From 56579e47e9319c0855e316a57416e9ec3d99ea13 Mon Sep 17 00:00:00 2001 From: Liam Thompson Date: Tue, 19 Aug 2025 17:23:15 +0200 Subject: [PATCH 1/4] [DOCS] Split ESQL commands into standalone pages (#133073) (cherry picked from commit 7c2a1fb67e70dc4c807bb3cdd351e2cc83ccae42) # Conflicts: # docs/reference/query-languages/esql/_snippets/commands/layout/rerank.md # docs/reference/query-languages/esql/_snippets/commands/layout/ts.md # docs/reference/query-languages/esql/_snippets/lists/processing-commands.md # docs/reference/query-languages/esql/commands/processing-commands.md --- docs/redirects.yml | 65 ++++++++++++++++++- .../_snippets/commands/layout/change_point.md | 10 ++- .../_snippets/commands/layout/completion.md | 1 - .../esql/_snippets/commands/layout/dissect.md | 5 +- .../esql/_snippets/commands/layout/drop.md | 5 +- .../esql/_snippets/commands/layout/enrich.md | 5 +- .../esql/_snippets/commands/layout/eval.md | 5 +- .../esql/_snippets/commands/layout/fork.md | 2 - .../esql/_snippets/commands/layout/from.md | 5 +- .../esql/_snippets/commands/layout/grok.md | 5 +- .../esql/_snippets/commands/layout/keep.md | 5 +- .../esql/_snippets/commands/layout/limit.md | 5 +- .../_snippets/commands/layout/lookup-join.md | 2 - .../_snippets/commands/layout/mv_expand.md | 13 ++-- .../esql/_snippets/commands/layout/rename.md | 5 +- .../esql/_snippets/commands/layout/row.md | 5 +- .../esql/_snippets/commands/layout/sample.md | 2 - .../esql/_snippets/commands/layout/show.md | 5 +- .../esql/_snippets/commands/layout/sort.md | 5 +- .../_snippets/commands/layout/stats-by.md | 5 +- .../esql/_snippets/commands/layout/where.md | 5 +- .../common/result-set-size-limitation.md | 4 +- .../_snippets/functions/examples/bucket.md | 4 +- .../_snippets/functions/examples/count.md | 2 +- .../functions/examples/date_trunc.md | 3 +- .../_snippets/lists/processing-commands.md | 34 +++++----- .../esql/_snippets/lists/source-commands.md | 6 +- .../esql/commands/change-point.md | 10 +++ .../esql/commands/completion.md | 10 +++ .../query-languages/esql/commands/dissect.md | 10 +++ .../query-languages/esql/commands/drop.md | 10 +++ .../query-languages/esql/commands/enrich.md | 10 +++ .../query-languages/esql/commands/eval.md | 10 +++ .../query-languages/esql/commands/fork.md | 10 +++ .../query-languages/esql/commands/from.md | 10 +++ .../query-languages/esql/commands/grok.md | 10 +++ .../query-languages/esql/commands/keep.md | 10 +++ .../query-languages/esql/commands/limit.md | 10 +++ .../esql/commands/lookup-join.md | 10 +++ .../esql/commands/mv_expand.md | 10 +++ .../esql/commands/processing-commands.md | 54 +-------------- .../query-languages/esql/commands/rename.md | 10 +++ .../query-languages/esql/commands/rerank.md | 10 +++ .../query-languages/esql/commands/row.md | 10 +++ .../query-languages/esql/commands/sample.md | 10 +++ .../query-languages/esql/commands/show.md | 10 +++ .../query-languages/esql/commands/sort.md | 10 +++ .../esql/commands/source-commands.md | 12 +--- .../query-languages/esql/commands/stats-by.md | 10 +++ .../query-languages/esql/commands/where.md | 10 +++ .../query-languages/esql/esql-commands.md | 30 ++------- .../query-languages/esql/esql-enrich-data.md | 8 +-- .../query-languages/esql/esql-lookup-join.md | 8 +-- .../esql/esql-metadata-fields.md | 2 +- .../esql-process-data-with-dissect-grok.md | 6 +- .../aggregation-functions.md | 2 +- .../functions-operators/grouping-functions.md | 2 +- .../query-languages/esql/limitations.md | 16 ++--- docs/reference/query-languages/toc.yml | 23 +++++++ .../expression/function/aggregate/Count.java | 2 +- .../expression/function/grouping/Bucket.java | 4 +- .../function/scalar/date/DateTrunc.java | 5 +- 62 files changed, 427 insertions(+), 175 deletions(-) create mode 100644 docs/reference/query-languages/esql/commands/change-point.md create mode 100644 docs/reference/query-languages/esql/commands/completion.md create mode 100644 docs/reference/query-languages/esql/commands/dissect.md create mode 100644 docs/reference/query-languages/esql/commands/drop.md create mode 100644 docs/reference/query-languages/esql/commands/enrich.md create mode 100644 docs/reference/query-languages/esql/commands/eval.md create mode 100644 docs/reference/query-languages/esql/commands/fork.md create mode 100644 docs/reference/query-languages/esql/commands/from.md create mode 100644 docs/reference/query-languages/esql/commands/grok.md create mode 100644 docs/reference/query-languages/esql/commands/keep.md create mode 100644 docs/reference/query-languages/esql/commands/limit.md create mode 100644 docs/reference/query-languages/esql/commands/lookup-join.md create mode 100644 docs/reference/query-languages/esql/commands/mv_expand.md create mode 100644 docs/reference/query-languages/esql/commands/rename.md create mode 100644 docs/reference/query-languages/esql/commands/rerank.md create mode 100644 docs/reference/query-languages/esql/commands/row.md create mode 100644 docs/reference/query-languages/esql/commands/sample.md create mode 100644 docs/reference/query-languages/esql/commands/show.md create mode 100644 docs/reference/query-languages/esql/commands/sort.md create mode 100644 docs/reference/query-languages/esql/commands/stats-by.md create mode 100644 docs/reference/query-languages/esql/commands/where.md diff --git a/docs/redirects.yml b/docs/redirects.yml index 27a4ae08ad6ca..646937892e06a 100644 --- a/docs/redirects.yml +++ b/docs/redirects.yml @@ -22,4 +22,67 @@ redirects: - to: 'reference/elasticsearch/rest-apis/retrievers/rule-retriever.md' anchors: {'rule-retriever'} - to: 'reference/elasticsearch/rest-apis/retrievers/pinned-retriever.md' - anchors: {'pinned-retriever'} \ No newline at end of file + anchors: {'pinned-retriever'} + + # ESQL command redirects - split from aggregate pages to individual pages + 'reference/query-languages/esql/commands/source-commands.md': + to: 'reference/query-languages/esql/commands/source-commands.md' + anchors: {} # pass-through unlisted anchors in the `many` ruleset + many: + - to: 'reference/query-languages/esql/commands/from.md' + anchors: {'esql-from'} + - to: 'reference/query-languages/esql/commands/row.md' + anchors: {'esql-row'} + - to: 'reference/query-languages/esql/commands/show.md' + anchors: {'esql-show'} + + # Handle old anchor references to esql-commands.md + 'reference/query-languages/esql/esql-commands.md': + to: 'reference/query-languages/esql/esql-commands.md' + anchors: {} # pass-through unlisted anchors in the `many` ruleset + many: + - to: 'reference/query-languages/esql/commands/source-commands.md' + anchors: {'esql-source-commands'} + - to: 'reference/query-languages/esql/commands/processing-commands.md' + anchors: {'esql-processing-commands'} + + 'reference/query-languages/esql/commands/processing-commands.md': + to: 'reference/query-languages/esql/commands/processing-commands.md' + anchors: {} # pass-through unlisted anchors in the `many` ruleset + many: + - to: 'reference/query-languages/esql/commands/change-point.md' + anchors: {'esql-change_point'} + - to: 'reference/query-languages/esql/commands/completion.md' + anchors: {'esql-completion'} + - to: 'reference/query-languages/esql/commands/dissect.md' + anchors: {'esql-dissect'} + - to: 'reference/query-languages/esql/commands/drop.md' + anchors: {'esql-drop'} + - to: 'reference/query-languages/esql/commands/enrich.md' + anchors: {'esql-enrich'} + - to: 'reference/query-languages/esql/commands/eval.md' + anchors: {'esql-eval'} + - to: 'reference/query-languages/esql/commands/fork.md' + anchors: {'esql-fork'} + - to: 'reference/query-languages/esql/commands/grok.md' + anchors: {'esql-grok'} + - to: 'reference/query-languages/esql/commands/keep.md' + anchors: {'esql-keep'} + - to: 'reference/query-languages/esql/commands/limit.md' + anchors: {'esql-limit'} + - to: 'reference/query-languages/esql/commands/lookup-join.md' + anchors: {'esql-lookup-join'} + - to: 'reference/query-languages/esql/commands/mv_expand.md' + anchors: {'esql-mv_expand'} + - to: 'reference/query-languages/esql/commands/rename.md' + anchors: {'esql-rename'} + - to: 'reference/query-languages/esql/commands/rerank.md' + anchors: {'esql-rerank'} + - to: 'reference/query-languages/esql/commands/sample.md' + anchors: {'esql-sample'} + - to: 'reference/query-languages/esql/commands/sort.md' + anchors: {'esql-sort'} + - to: 'reference/query-languages/esql/commands/stats-by.md' + anchors: {'esql-stats-by'} + - to: 'reference/query-languages/esql/commands/where.md' + anchors: {'esql-where'} \ No newline at end of file diff --git a/docs/reference/query-languages/esql/_snippets/commands/layout/change_point.md b/docs/reference/query-languages/esql/_snippets/commands/layout/change_point.md index da7a8497e8d6b..3aa8810497aba 100644 --- a/docs/reference/query-languages/esql/_snippets/commands/layout/change_point.md +++ b/docs/reference/query-languages/esql/_snippets/commands/layout/change_point.md @@ -1,14 +1,12 @@ -## `CHANGE_POINT` [esql-change_point] - -:::{note} -The `CHANGE_POINT` command requires a [platinum license](https://www.elastic.co/subscriptions). -::: - ```yaml {applies_to} serverless: preview stack: preview 9.1.0 ``` +:::{note} +The `CHANGE_POINT` command requires a [platinum license](https://www.elastic.co/subscriptions). +::: + `CHANGE_POINT` detects spikes, dips, and change points in a metric. **Syntax** diff --git a/docs/reference/query-languages/esql/_snippets/commands/layout/completion.md b/docs/reference/query-languages/esql/_snippets/commands/layout/completion.md index 116247697036c..cf1ade8d3c6f0 100644 --- a/docs/reference/query-languages/esql/_snippets/commands/layout/completion.md +++ b/docs/reference/query-languages/esql/_snippets/commands/layout/completion.md @@ -1,4 +1,3 @@ -## `COMPLETION` [esql-completion] ```yaml {applies_to} serverless: preview diff --git a/docs/reference/query-languages/esql/_snippets/commands/layout/dissect.md b/docs/reference/query-languages/esql/_snippets/commands/layout/dissect.md index 79dd91b9f1800..da9eebcbfc7eb 100644 --- a/docs/reference/query-languages/esql/_snippets/commands/layout/dissect.md +++ b/docs/reference/query-languages/esql/_snippets/commands/layout/dissect.md @@ -1,4 +1,7 @@ -## `DISSECT` [esql-dissect] +```yaml {applies_to} +serverless: ga +stack: ga +``` `DISSECT` enables you to [extract structured data out of a string](/reference/query-languages/esql/esql-process-data-with-dissect-grok.md). diff --git a/docs/reference/query-languages/esql/_snippets/commands/layout/drop.md b/docs/reference/query-languages/esql/_snippets/commands/layout/drop.md index 4f383d4f0f237..32aabf25278c9 100644 --- a/docs/reference/query-languages/esql/_snippets/commands/layout/drop.md +++ b/docs/reference/query-languages/esql/_snippets/commands/layout/drop.md @@ -1,4 +1,7 @@ -## `DROP` [esql-drop] +```yaml {applies_to} +serverless: ga +stack: ga +``` The `DROP` processing command removes one or more columns. diff --git a/docs/reference/query-languages/esql/_snippets/commands/layout/enrich.md b/docs/reference/query-languages/esql/_snippets/commands/layout/enrich.md index f33491d447482..5747f7994b072 100644 --- a/docs/reference/query-languages/esql/_snippets/commands/layout/enrich.md +++ b/docs/reference/query-languages/esql/_snippets/commands/layout/enrich.md @@ -1,4 +1,7 @@ -## `ENRICH` [esql-enrich] +```yaml {applies_to} +serverless: ga +stack: ga +``` `ENRICH` enables you to add data from existing indices as new columns using an enrich policy. diff --git a/docs/reference/query-languages/esql/_snippets/commands/layout/eval.md b/docs/reference/query-languages/esql/_snippets/commands/layout/eval.md index cd10448444ebd..a8a39adec2dc5 100644 --- a/docs/reference/query-languages/esql/_snippets/commands/layout/eval.md +++ b/docs/reference/query-languages/esql/_snippets/commands/layout/eval.md @@ -1,4 +1,7 @@ -## `EVAL` [esql-eval] +```yaml {applies_to} +serverless: ga +stack: ga +``` The `EVAL` processing command enables you to append new columns with calculated values. diff --git a/docs/reference/query-languages/esql/_snippets/commands/layout/fork.md b/docs/reference/query-languages/esql/_snippets/commands/layout/fork.md index 836daa7bbaddb..559afacc5940e 100644 --- a/docs/reference/query-languages/esql/_snippets/commands/layout/fork.md +++ b/docs/reference/query-languages/esql/_snippets/commands/layout/fork.md @@ -1,5 +1,3 @@ -## `FORK` [esql-fork] - ```yaml {applies_to} serverless: preview stack: preview 9.1.0 diff --git a/docs/reference/query-languages/esql/_snippets/commands/layout/from.md b/docs/reference/query-languages/esql/_snippets/commands/layout/from.md index 45dce9136a029..a8ff5b6b716be 100644 --- a/docs/reference/query-languages/esql/_snippets/commands/layout/from.md +++ b/docs/reference/query-languages/esql/_snippets/commands/layout/from.md @@ -1,4 +1,7 @@ -## `FROM` [esql-from] +```yaml {applies_to} +serverless: ga +stack: ga +``` The `FROM` source command returns a table with data from a data stream, index, or alias. diff --git a/docs/reference/query-languages/esql/_snippets/commands/layout/grok.md b/docs/reference/query-languages/esql/_snippets/commands/layout/grok.md index 6397eea898469..313eb8c2ce502 100644 --- a/docs/reference/query-languages/esql/_snippets/commands/layout/grok.md +++ b/docs/reference/query-languages/esql/_snippets/commands/layout/grok.md @@ -1,4 +1,7 @@ -## `GROK` [esql-grok] +```yaml {applies_to} +serverless: ga +stack: ga +``` `GROK` enables you to [extract structured data out of a string](/reference/query-languages/esql/esql-process-data-with-dissect-grok.md). diff --git a/docs/reference/query-languages/esql/_snippets/commands/layout/keep.md b/docs/reference/query-languages/esql/_snippets/commands/layout/keep.md index 3f2a357d037eb..2c074712e3151 100644 --- a/docs/reference/query-languages/esql/_snippets/commands/layout/keep.md +++ b/docs/reference/query-languages/esql/_snippets/commands/layout/keep.md @@ -1,4 +1,7 @@ -## `KEEP` [esql-keep] +```yaml {applies_to} +serverless: ga +stack: ga +``` The `KEEP` processing command enables you to specify what columns are returned and the order in which they are returned. diff --git a/docs/reference/query-languages/esql/_snippets/commands/layout/limit.md b/docs/reference/query-languages/esql/_snippets/commands/layout/limit.md index 9bc8d0d86c096..c0646dd782114 100644 --- a/docs/reference/query-languages/esql/_snippets/commands/layout/limit.md +++ b/docs/reference/query-languages/esql/_snippets/commands/layout/limit.md @@ -1,4 +1,7 @@ -## `LIMIT` [esql-limit] +```yaml {applies_to} +serverless: ga +stack: ga +``` The `LIMIT` processing command enables you to limit the number of rows that are returned. diff --git a/docs/reference/query-languages/esql/_snippets/commands/layout/lookup-join.md b/docs/reference/query-languages/esql/_snippets/commands/layout/lookup-join.md index 7b4f2d794ac22..0ff2232e266cb 100644 --- a/docs/reference/query-languages/esql/_snippets/commands/layout/lookup-join.md +++ b/docs/reference/query-languages/esql/_snippets/commands/layout/lookup-join.md @@ -1,5 +1,3 @@ -## `LOOKUP JOIN` [esql-lookup-join] - ```yaml {applies_to} stack: preview 9.0.0, ga 9.1.0 ``` diff --git a/docs/reference/query-languages/esql/_snippets/commands/layout/mv_expand.md b/docs/reference/query-languages/esql/_snippets/commands/layout/mv_expand.md index 3e204a2a3d1be..ce615913ff322 100644 --- a/docs/reference/query-languages/esql/_snippets/commands/layout/mv_expand.md +++ b/docs/reference/query-languages/esql/_snippets/commands/layout/mv_expand.md @@ -1,12 +1,7 @@ -## `MV_EXPAND` [esql-mv_expand] - -::::{warning} -This functionality is in technical preview and may be -changed or removed in a future release. Elastic will work to fix any -issues, but features in technical preview are not subject to the support -SLA of official GA features. -:::: - +```yaml {applies_to} +serverless: preview +stack: preview +``` The `MV_EXPAND` processing command expands multivalued columns into one row per value, duplicating other columns. diff --git a/docs/reference/query-languages/esql/_snippets/commands/layout/rename.md b/docs/reference/query-languages/esql/_snippets/commands/layout/rename.md index 5bcade39660e7..3b3648add7b9e 100644 --- a/docs/reference/query-languages/esql/_snippets/commands/layout/rename.md +++ b/docs/reference/query-languages/esql/_snippets/commands/layout/rename.md @@ -1,4 +1,7 @@ -## `RENAME` [esql-rename] +```yaml {applies_to} +serverless: ga +stack: ga +``` The `RENAME` processing command renames one or more columns. diff --git a/docs/reference/query-languages/esql/_snippets/commands/layout/row.md b/docs/reference/query-languages/esql/_snippets/commands/layout/row.md index ebbede74ab44d..ce28abccfae90 100644 --- a/docs/reference/query-languages/esql/_snippets/commands/layout/row.md +++ b/docs/reference/query-languages/esql/_snippets/commands/layout/row.md @@ -1,4 +1,7 @@ -## `ROW` [esql-row] +```yaml {applies_to} +serverless: ga +stack: ga +``` The `ROW` source command produces a row with one or more columns with values that you specify. This can be useful for testing. diff --git a/docs/reference/query-languages/esql/_snippets/commands/layout/sample.md b/docs/reference/query-languages/esql/_snippets/commands/layout/sample.md index 07d95a31bbcf3..f0ae9e0d37cff 100644 --- a/docs/reference/query-languages/esql/_snippets/commands/layout/sample.md +++ b/docs/reference/query-languages/esql/_snippets/commands/layout/sample.md @@ -1,5 +1,3 @@ -## `SAMPLE` [esql-sample] - ```yaml {applies_to} serverless: preview stack: preview 9.1.0 diff --git a/docs/reference/query-languages/esql/_snippets/commands/layout/show.md b/docs/reference/query-languages/esql/_snippets/commands/layout/show.md index 04782a8cc990b..0083282e68610 100644 --- a/docs/reference/query-languages/esql/_snippets/commands/layout/show.md +++ b/docs/reference/query-languages/esql/_snippets/commands/layout/show.md @@ -1,4 +1,7 @@ -## `SHOW` [esql-show] +```yaml {applies_to} +serverless: ga +stack: ga +``` The `SHOW` source command returns information about the deployment and its capabilities. diff --git a/docs/reference/query-languages/esql/_snippets/commands/layout/sort.md b/docs/reference/query-languages/esql/_snippets/commands/layout/sort.md index 61ddd45fc1ff2..63223a0dfa15b 100644 --- a/docs/reference/query-languages/esql/_snippets/commands/layout/sort.md +++ b/docs/reference/query-languages/esql/_snippets/commands/layout/sort.md @@ -1,4 +1,7 @@ -## `SORT` [esql-sort] +```yaml {applies_to} +serverless: ga +stack: ga +``` The `SORT` processing command sorts a table on one or more columns. diff --git a/docs/reference/query-languages/esql/_snippets/commands/layout/stats-by.md b/docs/reference/query-languages/esql/_snippets/commands/layout/stats-by.md index c8a5899f6c5ef..4f694b9db59d0 100644 --- a/docs/reference/query-languages/esql/_snippets/commands/layout/stats-by.md +++ b/docs/reference/query-languages/esql/_snippets/commands/layout/stats-by.md @@ -1,4 +1,7 @@ -## `STATS` [esql-stats-by] +```yaml {applies_to} +serverless: ga +stack: ga +``` The `STATS` processing command groups rows according to a common value and calculates one or more aggregated values over the grouped rows. diff --git a/docs/reference/query-languages/esql/_snippets/commands/layout/where.md b/docs/reference/query-languages/esql/_snippets/commands/layout/where.md index 5038ebd647ce1..1fed1b2cf98d9 100644 --- a/docs/reference/query-languages/esql/_snippets/commands/layout/where.md +++ b/docs/reference/query-languages/esql/_snippets/commands/layout/where.md @@ -1,4 +1,7 @@ -## `WHERE` [esql-where] +```yaml {applies_to} +serverless: ga +stack: ga +``` The `WHERE` processing command produces a table that contains all the rows from the input table for which the provided condition evaluates to `true`. diff --git a/docs/reference/query-languages/esql/_snippets/common/result-set-size-limitation.md b/docs/reference/query-languages/esql/_snippets/common/result-set-size-limitation.md index 1a6b4dada3dd7..64912b9450a33 100644 --- a/docs/reference/query-languages/esql/_snippets/common/result-set-size-limitation.md +++ b/docs/reference/query-languages/esql/_snippets/common/result-set-size-limitation.md @@ -11,8 +11,8 @@ Queries do not return more than 10,000 rows, regardless of the `LIMIT` command To overcome this limitation: -* Reduce the result set size by modifying the query to only return relevant data. Use [`WHERE`](/reference/query-languages/esql/commands/processing-commands.md#esql-where) to select a smaller subset of the data. -* Shift any post-query processing to the query itself. You can use the {{esql}} [`STATS`](/reference/query-languages/esql/commands/processing-commands.md#esql-stats-by) command to aggregate data in the query. +* Reduce the result set size by modifying the query to only return relevant data. Use [`WHERE`](/reference/query-languages/esql/commands/where.md) to select a smaller subset of the data. +* Shift any post-query processing to the query itself. You can use the {{esql}} [`STATS`](/reference/query-languages/esql/commands/stats-by.md) command to aggregate data in the query. The upper limit only applies to the number of rows that are output by the query, not to the number of documents it processes: the query runs on the full data set. diff --git a/docs/reference/query-languages/esql/_snippets/functions/examples/bucket.md b/docs/reference/query-languages/esql/_snippets/functions/examples/bucket.md index 76901580aed49..ad1275cf37b51 100644 --- a/docs/reference/query-languages/esql/_snippets/functions/examples/bucket.md +++ b/docs/reference/query-languages/esql/_snippets/functions/examples/bucket.md @@ -75,7 +75,7 @@ FROM employees ::::{note} `BUCKET` does not filter any rows. It only uses the provided range to pick a good bucket size. For rows with a value outside of the range, it returns a bucket value that corresponds to a bucket outside the range. -Combine `BUCKET` with [`WHERE`](/reference/query-languages/esql/commands/processing-commands.md#esql-where) to filter rows. +Combine `BUCKET` with [`WHERE`](/reference/query-languages/esql/commands/where.md) to filter rows. :::: If the desired bucket size is known in advance, simply provide it as the second @@ -179,7 +179,7 @@ FROM employees | 54539.75 | 1985-11-01T00:00:00.000Z | `BUCKET` may be used in both the aggregating and grouping part of the -[STATS ... BY ...](/reference/query-languages/esql/commands/processing-commands.md#esql-stats-by) command provided that in the aggregating +[STATS ... BY ...](/reference/query-languages/esql/commands/stats-by.md) command provided that in the aggregating part the function is referenced by an alias defined in the grouping part, or that it is invoked with the exact same expression: diff --git a/docs/reference/query-languages/esql/_snippets/functions/examples/count.md b/docs/reference/query-languages/esql/_snippets/functions/examples/count.md index 98a7f0c930b4c..cad958a96dbc4 100644 --- a/docs/reference/query-languages/esql/_snippets/functions/examples/count.md +++ b/docs/reference/query-languages/esql/_snippets/functions/examples/count.md @@ -39,7 +39,7 @@ ROW words="foo;bar;baz;qux;quux;foo" | --- | | 6 | -To count the number of times an expression returns `TRUE` use a [`WHERE`](/reference/query-languages/esql/commands/processing-commands.md#esql-where) command to remove rows that shouldn’t be included +To count the number of times an expression returns `TRUE` use a [`WHERE`](/reference/query-languages/esql/commands/where.md) command to remove rows that shouldn’t be included ```esql ROW n=1 diff --git a/docs/reference/query-languages/esql/_snippets/functions/examples/date_trunc.md b/docs/reference/query-languages/esql/_snippets/functions/examples/date_trunc.md index f6168c1893976..f446855dcfaa5 100644 --- a/docs/reference/query-languages/esql/_snippets/functions/examples/date_trunc.md +++ b/docs/reference/query-languages/esql/_snippets/functions/examples/date_trunc.md @@ -14,8 +14,7 @@ FROM employees | Amabile | Gomatam | 1992-11-18T00:00:00.000Z | 1992-01-01T00:00:00.000Z | | Anneke | Preusig | 1989-06-02T00:00:00.000Z | 1989-01-01T00:00:00.000Z | -Combine `DATE_TRUNC` with [`STATS`](/reference/query-languages/esql/commands/processing-commands.md#esql-stats-by) to create date histograms. For -example, the number of hires per year: +Combine `DATE_TRUNC` with [`STATS`](/reference/query-languages/esql/commands/stats-by.md) to create date histograms. For example, the number of hires per year: ```esql FROM employees diff --git a/docs/reference/query-languages/esql/_snippets/lists/processing-commands.md b/docs/reference/query-languages/esql/_snippets/lists/processing-commands.md index 8bfcd2a20ac33..85c778d3b3f8b 100644 --- a/docs/reference/query-languages/esql/_snippets/lists/processing-commands.md +++ b/docs/reference/query-languages/esql/_snippets/lists/processing-commands.md @@ -1,17 +1,17 @@ -* [preview] [`CHANGE_POINT`](../../commands/processing-commands.md#esql-change_point) -* [preview] [`COMPLETION`](../../commands/processing-commands.md#esql-completion) -* [`DISSECT`](../../commands/processing-commands.md#esql-dissect) -* [`DROP`](../../commands/processing-commands.md#esql-drop) -* [`ENRICH`](../../commands/processing-commands.md#esql-enrich) -* [`EVAL`](../../commands/processing-commands.md#esql-eval) -* [`GROK`](../../commands/processing-commands.md#esql-grok) -* [preview] [`FORK`](../../commands/processing-commands.md#esql-fork) -* [`KEEP`](../../commands/processing-commands.md#esql-keep) -* [`LIMIT`](../../commands/processing-commands.md#esql-limit) -* [`LOOKUP JOIN`](../../commands/processing-commands.md#esql-lookup-join) -* [preview] [`MV_EXPAND`](../../commands/processing-commands.md#esql-mv_expand) -* [`RENAME`](../../commands/processing-commands.md#esql-rename) -* [preview] [`SAMPLE`](../../commands/processing-commands.md#esql-sample) -* [`SORT`](../../commands/processing-commands.md#esql-sort) -* [`STATS`](../../commands/processing-commands.md#esql-stats-by) -* [`WHERE`](../../commands/processing-commands.md#esql-where) +* [preview] [`CHANGE_POINT`](/reference/query-languages/esql/commands/change-point.md) +* [preview] [`COMPLETION`](/reference/query-languages/esql/commands/completion.md) +* [`DISSECT`](/reference/query-languages/esql/commands/dissect.md) +* [`DROP`](/reference/query-languages/esql/commands/drop.md) +* [`ENRICH`](/reference/query-languages/esql/commands/enrich.md) +* [`EVAL`](/reference/query-languages/esql/commands/eval.md) +* [`GROK`](/reference/query-languages/esql/commands/grok.md) +* [preview] [`FORK`](/reference/query-languages/esql/commands/fork.md) +* [`KEEP`](/reference/query-languages/esql/commands/keep.md) +* [`LIMIT`](/reference/query-languages/esql/commands/limit.md) +* [`LOOKUP JOIN`](/reference/query-languages/esql/commands/lookup-join.md) +* [preview] [`MV_EXPAND`](/reference/query-languages/esql/commands/mv_expand.md) +* [`RENAME`](/reference/query-languages/esql/commands/rename.md) +* [preview] [`SAMPLE`](/reference/query-languages/esql/commands/sample.md) +* [`SORT`](/reference/query-languages/esql/commands/sort.md) +* [`STATS`](/reference/query-languages/esql/commands/stats-by.md) +* [`WHERE`](/reference/query-languages/esql/commands/where.md) diff --git a/docs/reference/query-languages/esql/_snippets/lists/source-commands.md b/docs/reference/query-languages/esql/_snippets/lists/source-commands.md index 21194abdec2f7..ceaa5147da7cf 100644 --- a/docs/reference/query-languages/esql/_snippets/lists/source-commands.md +++ b/docs/reference/query-languages/esql/_snippets/lists/source-commands.md @@ -1,3 +1,3 @@ -* [`FROM`](../../commands/source-commands.md#esql-from) -* [`ROW`](../../commands/source-commands.md#esql-row) -* [`SHOW`](../../commands/source-commands.md#esql-show) +- [`FROM`](/reference/query-languages/esql/commands/from.md) +- [`ROW`](/reference/query-languages/esql/commands/row.md) +- [`SHOW`](/reference/query-languages/esql/commands/show.md) \ No newline at end of file diff --git a/docs/reference/query-languages/esql/commands/change-point.md b/docs/reference/query-languages/esql/commands/change-point.md new file mode 100644 index 0000000000000..96d4c6a41868c --- /dev/null +++ b/docs/reference/query-languages/esql/commands/change-point.md @@ -0,0 +1,10 @@ +--- +navigation_title: "CHANGE_POINT" +mapped_pages: + - https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-change_point +--- + +# `CHANGE_POINT` [esql-change_point] + +:::{include} ../_snippets/commands/layout/change_point.md +::: diff --git a/docs/reference/query-languages/esql/commands/completion.md b/docs/reference/query-languages/esql/commands/completion.md new file mode 100644 index 0000000000000..1d93b387b957c --- /dev/null +++ b/docs/reference/query-languages/esql/commands/completion.md @@ -0,0 +1,10 @@ +--- +navigation_title: "COMPLETION" +mapped_pages: + - https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-completion +--- + +# `COMPLETION` [esql-completion] + +:::{include} ../_snippets/commands/layout/completion.md +::: diff --git a/docs/reference/query-languages/esql/commands/dissect.md b/docs/reference/query-languages/esql/commands/dissect.md new file mode 100644 index 0000000000000..54646b8b1a5d1 --- /dev/null +++ b/docs/reference/query-languages/esql/commands/dissect.md @@ -0,0 +1,10 @@ +--- +navigation_title: "DISSECT" +mapped_pages: + - https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-dissect +--- + +# `DISSECT` [esql-dissect] + +:::{include} ../_snippets/commands/layout/dissect.md +::: diff --git a/docs/reference/query-languages/esql/commands/drop.md b/docs/reference/query-languages/esql/commands/drop.md new file mode 100644 index 0000000000000..dc66933e7849b --- /dev/null +++ b/docs/reference/query-languages/esql/commands/drop.md @@ -0,0 +1,10 @@ +--- +navigation_title: "DROP" +mapped_pages: + - https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-drop +--- + +# `DROP` [esql-drop] + +:::{include} ../_snippets/commands/layout/drop.md +::: diff --git a/docs/reference/query-languages/esql/commands/enrich.md b/docs/reference/query-languages/esql/commands/enrich.md new file mode 100644 index 0000000000000..7b6d4f3787d7b --- /dev/null +++ b/docs/reference/query-languages/esql/commands/enrich.md @@ -0,0 +1,10 @@ +--- +navigation_title: "ENRICH" +mapped_pages: + - https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-enrich +--- + +# `ENRICH` [esql-enrich] + +:::{include} ../_snippets/commands/layout/enrich.md +::: diff --git a/docs/reference/query-languages/esql/commands/eval.md b/docs/reference/query-languages/esql/commands/eval.md new file mode 100644 index 0000000000000..6a912610c95f5 --- /dev/null +++ b/docs/reference/query-languages/esql/commands/eval.md @@ -0,0 +1,10 @@ +--- +navigation_title: "EVAL" +mapped_pages: + - https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-eval +--- + +# `EVAL` [esql-eval] + +:::{include} ../_snippets/commands/layout/eval.md +::: diff --git a/docs/reference/query-languages/esql/commands/fork.md b/docs/reference/query-languages/esql/commands/fork.md new file mode 100644 index 0000000000000..841c64c9d9dcf --- /dev/null +++ b/docs/reference/query-languages/esql/commands/fork.md @@ -0,0 +1,10 @@ +--- +navigation_title: "FORK" +mapped_pages: + - https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-fork +--- + +# `FORK` [esql-fork] + +:::{include} ../_snippets/commands/layout/fork.md +::: diff --git a/docs/reference/query-languages/esql/commands/from.md b/docs/reference/query-languages/esql/commands/from.md new file mode 100644 index 0000000000000..0cef20784e8cc --- /dev/null +++ b/docs/reference/query-languages/esql/commands/from.md @@ -0,0 +1,10 @@ +--- +navigation_title: "FROM" +mapped_pages: + - https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-from +--- + +# `FROM` [esql-from] + +:::{include} ../_snippets/commands/layout/from.md +::: diff --git a/docs/reference/query-languages/esql/commands/grok.md b/docs/reference/query-languages/esql/commands/grok.md new file mode 100644 index 0000000000000..4c895cd8d1d4f --- /dev/null +++ b/docs/reference/query-languages/esql/commands/grok.md @@ -0,0 +1,10 @@ +--- +navigation_title: "GROK" +mapped_pages: + - https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-grok +--- + +# `GROK` [esql-grok] + +:::{include} ../_snippets/commands/layout/grok.md +::: diff --git a/docs/reference/query-languages/esql/commands/keep.md b/docs/reference/query-languages/esql/commands/keep.md new file mode 100644 index 0000000000000..b4ed9d4becebe --- /dev/null +++ b/docs/reference/query-languages/esql/commands/keep.md @@ -0,0 +1,10 @@ +--- +navigation_title: "KEEP" +mapped_pages: + - https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-keep +--- + +# `KEEP` [esql-keep] + +:::{include} ../_snippets/commands/layout/keep.md +::: diff --git a/docs/reference/query-languages/esql/commands/limit.md b/docs/reference/query-languages/esql/commands/limit.md new file mode 100644 index 0000000000000..ba9c7f78a2267 --- /dev/null +++ b/docs/reference/query-languages/esql/commands/limit.md @@ -0,0 +1,10 @@ +--- +navigation_title: "LIMIT" +mapped_pages: + - https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-limit +--- + +# `LIMIT` [esql-limit] + +:::{include} ../_snippets/commands/layout/limit.md +::: diff --git a/docs/reference/query-languages/esql/commands/lookup-join.md b/docs/reference/query-languages/esql/commands/lookup-join.md new file mode 100644 index 0000000000000..4de8fdea84718 --- /dev/null +++ b/docs/reference/query-languages/esql/commands/lookup-join.md @@ -0,0 +1,10 @@ +--- +navigation_title: "LOOKUP JOIN" +mapped_pages: + - https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-lookup-join +--- + +# `LOOKUP JOIN` [esql-lookup-join] + +:::{include} ../_snippets/commands/layout/lookup-join.md +::: diff --git a/docs/reference/query-languages/esql/commands/mv_expand.md b/docs/reference/query-languages/esql/commands/mv_expand.md new file mode 100644 index 0000000000000..eed1d35c11297 --- /dev/null +++ b/docs/reference/query-languages/esql/commands/mv_expand.md @@ -0,0 +1,10 @@ +--- +navigation_title: "MV_EXPAND" +mapped_pages: + - https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-mv_expand +--- + +# `MV_EXPAND` [esql-mv_expand] + +:::{include} ../_snippets/commands/layout/mv_expand.md +::: diff --git a/docs/reference/query-languages/esql/commands/processing-commands.md b/docs/reference/query-languages/esql/commands/processing-commands.md index 1f07e8b3b8c2c..5af3208256242 100644 --- a/docs/reference/query-languages/esql/commands/processing-commands.md +++ b/docs/reference/query-languages/esql/commands/processing-commands.md @@ -1,4 +1,7 @@ --- +applies_to: + stack: + serverless: navigation_title: "Processing commands" mapped_pages: - https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html @@ -16,54 +19,3 @@ mapped_pages: :::{include} ../_snippets/lists/processing-commands.md ::: - -:::{include} ../_snippets/commands/layout/change_point.md -::: - -:::{include} ../_snippets/commands/layout/completion.md -::: - -:::{include} ../_snippets/commands/layout/dissect.md -::: - -:::{include} ../_snippets/commands/layout/drop.md -::: - -:::{include} ../_snippets/commands/layout/enrich.md -::: - -:::{include} ../_snippets/commands/layout/eval.md -::: - -:::{include} ../_snippets/commands/layout/fork.md -::: - -:::{include} ../_snippets/commands/layout/grok.md -::: - -:::{include} ../_snippets/commands/layout/keep.md -::: - -:::{include} ../_snippets/commands/layout/limit.md -::: - -:::{include} ../_snippets/commands/layout/lookup-join.md -::: - -:::{include} ../_snippets/commands/layout/mv_expand.md -::: - -:::{include} ../_snippets/commands/layout/rename.md -::: - -:::{include} ../_snippets/commands/layout/sample.md -::: - -:::{include} ../_snippets/commands/layout/sort.md -::: - -:::{include} ../_snippets/commands/layout/stats-by.md -::: - -:::{include} ../_snippets/commands/layout/where.md -::: diff --git a/docs/reference/query-languages/esql/commands/rename.md b/docs/reference/query-languages/esql/commands/rename.md new file mode 100644 index 0000000000000..a21bda78f5025 --- /dev/null +++ b/docs/reference/query-languages/esql/commands/rename.md @@ -0,0 +1,10 @@ +--- +navigation_title: "RENAME" +mapped_pages: + - https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-rename +--- + +# `RENAME` [esql-rename] + +:::{include} ../_snippets/commands/layout/rename.md +::: diff --git a/docs/reference/query-languages/esql/commands/rerank.md b/docs/reference/query-languages/esql/commands/rerank.md new file mode 100644 index 0000000000000..d1d5b3251842c --- /dev/null +++ b/docs/reference/query-languages/esql/commands/rerank.md @@ -0,0 +1,10 @@ +--- +navigation_title: "RERANK" +mapped_pages: + - https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-rerank +--- + +# `RERANK` [esql-rerank] + +:::{include} ../_snippets/commands/layout/rerank.md +::: diff --git a/docs/reference/query-languages/esql/commands/row.md b/docs/reference/query-languages/esql/commands/row.md new file mode 100644 index 0000000000000..1c5d180c87cc7 --- /dev/null +++ b/docs/reference/query-languages/esql/commands/row.md @@ -0,0 +1,10 @@ +--- +navigation_title: "ROW" +mapped_pages: + - https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-row +--- + +# `ROW` [esql-row] + +:::{include} ../_snippets/commands/layout/row.md +::: diff --git a/docs/reference/query-languages/esql/commands/sample.md b/docs/reference/query-languages/esql/commands/sample.md new file mode 100644 index 0000000000000..3e9ed11428175 --- /dev/null +++ b/docs/reference/query-languages/esql/commands/sample.md @@ -0,0 +1,10 @@ +--- +navigation_title: "SAMPLE" +mapped_pages: + - https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-sample +--- + +# `SAMPLE` [esql-sample] + +:::{include} ../_snippets/commands/layout/sample.md +::: diff --git a/docs/reference/query-languages/esql/commands/show.md b/docs/reference/query-languages/esql/commands/show.md new file mode 100644 index 0000000000000..130abec311750 --- /dev/null +++ b/docs/reference/query-languages/esql/commands/show.md @@ -0,0 +1,10 @@ +--- +navigation_title: "SHOW" +mapped_pages: + - https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-show +--- + +# `SHOW` [esql-show] + +:::{include} ../_snippets/commands/layout/show.md +::: diff --git a/docs/reference/query-languages/esql/commands/sort.md b/docs/reference/query-languages/esql/commands/sort.md new file mode 100644 index 0000000000000..ada8a69b93bfd --- /dev/null +++ b/docs/reference/query-languages/esql/commands/sort.md @@ -0,0 +1,10 @@ +--- +navigation_title: "SORT" +mapped_pages: + - https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-sort +--- + +# `SORT` [esql-sort] + +:::{include} ../_snippets/commands/layout/sort.md +::: diff --git a/docs/reference/query-languages/esql/commands/source-commands.md b/docs/reference/query-languages/esql/commands/source-commands.md index 8717ea15ddd95..1dc8a6dc4c466 100644 --- a/docs/reference/query-languages/esql/commands/source-commands.md +++ b/docs/reference/query-languages/esql/commands/source-commands.md @@ -1,4 +1,7 @@ --- +applies_to: + stack: + serverless: navigation_title: "Source commands" mapped_pages: - https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html @@ -17,12 +20,3 @@ An {{esql}} source command produces a table, typically with data from {{es}}. An :::{include} ../_snippets/lists/source-commands.md ::: -:::{include} ../_snippets/commands/layout/from.md -::: - -:::{include} ../_snippets/commands/layout/row.md -::: - -:::{include} ../_snippets/commands/layout/show.md -::: - diff --git a/docs/reference/query-languages/esql/commands/stats-by.md b/docs/reference/query-languages/esql/commands/stats-by.md new file mode 100644 index 0000000000000..c4b7892cfa5a7 --- /dev/null +++ b/docs/reference/query-languages/esql/commands/stats-by.md @@ -0,0 +1,10 @@ +--- +navigation_title: "STATS" +mapped_pages: + - https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-stats-by +--- + +# `STATS` [esql-stats-by] + +:::{include} ../_snippets/commands/layout/stats-by.md +::: diff --git a/docs/reference/query-languages/esql/commands/where.md b/docs/reference/query-languages/esql/commands/where.md new file mode 100644 index 0000000000000..28d0b999f2df5 --- /dev/null +++ b/docs/reference/query-languages/esql/commands/where.md @@ -0,0 +1,10 @@ +--- +navigation_title: "WHERE" +mapped_pages: + - https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-where +--- + +# `WHERE` [esql-where] + +:::{include} ../_snippets/commands/layout/where.md +::: diff --git a/docs/reference/query-languages/esql/esql-commands.md b/docs/reference/query-languages/esql/esql-commands.md index 9c5ec270ecd2a..d50de09122b72 100644 --- a/docs/reference/query-languages/esql/esql-commands.md +++ b/docs/reference/query-languages/esql/esql-commands.md @@ -1,4 +1,7 @@ --- +applies_to: + stack: + serverless: navigation_title: "Commands" mapped_pages: - https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html @@ -6,28 +9,7 @@ mapped_pages: # {{esql}} commands [esql-commands] -## Source commands [esql-source-commands] +{{esql}} commands come in two flavors: source commands and processing commands: -An {{esql}} source command produces a table, typically with data from {{es}}. An {{esql}} query must start with a source command. - -:::{image} ../images/source-command.svg -:alt: A source command producing a table from {{es}} -::: - -{{esql}} supports these source commands: - -:::{include} _snippets/lists/source-commands.md -::: - -## Processing commands [esql-processing-commands] - -{{esql}} processing commands change an input table by adding, removing, or changing rows and columns. - -:::{image} ../images/processing-command.svg -:alt: A processing command changing an input table -::: - -{{esql}} supports these processing commands: - -:::{include} _snippets/lists/processing-commands.md -::: +- An {{esql}} query must start with a [source command](./commands/source-commands.md). +- Use [processing commands](./commands/processing-commands.md) to modify an input table by adding, removing, or transforming rows and columns. \ No newline at end of file diff --git a/docs/reference/query-languages/esql/esql-enrich-data.md b/docs/reference/query-languages/esql/esql-enrich-data.md index ac225622700fa..d841dfcb14a4c 100644 --- a/docs/reference/query-languages/esql/esql-enrich-data.md +++ b/docs/reference/query-languages/esql/esql-enrich-data.md @@ -6,7 +6,7 @@ mapped_pages: # Combine data from multiple indices with `ENRICH` [esql-enrich-data] -The {{esql}} [`ENRICH`](/reference/query-languages/esql/commands/processing-commands.md#esql-enrich) processing command combines, at query-time, data from one or more source indexes with field-value combinations found in {{es}} enrich indexes. +The {{esql}} [`ENRICH`](/reference/query-languages/esql/commands/enrich.md) processing command combines, at query-time, data from one or more source indexes with field-value combinations found in {{es}} enrich indexes. For example, you can use `ENRICH` to: @@ -14,7 +14,7 @@ For example, you can use `ENRICH` to: * Add product information to retail orders based on product IDs * Supplement contact information based on an email address -[`ENRICH`](/reference/query-languages/esql/commands/processing-commands.md#esql-enrich) is similar to [`LOOKUP join`](/reference/query-languages/esql/commands/processing-commands.md#esql-lookup-join) in the fact that they both help you join data together. You should use `ENRICH` when: +[`ENRICH`](/reference/query-languages/esql/commands/enrich.md) is similar to [`LOOKUP join`](/reference/query-languages/esql/commands/lookup-join.md) in the fact that they both help you join data together. You should use `ENRICH` when: * Enrichment data doesn't change frequently * You can accept index-time overhead @@ -125,7 +125,7 @@ Once the enrich policy is created, you need to execute it using the [execute enr The *enrich index* contains documents from the policy’s source indices. Enrich indices always begin with `.enrich-*`, are read-only, and are [force merged](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-forcemerge). ::::{warning} -Enrich indices should only be used by the [enrich processor](/reference/enrich-processor/enrich-processor.md) or the [{{esql}} `ENRICH` command](/reference/query-languages/esql/commands/processing-commands.md#esql-enrich). Avoid using enrich indices for other purposes. +Enrich indices should only be used by the [enrich processor](/reference/enrich-processor/enrich-processor.md) or the [{{esql}} `ENRICH` command](/reference/query-languages/esql/commands/enrich.md). Avoid using enrich indices for other purposes. :::: @@ -133,7 +133,7 @@ Enrich indices should only be used by the [enrich processor](/reference/enrich-p ### Use the enrich policy [esql-use-enrich] -After the policy has been executed, you can use the [`ENRICH` command](/reference/query-languages/esql/commands/processing-commands.md#esql-enrich) to enrich your data. +After the policy has been executed, you can use the [`ENRICH` command](/reference/query-languages/esql/commands/enrich.md) to enrich your data. :::{image} ../images/esql-enrich-command.png :alt: esql enrich command diff --git a/docs/reference/query-languages/esql/esql-lookup-join.md b/docs/reference/query-languages/esql/esql-lookup-join.md index 826de488e5897..ce85bbedc12fa 100644 --- a/docs/reference/query-languages/esql/esql-lookup-join.md +++ b/docs/reference/query-languages/esql/esql-lookup-join.md @@ -6,7 +6,7 @@ mapped_pages: # Join data from multiple indices with `LOOKUP JOIN` [esql-lookup-join-reference] -The {{esql}} [`LOOKUP JOIN`](/reference/query-languages/esql/commands/processing-commands.md#esql-lookup-join) processing command combines data from your {{esql}} query results table with matching records from a specified lookup index. It adds fields from the lookup index as new columns to your results table based on matching values in the join field. +The {{esql}} [`LOOKUP JOIN`](/reference/query-languages/esql/commands/lookup-join.md) processing command combines data from your {{esql}} query results table with matching records from a specified lookup index. It adds fields from the lookup index as new columns to your results table based on matching values in the join field. Teams often have data scattered across multiple indices – like logs, IPs, user IDs, hosts, employees etc. Without a direct way to enrich or correlate each event with reference data, root-cause analysis, security checks, and operational insights become time-consuming. @@ -18,7 +18,7 @@ For example, you can use `LOOKUP JOIN` to: ## Compare with `ENRICH` -[`LOOKUP JOIN`](/reference/query-languages/esql/commands/processing-commands.md#esql-lookup-join) is similar to [`ENRICH`](/reference/query-languages/esql/commands/processing-commands.md#esql-enrich) in the fact that they both help you join data together. You should use `LOOKUP JOIN` when: +[`LOOKUP JOIN`](/reference/query-languages/esql/commands/lookup-join.md) is similar to [`ENRICH`](/reference/query-languages/esql/commands/enrich.md) in the fact that they both help you join data together. You should use `LOOKUP JOIN` when: * Your enrichment data changes frequently * You want to avoid index-time processing @@ -138,7 +138,7 @@ A successful query will output a table. In this example, you can see that the `s ### Additional examples -Refer to the examples section of the [`LOOKUP JOIN`](/reference/query-languages/esql/commands/processing-commands.md#esql-lookup-join) command reference for more examples. +Refer to the examples section of the [`LOOKUP JOIN`](/reference/query-languages/esql/commands/lookup-join.md) command reference for more examples. ## Prerequisites [esql-lookup-join-prereqs] @@ -172,7 +172,7 @@ In addition to the [{{esql}} unsupported field types](/reference/query-languages * Temporal intervals like `DURATION`, `PERIOD` ```{note} -For a complete list of all types supported in `LOOKUP JOIN`, refer to the [`LOOKUP JOIN` supported types table](/reference/query-languages/esql/commands/processing-commands.md#esql-lookup-join). +For a complete list of all types supported in `LOOKUP JOIN`, refer to the [`LOOKUP JOIN` supported types table](/reference/query-languages/esql/commands/lookup-join.md). ``` ## Usage notes diff --git a/docs/reference/query-languages/esql/esql-metadata-fields.md b/docs/reference/query-languages/esql/esql-metadata-fields.md index 0dd5f5db941f6..b75b35680ce93 100644 --- a/docs/reference/query-languages/esql/esql-metadata-fields.md +++ b/docs/reference/query-languages/esql/esql-metadata-fields.md @@ -8,7 +8,7 @@ mapped_pages: {{esql}} can access [metadata fields](/reference/elasticsearch/mapping-reference/document-metadata-fields.md). -To access these fields, use the `METADATA` directive with the [`FROM`](/reference/query-languages/esql/commands/source-commands.md#esql-from) source command. For example: +To access these fields, use the `METADATA` directive with the [`FROM`](/reference/query-languages/esql/commands/from.md) source command. For example: ```esql FROM index METADATA _index, _id diff --git a/docs/reference/query-languages/esql/esql-process-data-with-dissect-grok.md b/docs/reference/query-languages/esql/esql-process-data-with-dissect-grok.md index ee4edeb7f91e1..178fb3a28a206 100644 --- a/docs/reference/query-languages/esql/esql-process-data-with-dissect-grok.md +++ b/docs/reference/query-languages/esql/esql-process-data-with-dissect-grok.md @@ -13,7 +13,7 @@ Your data may contain unstructured strings that you want to structure. This make :alt: unstructured data ::: -{{es}} can structure your data at index time or query time. At index time, you can use the [Dissect](/reference/enrich-processor/dissect-processor.md) and [Grok](/reference/enrich-processor/grok-processor.md) ingest processors, or the {{ls}} [Dissect](logstash-docs-md://lsr//plugins-filters-dissect.md) and [Grok](logstash-docs-md://lsr//plugins-filters-grok.md) filters. At query time, you can use the {{esql}} [`DISSECT`](/reference/query-languages/esql/commands/processing-commands.md#esql-dissect) and [`GROK`](/reference/query-languages/esql/commands/processing-commands.md#esql-grok) commands. +{{es}} can structure your data at index time or query time. At index time, you can use the [Dissect](/reference/enrich-processor/dissect-processor.md) and [Grok](/reference/enrich-processor/grok-processor.md) ingest processors, or the {{ls}} [Dissect](logstash-docs-md://lsr//plugins-filters-dissect.md) and [Grok](logstash-docs-md://lsr//plugins-filters-grok.md) filters. At query time, you can use the {{esql}} [`DISSECT`](/reference/query-languages/esql/commands/dissect.md) and [`GROK`](/reference/query-languages/esql/commands/grok.md) commands. ## `DISSECT` or `GROK`? Or both? [esql-grok-or-dissect] @@ -24,7 +24,7 @@ You can use both `DISSECT` and `GROK` for hybrid use cases. For example when a s ## Process data with `DISSECT` [esql-process-data-with-dissect] -The [`DISSECT`](/reference/query-languages/esql/commands/processing-commands.md#esql-dissect) processing command matches a string against a delimiter-based pattern, and extracts the specified keys as columns. +The [`DISSECT`](/reference/query-languages/esql/commands/dissect.md) processing command matches a string against a delimiter-based pattern, and extracts the specified keys as columns. For example, the following pattern: @@ -206,7 +206,7 @@ The `DISSECT` command does not support reference keys. ## Process data with `GROK` [esql-process-data-with-grok] -The [`GROK`](/reference/query-languages/esql/commands/processing-commands.md#esql-grok) processing command matches a string against a pattern based on regular expressions, and extracts the specified keys as columns. +The [`GROK`](/reference/query-languages/esql/commands/grok.md) processing command matches a string against a pattern based on regular expressions, and extracts the specified keys as columns. For example, the following pattern: diff --git a/docs/reference/query-languages/esql/functions-operators/aggregation-functions.md b/docs/reference/query-languages/esql/functions-operators/aggregation-functions.md index d954260eb8f44..04858c66a0390 100644 --- a/docs/reference/query-languages/esql/functions-operators/aggregation-functions.md +++ b/docs/reference/query-languages/esql/functions-operators/aggregation-functions.md @@ -7,7 +7,7 @@ mapped_pages: # {{esql}} aggregation functions [esql-aggregation-functions] -The [`STATS`](/reference/query-languages/esql/commands/processing-commands.md#esql-stats-by) command supports these aggregate functions: +The [`STATS`](/reference/query-languages/esql/commands/stats-by.md) command supports these aggregate functions: :::{include} ../_snippets/lists/aggregation-functions.md ::: diff --git a/docs/reference/query-languages/esql/functions-operators/grouping-functions.md b/docs/reference/query-languages/esql/functions-operators/grouping-functions.md index dab4fc1cc46e2..7cd02febec968 100644 --- a/docs/reference/query-languages/esql/functions-operators/grouping-functions.md +++ b/docs/reference/query-languages/esql/functions-operators/grouping-functions.md @@ -7,7 +7,7 @@ mapped_pages: # {{esql}} grouping functions [esql-group-functions] -The [`STATS`](/reference/query-languages/esql/commands/processing-commands.md#esql-stats-by) command supports these grouping functions: +The [`STATS`](/reference/query-languages/esql/commands/stats-by.md) command supports these grouping functions: :::{include} ../_snippets/lists/grouping-functions.md ::: diff --git a/docs/reference/query-languages/esql/limitations.md b/docs/reference/query-languages/esql/limitations.md index 5f4417aa78e98..df248faa36466 100644 --- a/docs/reference/query-languages/esql/limitations.md +++ b/docs/reference/query-languages/esql/limitations.md @@ -8,7 +8,7 @@ mapped_pages: ## Result set size limit [esql-max-rows] -By default, an {{esql}} query returns up to 1,000 rows. You can increase the number of rows up to 10,000 using the [`LIMIT`](/reference/query-languages/esql/commands/processing-commands.md#esql-limit) command. +By default, an {{esql}} query returns up to 1,000 rows. You can increase the number of rows up to 10,000 using the [`LIMIT`](/reference/query-languages/esql/commands/limit.md) command. :::{include} _snippets/common/result-set-size-limitation.md ::: @@ -85,7 +85,7 @@ Querying a column with an unsupported type returns an error. If a column with an Some [field types](/reference/elasticsearch/mapping-reference/field-data-types.md) are not supported in all contexts: -* Spatial types are not supported in the [SORT](/reference/query-languages/esql/commands/processing-commands.md#esql-sort) processing command. Specifying a column of one of these types as a sort parameter will result in an error: +* Spatial types are not supported in the [SORT](/reference/query-languages/esql/commands/sort.md) processing command. Specifying a column of one of these types as a sort parameter will result in an error: * `geo_point` * `geo_shape` @@ -104,8 +104,8 @@ In addition, when [querying multiple indexes](docs-content://explore-analyze/que One limitation of [full-text search](/reference/query-languages/esql/functions-operators/search-functions.md) is that it is necessary to use the search function, like [`MATCH`](/reference/query-languages/esql/functions-operators/search-functions.md#esql-match), -in a [`WHERE`](/reference/query-languages/esql/commands/processing-commands.md#esql-where) command directly after the -[`FROM`](/reference/query-languages/esql/commands/source-commands.md#esql-from) source command, or close enough to it. +in a [`WHERE`](/reference/query-languages/esql/commands/where.md) command directly after the +[`FROM`](/reference/query-languages/esql/commands/from.md) source command, or close enough to it. Otherwise, the query will fail with a validation error. For example, this query is valid: @@ -115,7 +115,7 @@ FROM books | WHERE MATCH(author, "Faulkner") AND MATCH(author, "Tolkien") ``` -But this query will fail due to the [STATS](/reference/query-languages/esql/commands/processing-commands.md#esql-stats-by) command: +But this query will fail due to the [STATS](/reference/query-languages/esql/commands/stats-by.md) command: ```esql FROM books @@ -179,7 +179,7 @@ Or consider using one of the [full-text search](/reference/query-languages/esql/ As discussed in more detail in [Using {{esql}} to query multiple indices](docs-content://explore-analyze/query-filter/languages/esql-multi-index.md), {{esql}} can execute a single query across multiple indices, data streams, or aliases. However, there are some limitations to be aware of: -* All underlying indexes and shards must be active. Using admin commands or UI, it is possible to pause an index or shard, for example by disabling a frozen tier instance, but then any {{esql}} query that includes that index or shard will fail, even if the query uses [`WHERE`](/reference/query-languages/esql/commands/processing-commands.md#esql-where) to filter out the results from the paused index. If you see an error of type `search_phase_execution_exception`, with the message `Search rejected due to missing shards`, you likely have an index or shard in `UNASSIGNED` state. +* All underlying indexes and shards must be active. Using admin commands or UI, it is possible to pause an index or shard, for example by disabling a frozen tier instance, but then any {{esql}} query that includes that index or shard will fail, even if the query uses [`WHERE`](/reference/query-languages/esql/commands/where.md) to filter out the results from the paused index. If you see an error of type `search_phase_execution_exception`, with the message `Search rejected due to missing shards`, you likely have an index or shard in `UNASSIGNED` state. * The same field must have the same type across all indexes. If the same field is mapped to different types it is still possible to query the indexes, but the field must be [explicitly converted to a single type](docs-content://explore-analyze/query-filter/languages/esql-multi-index.md#esql-multi-index-union-types). @@ -244,11 +244,11 @@ Work around this limitation by converting the field to single value with one of ## Kibana limitations [esql-limitations-kibana] -* The user interface to filter data is not enabled when Discover is in {{esql}} mode. To filter data, write a query that uses the [`WHERE`](/reference/query-languages/esql/commands/processing-commands.md#esql-where) command instead. +* The user interface to filter data is not enabled when Discover is in {{esql}} mode. To filter data, write a query that uses the [`WHERE`](/reference/query-languages/esql/commands/where.md) command instead. * Discover shows no more than 10,000 rows. This limit only applies to the number of rows that are retrieved by the query and displayed in Discover. Queries and aggregations run on the full data set. * Discover shows no more than 50 columns. If a query returns more than 50 columns, Discover only shows the first 50. * CSV export from Discover shows no more than 10,000 rows. This limit only applies to the number of rows that are retrieved by the query and displayed in Discover. Queries and aggregations run on the full data set. -* Querying many indices at once without any filters can cause an error in kibana which looks like `[esql] > Unexpected error from Elasticsearch: The content length (536885793) is bigger than the maximum allowed string (536870888)`. The response from {{esql}} is too long. Use [`DROP`](/reference/query-languages/esql/commands/processing-commands.md#esql-drop) or [`KEEP`](/reference/query-languages/esql/commands/processing-commands.md#esql-keep) to limit the number of fields returned. +* Querying many indices at once without any filters can cause an error in kibana which looks like `[esql] > Unexpected error from Elasticsearch: The content length (536885793) is bigger than the maximum allowed string (536870888)`. The response from {{esql}} is too long. Use [`DROP`](/reference/query-languages/esql/commands/drop.md) or [`KEEP`](/reference/query-languages/esql/commands/keep.md) to limit the number of fields returned. ## Known issues [esql-known-issues] diff --git a/docs/reference/query-languages/toc.yml b/docs/reference/query-languages/toc.yml index 6ecc4d08d81b9..f285d5421344d 100644 --- a/docs/reference/query-languages/toc.yml +++ b/docs/reference/query-languages/toc.yml @@ -90,7 +90,30 @@ toc: - file: esql/esql-commands.md children: - file: esql/commands/source-commands.md + children: + - file: esql/commands/from.md + - file: esql/commands/row.md + - file: esql/commands/show.md - file: esql/commands/processing-commands.md + children: + - file: esql/commands/change-point.md + - file: esql/commands/completion.md + - file: esql/commands/dissect.md + - file: esql/commands/drop.md + - file: esql/commands/enrich.md + - file: esql/commands/eval.md + - file: esql/commands/fork.md + - file: esql/commands/grok.md + - file: esql/commands/keep.md + - file: esql/commands/limit.md + - file: esql/commands/lookup-join.md + - file: esql/commands/mv_expand.md + - file: esql/commands/rename.md + - file: esql/commands/rerank.md + - file: esql/commands/sample.md + - file: esql/commands/sort.md + - file: esql/commands/stats-by.md + - file: esql/commands/where.md - file: esql/esql-functions-operators.md children: - file: esql/functions-operators/aggregation-functions.md diff --git a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/Count.java b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/Count.java index aef221ab6a7e9..4fbe6f22a784f 100644 --- a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/Count.java +++ b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/Count.java @@ -55,7 +55,7 @@ public class Count extends AggregateFunction implements ToAggregator, SurrogateE ), @Example( description = "To count the number of times an expression returns `TRUE` use " - + "a <> command to remove rows that shouldn’t be included", + + "a [`WHERE`](/reference/query-languages/esql/commands/where.md) command to remove rows that shouldn’t be included", file = "stats", tag = "count-where" ), diff --git a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/grouping/Bucket.java b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/grouping/Bucket.java index bb6633686fc7c..9b3cf7d2f683f 100644 --- a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/grouping/Bucket.java +++ b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/grouping/Bucket.java @@ -135,7 +135,7 @@ another in which the bucket size is provided directly (two parameters). ::::{note} `BUCKET` does not filter any rows. It only uses the provided range to pick a good bucket size. For rows with a value outside of the range, it returns a bucket value that corresponds to a bucket outside the range. - Combine `BUCKET` with <> to filter rows. + Combine `BUCKET` with [`WHERE`](/reference/query-languages/esql/commands/where.md) to filter rows. ::::""" ), @Example(description = """ @@ -169,7 +169,7 @@ another in which the bucket size is provided directly (two parameters). @Example( description = """ `BUCKET` may be used in both the aggregating and grouping part of the - <> command provided that in the aggregating + [STATS ... BY ...](/reference/query-languages/esql/commands/stats-by.md) command provided that in the aggregating part the function is referenced by an alias defined in the grouping part, or that it is invoked with the exact same expression:""", file = "bucket", diff --git a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/date/DateTrunc.java b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/date/DateTrunc.java index 6981c8e3b9d82..fc59d3471863c 100644 --- a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/date/DateTrunc.java +++ b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/date/DateTrunc.java @@ -67,8 +67,9 @@ public interface DateTruncFactoryProvider { examples = { @Example(file = "date", tag = "docsDateTrunc"), @Example( - description = "Combine `DATE_TRUNC` with <> to create date histograms. For\n" - + "example, the number of hires per year:", + description = "Combine `DATE_TRUNC` with [`STATS`](/reference/query-languages/esql/commands/stats-by.md) " + + "to create date histograms. " + + "For example, the number of hires per year:", file = "date", tag = "docsDateTruncHistogram" ), From c7e0d8f5033da2f37c0c1c34cff05c298cb70d6d Mon Sep 17 00:00:00 2001 From: Liam Thompson Date: Tue, 19 Aug 2025 17:39:56 +0200 Subject: [PATCH 2/4] delete rerank.md from toc.yml --- docs/reference/query-languages/toc.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/reference/query-languages/toc.yml b/docs/reference/query-languages/toc.yml index f285d5421344d..4c00755607e65 100644 --- a/docs/reference/query-languages/toc.yml +++ b/docs/reference/query-languages/toc.yml @@ -109,7 +109,6 @@ toc: - file: esql/commands/lookup-join.md - file: esql/commands/mv_expand.md - file: esql/commands/rename.md - - file: esql/commands/rerank.md - file: esql/commands/sample.md - file: esql/commands/sort.md - file: esql/commands/stats-by.md From 43a55ea5f52b422d75a3041054c4b6ab626ecbc5 Mon Sep 17 00:00:00 2001 From: Liam Thompson Date: Tue, 19 Aug 2025 17:48:06 +0200 Subject: [PATCH 3/4] Delete rerank.md --- docs/reference/query-languages/esql/commands/rerank.md | 10 ---------- 1 file changed, 10 deletions(-) delete mode 100644 docs/reference/query-languages/esql/commands/rerank.md diff --git a/docs/reference/query-languages/esql/commands/rerank.md b/docs/reference/query-languages/esql/commands/rerank.md deleted file mode 100644 index d1d5b3251842c..0000000000000 --- a/docs/reference/query-languages/esql/commands/rerank.md +++ /dev/null @@ -1,10 +0,0 @@ ---- -navigation_title: "RERANK" -mapped_pages: - - https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-rerank ---- - -# `RERANK` [esql-rerank] - -:::{include} ../_snippets/commands/layout/rerank.md -::: From 6378094d88febe2635401f2bc4957cbca8cec008 Mon Sep 17 00:00:00 2001 From: Liam Thompson Date: Tue, 19 Aug 2025 17:49:01 +0200 Subject: [PATCH 4/4] delete rerank redirect --- docs/redirects.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/docs/redirects.yml b/docs/redirects.yml index 646937892e06a..d8e62f9a121e4 100644 --- a/docs/redirects.yml +++ b/docs/redirects.yml @@ -76,8 +76,6 @@ redirects: anchors: {'esql-mv_expand'} - to: 'reference/query-languages/esql/commands/rename.md' anchors: {'esql-rename'} - - to: 'reference/query-languages/esql/commands/rerank.md' - anchors: {'esql-rerank'} - to: 'reference/query-languages/esql/commands/sample.md' anchors: {'esql-sample'} - to: 'reference/query-languages/esql/commands/sort.md' @@ -85,4 +83,4 @@ redirects: - to: 'reference/query-languages/esql/commands/stats-by.md' anchors: {'esql-stats-by'} - to: 'reference/query-languages/esql/commands/where.md' - anchors: {'esql-where'} \ No newline at end of file + anchors: {'esql-where'}