main/resources/k8s-timeseries-count-over-time.csv-spec

Whitespace-only changes.

x-pack/plugin/esql/qa/testFixtures/src/main/resources/k8s-timeseries-first-over-time.csv-spec

Lines changed: 122 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,122 @@
1+
first_over_time_of_integer_grouping
2+
required_capability: metrics_command
3+
required_capability: first_over_time
4+
required_capability: k8s_dataset_additional_fields
5+
TS k8s | STATS clients = avg(first_over_time(network.eth0.currently_connected_clients)) BY cluster, time_bucket = bucket(@timestamp,1minute) | SORT time_bucket, cluster | LIMIT 10;
6+
7+
clients:double | cluster:keyword | time_bucket:datetime
8+
949.0 | prod | 2024-05-10T00:00:00.000Z
9+
615.5 | staging | 2024-05-10T00:00:00.000Z
10+
396.5 | prod | 2024-05-10T00:01:00.000Z
11+
440.0 | qa | 2024-05-10T00:01:00.000Z
12+
659.5 | prod | 2024-05-10T00:02:00.000Z
13+
565.0 | qa | 2024-05-10T00:02:00.000Z
14+
426.5 | staging | 2024-05-10T00:02:00.000Z
15+
742.0 | prod | 2024-05-10T00:03:00.000Z
16+
407.5 | qa | 2024-05-10T00:03:00.000Z
17+
672.0 | staging | 2024-05-10T00:03:00.000Z
18+
;
19+
20+
first_over_time_with_filtering
21+
required_capability: metrics_command
22+
required_capability: first_over_time
23+
TS k8s | WHERE pod == "one" | STATS tx = sum(first_over_time(network.bytes_in)) BY cluster, time_bucket = bucket(@timestamp, 10minute) | SORT time_bucket, cluster | LIMIT 10;
24+
25+
tx:long | cluster:keyword | time_bucket:datetime
26+
354 | prod | 2024-05-10T00:00:00.000Z
27+
278 | qa | 2024-05-10T00:00:00.000Z
28+
626 | staging | 2024-05-10T00:00:00.000Z
29+
262 | prod | 2024-05-10T00:10:00.000Z
30+
114 | qa | 2024-05-10T00:10:00.000Z
31+
604 | staging | 2024-05-10T00:10:00.000Z
32+
953 | prod | 2024-05-10T00:20:00.000Z
33+
917 | qa | 2024-05-10T00:20:00.000Z
34+
749 | staging | 2024-05-10T00:20:00.000Z
35+
;
36+
37+
first_over_time_older_than_10d
38+
required_capability: metrics_command
39+
required_capability: first_over_time
40+
TS k8s | WHERE cluster == "qa" AND @timestamp < now() - 10 day | STATS cost = avg(first_over_time(network.eth0.rx)) BY pod, time_bucket = bucket(@timestamp, 10minute) | SORT time_bucket, pod | LIMIT 5;
41+
42+
cost:double | pod:keyword | time_bucket:datetime
43+
63.0 | one | 2024-05-10T00:00:00.000Z
44+
23.0 | three | 2024-05-10T00:00:00.000Z
45+
6.0 | two | 2024-05-10T00:00:00.000Z
46+
824.0 | one | 2024-05-10T00:10:00.000Z
47+
583.0 | three | 2024-05-10T00:10:00.000Z
48+
;
49+
50+
eval_on_first_over_time
51+
required_capability: metrics_command
52+
required_capability: first_over_time
53+
TS k8s | STATS max_bytes = avg(first_over_time(network.bytes_in)) BY cluster, time_bucket = bucket(@timestamp, 10minute) | EVAL kb_minus_offset = (max_bytes - 100) / 1000.0 | LIMIT 10 | SORT time_bucket, cluster ;
54+
55+
max_bytes:double | cluster:keyword | time_bucket:datetime | kb_minus_offset:double
56+
424.6666666666667 | prod | 2024-05-10T00:00:00.000Z | 0.32466666666666666
57+
554.0 | qa | 2024-05-10T00:00:00.000Z | 0.454
58+
599.3333333333334 | staging | 2024-05-10T00:00:00.000Z | 0.49933333333333335
59+
377.3333333333333 | prod | 2024-05-10T00:10:00.000Z | 0.2773333333333333
60+
104.33333333333333 | qa | 2024-05-10T00:10:00.000Z | 0.004333333333333329
61+
286.0 | staging | 2024-05-10T00:10:00.000Z | 0.186
62+
801.6666666666666 | prod | 2024-05-10T00:20:00.000Z | 0.7016666666666667
63+
941.6666666666666 | qa | 2024-05-10T00:20:00.000Z | 0.8416666666666667
64+
586.3333333333334 | staging | 2024-05-10T00:20:00.000Z | 0.4863333333333334
65+
;
66+
67+
first_over_time_multi_values
68+
required_capability: metrics_command
69+
required_capability: first_over_time
70+
required_capability: k8s_dataset_additional_fields
71+
TS k8s | WHERE @timestamp < "2024-05-10T00:10:00.000Z" | STATS events = sum(first_over_time(events_received)) by pod, time_bucket = bucket(@timestamp, 1minute) | SORT events desc, time_bucket | LIMIT 10;
72+
73+
events:long | pod:keyword | time_bucket:datetime
74+
22 | one | 2024-05-10T00:09:00.000Z
75+
21 | two | 2024-05-10T00:02:00.000Z
76+
18 | one | 2024-05-10T00:01:00.000Z
77+
14 | three | 2024-05-10T00:00:00.000Z
78+
13 | one | 2024-05-10T00:08:00.000Z
79+
11 | three | 2024-05-10T00:09:00.000Z
80+
11 | two | 2024-05-10T00:09:00.000Z
81+
9 | two | 2024-05-10T00:00:00.000Z
82+
9 | three | 2024-05-10T00:02:00.000Z
83+
8 | two | 2024-05-10T00:03:00.000Z
84+
;
85+
86+
first_over_time_null_values
87+
required_capability: metrics_command
88+
required_capability: first_over_time
89+
required_capability: k8s_dataset_additional_fields
90+
TS k8s | WHERE @timestamp > "2024-05-10T00:10:00.000Z" and @timestamp < "2024-05-10T00:15:00.000Z" | STATS events = sum(first_over_time(events_received)) by pod, time_bucket = bucket(@timestamp, 1minute) | SORT events desc, time_bucket | LIMIT 10;
91+
92+
events:long | pod:keyword | time_bucket:datetime
93+
null | one | 2024-05-10T00:12:00.000Z
94+
null | two | 2024-05-10T00:13:00.000Z
95+
20 | two | 2024-05-10T00:14:00.000Z
96+
17 | one | 2024-05-10T00:13:00.000Z
97+
16 | two | 2024-05-10T00:12:00.000Z
98+
16 | one | 2024-05-10T00:14:00.000Z
99+
11 | one | 2024-05-10T00:10:00.000Z
100+
9 | one | 2024-05-10T00:11:00.000Z
101+
7 | two | 2024-05-10T00:10:00.000Z
102+
7 | three | 2024-05-10T00:12:00.000Z
103+
;
104+
105+
first_over_time_all_value_types
106+
required_capability: metrics_command
107+
required_capability: first_over_time
108+
required_capability: k8s_dataset_additional_fields
109+
TS k8s | STATS events = sum(first_over_time(events_received)) by pod, time_bucket = bucket(@timestamp, 10minute) | SORT events desc, pod, time_bucket | LIMIT 10 ;
110+
111+
events:long | pod:keyword | time_bucket:datetime
112+
26 | two | 2024-05-10T00:10:00.000Z
113+
24 | two | 2024-05-10T00:00:00.000Z
114+
20 | one | 2024-05-10T00:10:00.000Z
115+
19 | one | 2024-05-10T00:20:00.000Z
116+
18 | one | 2024-05-10T00:00:00.000Z
117+
18 | three | 2024-05-10T00:00:00.000Z
118+
14 | three | 2024-05-10T00:20:00.000Z
119+
7 | three | 2024-05-10T00:10:00.000Z
120+
6 | two | 2024-05-10T00:20:00.000Z
121+
;
122+

x-pack/plugin/esql/qa/testFixtures/src/main/resources/k8s-timeseries-last-over-time.csv-spec

Lines changed: 122 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,122 @@
1+
last_over_time_of_integer_grouping
2+
required_capability: metrics_command
3+
required_capability: last_over_time
4+
required_capability: k8s_dataset_additional_fields
5+
TS k8s | STATS clients = avg(last_over_time(network.eth0.currently_connected_clients)) BY cluster, time_bucket = bucket(@timestamp,1minute) | SORT time_bucket, cluster | LIMIT 10;
6+
7+
clients:double | cluster:keyword | time_bucket:datetime
8+
429.0 | prod | 2024-05-10T00:00:00.000Z
9+
615.5 | staging | 2024-05-10T00:00:00.000Z
10+
396.5 | prod | 2024-05-10T00:01:00.000Z
11+
440.0 | qa | 2024-05-10T00:01:00.000Z
12+
632.5 | prod | 2024-05-10T00:02:00.000Z
13+
565.0 | qa | 2024-05-10T00:02:00.000Z
14+
205.0 | staging | 2024-05-10T00:02:00.000Z
15+
742.0 | prod | 2024-05-10T00:03:00.000Z
16+
454.0 | qa | 2024-05-10T00:03:00.000Z
17+
357.0 | staging | 2024-05-10T00:03:00.000Z
18+
;
19+
20+
last_over_time_with_filtering
21+
required_capability: metrics_command
22+
required_capability: last_over_time
23+
TS k8s | WHERE pod == "one" | STATS tx = sum(last_over_time(network.bytes_in)) BY cluster, time_bucket = bucket(@timestamp, 10minute) | SORT time_bucket, cluster | LIMIT 10;
24+
25+
tx:long | cluster:keyword | time_bucket:datetime
26+
3 | prod | 2024-05-10T00:00:00.000Z
27+
830 | qa | 2024-05-10T00:00:00.000Z
28+
753 | staging | 2024-05-10T00:00:00.000Z
29+
542 | prod | 2024-05-10T00:10:00.000Z
30+
187 | qa | 2024-05-10T00:10:00.000Z
31+
4 | staging | 2024-05-10T00:10:00.000Z
32+
931 | prod | 2024-05-10T00:20:00.000Z
33+
206 | qa | 2024-05-10T00:20:00.000Z
34+
238 | staging | 2024-05-10T00:20:00.000Z
35+
;
36+
37+
last_over_time_older_than_10d
38+
required_capability: metrics_command
39+
required_capability: last_over_time
40+
TS k8s | WHERE cluster == "qa" AND @timestamp < now() - 10 day | STATS cost = avg(last_over_time(network.eth0.rx)) BY pod, time_bucket = bucket(@timestamp, 10minute) | SORT time_bucket, pod | LIMIT 5;
41+
42+
cost:double | pod:keyword | time_bucket:datetime
43+
818.0 | one | 2024-05-10T00:00:00.000Z
44+
529.0 | three | 2024-05-10T00:00:00.000Z
45+
620.0 | two | 2024-05-10T00:00:00.000Z
46+
1262.0 | one | 2024-05-10T00:10:00.000Z
47+
1038.0 | three | 2024-05-10T00:10:00.000Z
48+
;
49+
50+
eval_on_last_over_time
51+
required_capability: metrics_command
52+
required_capability: last_over_time
53+
TS k8s | STATS max_bytes = avg(last_over_time(network.bytes_in)) BY cluster, time_bucket = bucket(@timestamp, 10minute) | EVAL kb_minus_offset = (max_bytes - 100) / 1000.0 | LIMIT 10 | SORT time_bucket, cluster ;
54+
55+
max_bytes:double | cluster:keyword | time_bucket:datetime | kb_minus_offset:double
56+
225.0 | prod | 2024-05-10T00:00:00.000Z | 0.125
57+
485.6666666666667 | qa | 2024-05-10T00:00:00.000Z | 0.3856666666666667
58+
572.6666666666666 | staging | 2024-05-10T00:00:00.000Z | 0.4726666666666666
59+
517.6666666666666 | prod | 2024-05-10T00:10:00.000Z | 0.41766666666666663
60+
426.6666666666667 | qa | 2024-05-10T00:10:00.000Z | 0.32666666666666666
61+
482.3333333333333 | staging | 2024-05-10T00:10:00.000Z | 0.3823333333333333
62+
839.0 | prod | 2024-05-10T00:20:00.000Z | 0.739
63+
697.0 | qa | 2024-05-10T00:20:00.000Z | 0.597
64+
81.33333333333333 | staging | 2024-05-10T00:20:00.000Z | -0.01866666666666667
65+
;
66+
67+
last_over_time_multi_values
68+
required_capability: metrics_command
69+
required_capability: last_over_time
70+
required_capability: k8s_dataset_additional_fields
71+
TS k8s | WHERE @timestamp < "2024-05-10T00:10:00.000Z" | STATS events = sum(last_over_time(events_received)) by pod, time_bucket = bucket(@timestamp, 1minute) | SORT events desc, time_bucket | LIMIT 10;
72+
73+
events:long | pod:keyword | time_bucket:datetime
74+
18 | one | 2024-05-10T00:01:00.000Z
75+
16 | one | 2024-05-10T00:08:00.000Z
76+
12 | three | 2024-05-10T00:00:00.000Z
77+
12 | one | 2024-05-10T00:03:00.000Z
78+
12 | two | 2024-05-10T00:09:00.000Z
79+
10 | two | 2024-05-10T00:02:00.000Z
80+
10 | two | 2024-05-10T00:04:00.000Z
81+
10 | three | 2024-05-10T00:06:00.000Z
82+
9 | two | 2024-05-10T00:00:00.000Z
83+
9 | three | 2024-05-10T00:02:00.000Z
84+
;
85+
86+
last_over_time_null_values
87+
required_capability: metrics_command
88+
required_capability: last_over_time
89+
required_capability: k8s_dataset_additional_fields
90+
TS k8s | WHERE @timestamp > "2024-05-10T00:10:00.000Z" and @timestamp < "2024-05-10T00:15:00.000Z" | STATS events = sum(last_over_time(events_received)) by pod, time_bucket = bucket(@timestamp, 1minute) | SORT events desc, time_bucket | LIMIT 10;
91+
92+
events:long | pod:keyword | time_bucket:datetime
93+
null | one | 2024-05-10T00:12:00.000Z
94+
null | two | 2024-05-10T00:13:00.000Z
95+
20 | two | 2024-05-10T00:14:00.000Z
96+
18 | two | 2024-05-10T00:12:00.000Z
97+
16 | one | 2024-05-10T00:13:00.000Z
98+
16 | one | 2024-05-10T00:14:00.000Z
99+
11 | one | 2024-05-10T00:10:00.000Z
100+
9 | one | 2024-05-10T00:11:00.000Z
101+
9 | three | 2024-05-10T00:13:00.000Z
102+
7 | two | 2024-05-10T00:10:00.000Z
103+
;
104+
105+
last_over_time_all_value_types
106+
required_capability: metrics_command
107+
required_capability: last_over_time
108+
required_capability: k8s_dataset_additional_fields
109+
TS k8s | STATS events = sum(last_over_time(events_received)) by pod, time_bucket = bucket(@timestamp, 10minute) | SORT events desc, pod, time_bucket | LIMIT 10 ;
110+
111+
events:long | pod:keyword | time_bucket:datetime
112+
21 | three | 2024-05-10T00:10:00.000Z
113+
20 | one | 2024-05-10T00:10:00.000Z
114+
15 | one | 2024-05-10T00:20:00.000Z
115+
15 | three | 2024-05-10T00:20:00.000Z
116+
13 | two | 2024-05-10T00:10:00.000Z
117+
12 | two | 2024-05-10T00:00:00.000Z
118+
9 | one | 2024-05-10T00:00:00.000Z
119+
9 | three | 2024-05-10T00:00:00.000Z
120+
5 | two | 2024-05-10T00:20:00.000Z
121+
;
122+

0 commit comments

Comments
 (0)