diff --git a/docs/reference/query-languages/esql/_snippets/commands/layout/ts.md b/docs/reference/query-languages/esql/_snippets/commands/layout/ts.md index 2b8b8c0925387..d777d77d6523c 100644 --- a/docs/reference/query-languages/esql/_snippets/commands/layout/ts.md +++ b/docs/reference/query-languages/esql/_snippets/commands/layout/ts.md @@ -1,12 +1,16 @@ ```yaml {applies_to} -serverless: ga -stack: ga +serverless: preview +stack: preview 9.2.0 ``` -The `TS` command is similar to the `FROM` source command, -but with two key differences: it targets only [time-series indices](docs-content://manage-data/data-store/data-streams/time-series-data-stream-tsds.md) -and enables the use of time-series aggregation functions -with the [STATS](/reference/query-languages/esql/commands/stats-by.md) command. +**Brief description** + +The `TS` source command is similar to the [`FROM`](/reference/query-languages/esql/commands/from.md) +source command, with the following key differences: + + - Targets only [time series indices](docs-content://manage-data/data-store/data-streams/time-series-data-stream-tsds.md) + - Enables the use of [time series aggregation functions](/reference/query-languages/esql/functions-operators/time-series-aggregation-functions.md) inside the + [STATS](/reference/query-languages/esql/commands/stats-by.md) command **Syntax** @@ -22,10 +26,92 @@ TS index_pattern [METADATA fields] `fields` : A comma-separated list of [metadata fields](/reference/query-languages/esql/esql-metadata-fields.md) to retrieve. +**Description** + +The `TS` source command enables time series semantics and adds support for +[time series aggregation functions](/reference/query-languages/esql/functions-operators/time-series-aggregation-functions.md) to the `STATS` command, such as +[`AVG_OVER_TIME()`](/reference/query-languages/esql/functions-operators/time-series-aggregation-functions.md#esql-avg_over_time), +or [`RATE`](/reference/query-languages/esql/functions-operators/time-series-aggregation-functions.md#esql-rate). +These functions are implicitly evaluated per time series, then aggregated by group using a secondary aggregation +function. For example: + +```esql +TS metrics + | WHERE @timestamp >= now() - 1 hour + | STATS SUM(RATE(search_requests)) BY TBUCKET(1 hour), host +``` + +This query calculates the total rate of search requests (tracked by the `search_requests` counter) per host and hour. The `RATE()` +function is applied per time series in hourly buckets. These rates are summed for each +host and hourly bucket (since each host can map to multiple time series). + +This paradigm—a pair of aggregation functions—is standard for time series +querying. For supported inner (time series) functions per +[metric type](docs-content://manage-data/data-store/data-streams/time-series-data-stream-tsds.md#time-series-metric), refer to +[](/reference/query-languages/esql/functions-operators/time-series-aggregation-functions.md). These functions also +apply to downsampled data, with the same semantics as for raw data. + +::::{note} +If a query is missing an inner (time series) aggregation function, +[`LAST_OVER_TIME()`](/reference/query-languages/esql/functions-operators/time-series-aggregation-functions.md#esql-last_over_time) +is assumed and used implicitly. For instance, the following two queries are +equivalent, returning the average of the last memory usage values per time series: + +```esql +TS metrics | STATS AVG(memory_usage) + +TS metrics | STATS AVG(LAST_OVER_TIME(memory_usage)) +``` + +To calculate the average memory usage across per-time-series averages, use +the following query: + +```esql +TS metrics | STATS AVG(AVG_OVER_TIME(memory_usage)) +``` +:::: + +Use regular (non-time-series) +[aggregation functions](/reference/query-languages/esql/functions-operators/aggregation-functions.md), +such as `SUM()`, as outer aggregation functions. Using a time series aggregation +in combination with an inner function causes an error. For example, the +following query is invalid: + +```esql +TS metrics | STATS AVG_OVER_TIME(RATE(memory_usage)) +``` + +::::{note} +A [time series](/reference/query-languages/esql/functions-operators/time-series-aggregation-functions.md) +aggregation function must be wrapped inside a +[regular](/reference/query-languages/esql/functions-operators/aggregation-functions.md) +aggregation function. For instance, the following query is invalid: + +```esql +TS metrics | STATS RATE(search_requests) +``` +:::: + +**Best practices** + +- Avoid aggregating multiple metrics in the same query when those metrics have different dimensional cardinalities. + For example, in `STATS max(rate(foo)) + rate(bar))`, if `foo` and `bar` don't share the same dimension values, the rate + for one metric will be null for some dimension combinations. Because the + operator returns null when either input + is null, the entire result becomes null for those dimensions. Additionally, queries that aggregate a single metric + can filter out null values more efficiently. +- Use the `TS` command for aggregations on time series data, rather than `FROM`. The `FROM` command is still available + (for example, for listing document contents), but it's not optimized for procesing time series data and may produce + unexpected results. +- The `TS` command can't be combined with certain operations (such as + [`FORK`](/reference/query-languages/esql/commands/fork.md)) before the `STATS` command is applied. Once `STATS` is + applied, you can process the tabular output with any applicable ES|QL operations. +- Add a time range filter on `@timestamp` to limit the data volume scanned and improve query performance. + **Examples** ```esql TS metrics -| STATS sum(last_over_time(memory_usage)) +| WHERE @timestamp >= now() - 1 day +| STATS SUM(AVG_OVER_TIME(memory_usage)) BY host, TBUCKET(1 hour) ``` diff --git a/docs/reference/query-languages/esql/_snippets/functions/description/absent_over_time.md b/docs/reference/query-languages/esql/_snippets/functions/description/absent_over_time.md index ea9194a48a5ee..7c842355f6dec 100644 --- a/docs/reference/query-languages/esql/_snippets/functions/description/absent_over_time.md +++ b/docs/reference/query-languages/esql/_snippets/functions/description/absent_over_time.md @@ -2,10 +2,5 @@ **Description** -The absence of a field in the output result over time range. - -::::{note} -Available with the [TS](/reference/query-languages/esql/commands/source-commands.md#esql-ts) command in snapshot builds -:::: - +Calculates the absence of a field in the output result over time range. diff --git a/docs/reference/query-languages/esql/_snippets/functions/description/avg_over_time.md b/docs/reference/query-languages/esql/_snippets/functions/description/avg_over_time.md index b293e49503baf..7914e085fa9dc 100644 --- a/docs/reference/query-languages/esql/_snippets/functions/description/avg_over_time.md +++ b/docs/reference/query-languages/esql/_snippets/functions/description/avg_over_time.md @@ -2,10 +2,5 @@ **Description** -The average over time of a numeric field. - -::::{note} -Available with the [TS](/reference/query-languages/esql/commands/source-commands.md#esql-ts) command in snapshot builds -:::: - +Calculates the average over time of a numeric field. diff --git a/docs/reference/query-languages/esql/_snippets/functions/description/count_distinct_over_time.md b/docs/reference/query-languages/esql/_snippets/functions/description/count_distinct_over_time.md index 19aa75066abfc..733fd2be64f74 100644 --- a/docs/reference/query-languages/esql/_snippets/functions/description/count_distinct_over_time.md +++ b/docs/reference/query-languages/esql/_snippets/functions/description/count_distinct_over_time.md @@ -2,10 +2,5 @@ **Description** -The count of distinct values over time for a field. - -::::{note} -Available with the [TS](/reference/query-languages/esql/commands/source-commands.md#esql-ts) command in snapshot builds -:::: - +Calculates the count of distinct values over time for a field. diff --git a/docs/reference/query-languages/esql/_snippets/functions/description/count_over_time.md b/docs/reference/query-languages/esql/_snippets/functions/description/count_over_time.md index 9eac8f6e5e827..af86e7d7ba102 100644 --- a/docs/reference/query-languages/esql/_snippets/functions/description/count_over_time.md +++ b/docs/reference/query-languages/esql/_snippets/functions/description/count_over_time.md @@ -2,10 +2,5 @@ **Description** -The count over time value of a field. - -::::{note} -Available with the [TS](/reference/query-languages/esql/commands/source-commands.md#esql-ts) command in snapshot builds -:::: - +Calculates the count over time value of a field. diff --git a/docs/reference/query-languages/esql/_snippets/functions/description/first.md b/docs/reference/query-languages/esql/_snippets/functions/description/first.md index c0e07fd848d6f..10d86eb79e5e6 100644 --- a/docs/reference/query-languages/esql/_snippets/functions/description/first.md +++ b/docs/reference/query-languages/esql/_snippets/functions/description/first.md @@ -2,5 +2,5 @@ **Description** -The earliest value of a field. +Calculates the earliest value of a field. diff --git a/docs/reference/query-languages/esql/_snippets/functions/description/first_over_time.md b/docs/reference/query-languages/esql/_snippets/functions/description/first_over_time.md index dac86dc9e17f5..067e3125c1de8 100644 --- a/docs/reference/query-languages/esql/_snippets/functions/description/first_over_time.md +++ b/docs/reference/query-languages/esql/_snippets/functions/description/first_over_time.md @@ -2,10 +2,5 @@ **Description** -The earliest value of a field, where recency determined by the `@timestamp` field. - -::::{note} -Available with the [TS](/reference/query-languages/esql/commands/source-commands.md#esql-ts) command in snapshot builds -:::: - +Calculates the earliest value of a field, where recency determined by the `@timestamp` field. diff --git a/docs/reference/query-languages/esql/_snippets/functions/description/last.md b/docs/reference/query-languages/esql/_snippets/functions/description/last.md index 23449350e80d9..3eb340518235b 100644 --- a/docs/reference/query-languages/esql/_snippets/functions/description/last.md +++ b/docs/reference/query-languages/esql/_snippets/functions/description/last.md @@ -2,5 +2,5 @@ **Description** -The latest value of a field. +Calculates the latest value of a field. diff --git a/docs/reference/query-languages/esql/_snippets/functions/description/last_over_time.md b/docs/reference/query-languages/esql/_snippets/functions/description/last_over_time.md index f08366826660b..a5bc196ddbae9 100644 --- a/docs/reference/query-languages/esql/_snippets/functions/description/last_over_time.md +++ b/docs/reference/query-languages/esql/_snippets/functions/description/last_over_time.md @@ -2,10 +2,5 @@ **Description** -The latest value of a field, where recency determined by the `@timestamp` field. - -::::{note} -Available with the [TS](/reference/query-languages/esql/commands/source-commands.md#esql-ts) command in snapshot builds -:::: - +Calculates the latest value of a field, where recency determined by the `@timestamp` field. diff --git a/docs/reference/query-languages/esql/_snippets/functions/description/max_over_time.md b/docs/reference/query-languages/esql/_snippets/functions/description/max_over_time.md index 7d4b1f64c317e..7cf0a2c32b265 100644 --- a/docs/reference/query-languages/esql/_snippets/functions/description/max_over_time.md +++ b/docs/reference/query-languages/esql/_snippets/functions/description/max_over_time.md @@ -2,10 +2,5 @@ **Description** -The maximum over time value of a field. - -::::{note} -Available with the [TS](/reference/query-languages/esql/commands/source-commands.md#esql-ts) command in snapshot builds -:::: - +Calculates the maximum over time value of a field. diff --git a/docs/reference/query-languages/esql/_snippets/functions/description/min_over_time.md b/docs/reference/query-languages/esql/_snippets/functions/description/min_over_time.md index 7de9744749022..869cfca591b3d 100644 --- a/docs/reference/query-languages/esql/_snippets/functions/description/min_over_time.md +++ b/docs/reference/query-languages/esql/_snippets/functions/description/min_over_time.md @@ -2,10 +2,5 @@ **Description** -The minimum over time value of a field. - -::::{note} -Available with the [TS](/reference/query-languages/esql/commands/source-commands.md#esql-ts) command in snapshot builds -:::: - +Calculates the minimum over time value of a field. diff --git a/docs/reference/query-languages/esql/_snippets/functions/description/present_over_time.md b/docs/reference/query-languages/esql/_snippets/functions/description/present_over_time.md index 9a4d5cabcc704..a4a0c4b21702b 100644 --- a/docs/reference/query-languages/esql/_snippets/functions/description/present_over_time.md +++ b/docs/reference/query-languages/esql/_snippets/functions/description/present_over_time.md @@ -2,10 +2,5 @@ **Description** -The presence of a field in the output result over time range. - -::::{note} -Available with the [TS](/reference/query-languages/esql/commands/source-commands.md#esql-ts) command in snapshot builds -:::: - +Calculates the presence of a field in the output result over time range. diff --git a/docs/reference/query-languages/esql/_snippets/functions/description/rate.md b/docs/reference/query-languages/esql/_snippets/functions/description/rate.md index 221d1ba191433..0de1312951f82 100644 --- a/docs/reference/query-languages/esql/_snippets/functions/description/rate.md +++ b/docs/reference/query-languages/esql/_snippets/functions/description/rate.md @@ -2,10 +2,5 @@ **Description** -The rate of a counter field. - -::::{note} -Available with the [TS](/reference/query-languages/esql/commands/source-commands.md#esql-ts) command -:::: - +Calculates the rate of a counter field. diff --git a/docs/reference/query-languages/esql/_snippets/functions/description/sum_over_time.md b/docs/reference/query-languages/esql/_snippets/functions/description/sum_over_time.md index 4a41cb109c9ac..15fbd28330f0c 100644 --- a/docs/reference/query-languages/esql/_snippets/functions/description/sum_over_time.md +++ b/docs/reference/query-languages/esql/_snippets/functions/description/sum_over_time.md @@ -2,10 +2,5 @@ **Description** -The sum over time value of a field. - -::::{note} -Available with the [TS](/reference/query-languages/esql/commands/source-commands.md#esql-ts) command in snapshot builds -:::: - +Calculates the sum over time value of a field. diff --git a/docs/reference/query-languages/esql/_snippets/functions/layout/absent_over_time.md b/docs/reference/query-languages/esql/_snippets/functions/layout/absent_over_time.md index d36fdaad4ce44..38d6822dab0b6 100644 --- a/docs/reference/query-languages/esql/_snippets/functions/layout/absent_over_time.md +++ b/docs/reference/query-languages/esql/_snippets/functions/layout/absent_over_time.md @@ -2,7 +2,7 @@ ## `ABSENT_OVER_TIME` [esql-absent_over_time] ```{applies_to} -stack: unavailable +stack: preview 9.2.0 ``` **Syntax** diff --git a/docs/reference/query-languages/esql/_snippets/functions/layout/avg_over_time.md b/docs/reference/query-languages/esql/_snippets/functions/layout/avg_over_time.md index f650d9c86c907..88acfef1f7f5d 100644 --- a/docs/reference/query-languages/esql/_snippets/functions/layout/avg_over_time.md +++ b/docs/reference/query-languages/esql/_snippets/functions/layout/avg_over_time.md @@ -2,7 +2,7 @@ ## `AVG_OVER_TIME` [esql-avg_over_time] ```{applies_to} -stack: unavailable +stack: preview 9.2.0 ``` **Syntax** diff --git a/docs/reference/query-languages/esql/_snippets/functions/layout/count_distinct_over_time.md b/docs/reference/query-languages/esql/_snippets/functions/layout/count_distinct_over_time.md index 4a25ebedeac38..2bc1e286cab68 100644 --- a/docs/reference/query-languages/esql/_snippets/functions/layout/count_distinct_over_time.md +++ b/docs/reference/query-languages/esql/_snippets/functions/layout/count_distinct_over_time.md @@ -2,7 +2,7 @@ ## `COUNT_DISTINCT_OVER_TIME` [esql-count_distinct_over_time] ```{applies_to} -stack: unavailable +stack: preview 9.2.0 ``` **Syntax** diff --git a/docs/reference/query-languages/esql/_snippets/functions/layout/count_over_time.md b/docs/reference/query-languages/esql/_snippets/functions/layout/count_over_time.md index 52e0d6f515544..292dff0e10e06 100644 --- a/docs/reference/query-languages/esql/_snippets/functions/layout/count_over_time.md +++ b/docs/reference/query-languages/esql/_snippets/functions/layout/count_over_time.md @@ -2,7 +2,7 @@ ## `COUNT_OVER_TIME` [esql-count_over_time] ```{applies_to} -stack: unavailable +stack: preview 9.2.0 ``` **Syntax** diff --git a/docs/reference/query-languages/esql/_snippets/functions/layout/first.md b/docs/reference/query-languages/esql/_snippets/functions/layout/first.md index c8324c342fc83..ef9e358866153 100644 --- a/docs/reference/query-languages/esql/_snippets/functions/layout/first.md +++ b/docs/reference/query-languages/esql/_snippets/functions/layout/first.md @@ -2,7 +2,7 @@ ## `FIRST` [esql-first] ```{applies_to} -stack: unavailable +stack: ga 9.2.0 ``` **Syntax** diff --git a/docs/reference/query-languages/esql/_snippets/functions/layout/first_over_time.md b/docs/reference/query-languages/esql/_snippets/functions/layout/first_over_time.md index e39e11c3e01f0..50462fef0d1ab 100644 --- a/docs/reference/query-languages/esql/_snippets/functions/layout/first_over_time.md +++ b/docs/reference/query-languages/esql/_snippets/functions/layout/first_over_time.md @@ -2,7 +2,7 @@ ## `FIRST_OVER_TIME` [esql-first_over_time] ```{applies_to} -stack: unavailable +stack: preview 9.2.0 ``` **Syntax** diff --git a/docs/reference/query-languages/esql/_snippets/functions/layout/last.md b/docs/reference/query-languages/esql/_snippets/functions/layout/last.md index 319fd0cea4c4a..ac4254c526a30 100644 --- a/docs/reference/query-languages/esql/_snippets/functions/layout/last.md +++ b/docs/reference/query-languages/esql/_snippets/functions/layout/last.md @@ -2,7 +2,7 @@ ## `LAST` [esql-last] ```{applies_to} -stack: unavailable +stack: ga 9.2.0 ``` **Syntax** diff --git a/docs/reference/query-languages/esql/_snippets/functions/layout/last_over_time.md b/docs/reference/query-languages/esql/_snippets/functions/layout/last_over_time.md index 49e83f336d129..0fdb3f6c06912 100644 --- a/docs/reference/query-languages/esql/_snippets/functions/layout/last_over_time.md +++ b/docs/reference/query-languages/esql/_snippets/functions/layout/last_over_time.md @@ -2,7 +2,7 @@ ## `LAST_OVER_TIME` [esql-last_over_time] ```{applies_to} -stack: unavailable +stack: preview 9.2.0 ``` **Syntax** diff --git a/docs/reference/query-languages/esql/_snippets/functions/layout/max_over_time.md b/docs/reference/query-languages/esql/_snippets/functions/layout/max_over_time.md index 28085b9533e5f..4d0732a26cded 100644 --- a/docs/reference/query-languages/esql/_snippets/functions/layout/max_over_time.md +++ b/docs/reference/query-languages/esql/_snippets/functions/layout/max_over_time.md @@ -2,7 +2,7 @@ ## `MAX_OVER_TIME` [esql-max_over_time] ```{applies_to} -stack: unavailable +stack: preview 9.2.0 ``` **Syntax** diff --git a/docs/reference/query-languages/esql/_snippets/functions/layout/min_over_time.md b/docs/reference/query-languages/esql/_snippets/functions/layout/min_over_time.md index 82d2eae67915b..3644fde260d58 100644 --- a/docs/reference/query-languages/esql/_snippets/functions/layout/min_over_time.md +++ b/docs/reference/query-languages/esql/_snippets/functions/layout/min_over_time.md @@ -2,7 +2,7 @@ ## `MIN_OVER_TIME` [esql-min_over_time] ```{applies_to} -stack: unavailable +stack: preview 9.2.0 ``` **Syntax** diff --git a/docs/reference/query-languages/esql/_snippets/functions/layout/present_over_time.md b/docs/reference/query-languages/esql/_snippets/functions/layout/present_over_time.md index 71b9b8ea596dc..04fb44bc9f672 100644 --- a/docs/reference/query-languages/esql/_snippets/functions/layout/present_over_time.md +++ b/docs/reference/query-languages/esql/_snippets/functions/layout/present_over_time.md @@ -2,7 +2,7 @@ ## `PRESENT_OVER_TIME` [esql-present_over_time] ```{applies_to} -stack: unavailable +stack: preview 9.2.0 ``` **Syntax** diff --git a/docs/reference/query-languages/esql/_snippets/functions/layout/rate.md b/docs/reference/query-languages/esql/_snippets/functions/layout/rate.md index fc6081fbec229..fc62158b7213a 100644 --- a/docs/reference/query-languages/esql/_snippets/functions/layout/rate.md +++ b/docs/reference/query-languages/esql/_snippets/functions/layout/rate.md @@ -2,7 +2,7 @@ ## `RATE` [esql-rate] ```{applies_to} -stack: unavailable +stack: preview 9.2.0 ``` **Syntax** diff --git a/docs/reference/query-languages/esql/_snippets/functions/layout/sum_over_time.md b/docs/reference/query-languages/esql/_snippets/functions/layout/sum_over_time.md index ac978d5dc45d6..647ff06f7181e 100644 --- a/docs/reference/query-languages/esql/_snippets/functions/layout/sum_over_time.md +++ b/docs/reference/query-languages/esql/_snippets/functions/layout/sum_over_time.md @@ -2,7 +2,7 @@ ## `SUM_OVER_TIME` [esql-sum_over_time] ```{applies_to} -stack: unavailable +stack: preview 9.2.0 ``` **Syntax** diff --git a/docs/reference/query-languages/esql/_snippets/lists/aggregation-functions.md b/docs/reference/query-languages/esql/_snippets/lists/aggregation-functions.md index adede5d68a6ca..f9b6e100ad4f9 100644 --- a/docs/reference/query-languages/esql/_snippets/lists/aggregation-functions.md +++ b/docs/reference/query-languages/esql/_snippets/lists/aggregation-functions.md @@ -1,11 +1,15 @@ +* [`ABSENT`](../../functions-operators/aggregation-functions.md#esql-absent) * [`AVG`](../../functions-operators/aggregation-functions.md#esql-avg) * [`COUNT`](../../functions-operators/aggregation-functions.md#esql-count) * [`COUNT_DISTINCT`](../../functions-operators/aggregation-functions.md#esql-count_distinct) +* [`FIRST`](../../functions-operators/aggregation-functions.md#esql-first) +* [`LAST`](../../functions-operators/aggregation-functions.md#esql-last) * [`MAX`](../../functions-operators/aggregation-functions.md#esql-max) * [`MEDIAN`](../../functions-operators/aggregation-functions.md#esql-median) * [`MEDIAN_ABSOLUTE_DEVIATION`](../../functions-operators/aggregation-functions.md#esql-median_absolute_deviation) * [`MIN`](../../functions-operators/aggregation-functions.md#esql-min) * [`PERCENTILE`](../../functions-operators/aggregation-functions.md#esql-percentile) +* [`PRESENT`](../../functions-operators/aggregation-functions.md#esql-present) * [`SAMPLE`](../../functions-operators/aggregation-functions.md#esql-sample) * {applies_to}`stack: preview` {applies_to}`serverless: preview` [`ST_CENTROID_AGG`](../../functions-operators/aggregation-functions.md#esql-st_centroid_agg) * [{applies_to}`stack: preview` {applies_to}`serverless: preview` [`ST_EXTENT_AGG`](../../functions-operators/aggregation-functions.md#esql-st_extent_agg) @@ -14,4 +18,3 @@ * [`TOP`](../../functions-operators/aggregation-functions.md#esql-top) * {applies_to}`stack: preview` {applies_to}`serverless: preview` [`VALUES`](../../functions-operators/aggregation-functions.md#esql-values) * [`WEIGHTED_AVG`](../../functions-operators/aggregation-functions.md#esql-weighted_avg) -* [`PRESENT`](../../functions-operators/aggregation-functions.md#esql-present) diff --git a/docs/reference/query-languages/esql/_snippets/lists/source-commands.md b/docs/reference/query-languages/esql/_snippets/lists/source-commands.md index ceaa5147da7cf..3b806f15255fc 100644 --- a/docs/reference/query-languages/esql/_snippets/lists/source-commands.md +++ b/docs/reference/query-languages/esql/_snippets/lists/source-commands.md @@ -1,3 +1,4 @@ - [`FROM`](/reference/query-languages/esql/commands/from.md) - [`ROW`](/reference/query-languages/esql/commands/row.md) -- [`SHOW`](/reference/query-languages/esql/commands/show.md) \ No newline at end of file +- [`SHOW`](/reference/query-languages/esql/commands/show.md) +- [`TS`](/reference/query-languages/esql/commands/ts.md) diff --git a/docs/reference/query-languages/esql/_snippets/lists/time-series-aggregation-functions.md b/docs/reference/query-languages/esql/_snippets/lists/time-series-aggregation-functions.md new file mode 100644 index 0000000000000..17db563e9dade --- /dev/null +++ b/docs/reference/query-languages/esql/_snippets/lists/time-series-aggregation-functions.md @@ -0,0 +1,11 @@ +* [preview] [`ABSENT_OVER_TIME`](../../functions-operators/time-series-aggregation-functions.md#esql-absent_over_time) +* [preview] [`AVG_OVER_TIME`](../../functions-operators/time-series-aggregation-functions.md#esql-avg_over_time) +* [preview] [`COUNT_OVER_TIME`](../../functions-operators/time-series-aggregation-functions.md#esql-count_over_time) +* [preview] [`COUNT_DISTINCT_OVER_TIME`](../../functions-operators/time-series-aggregation-functions.md#esql-count_distinct_over_time) +* [preview] [`FIRST_OVER_TIME`](../../functions-operators/time-series-aggregation-functions.md#esql-first_over_time) +* [preview] [`LAST_OVER_TIME`](../../functions-operators/time-series-aggregation-functions.md#esql-last_over_time) +* [preview] [`MAX_OVER_TIME`](../../functions-operators/time-series-aggregation-functions.md#esql-max_over_time) +* [preview] [`MIN_OVER_TIME`](../../functions-operators/time-series-aggregation-functions.md#esql-min_over_time) +* [preview] [`PRESENT_OVER_TIME`](../../functions-operators/time-series-aggregation-functions.md#esql-present_over_time) +* [preview] [`RATE`](../../functions-operators/time-series-aggregation-functions.md#esql-rate) +* [preview] [`SUM_OVER_TIME`](../../functions-operators/time-series-aggregation-functions.md#esql-sum_over_time) diff --git a/docs/reference/query-languages/esql/commands/ts.md b/docs/reference/query-languages/esql/commands/ts.md new file mode 100644 index 0000000000000..9d2b5f7b8d17c --- /dev/null +++ b/docs/reference/query-languages/esql/commands/ts.md @@ -0,0 +1,10 @@ +--- +navigation_title: "TS" +mapped_pages: + - https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-commands.html#esql-ts +--- + +# `TS` [esql-ts] + +:::{include} ../_snippets/commands/layout/ts.md +::: diff --git a/docs/reference/query-languages/esql/esql-functions-operators.md b/docs/reference/query-languages/esql/esql-functions-operators.md index 49f2bcabb457c..bf24c72108216 100644 --- a/docs/reference/query-languages/esql/esql-functions-operators.md +++ b/docs/reference/query-languages/esql/esql-functions-operators.md @@ -20,6 +20,12 @@ mapped_pages: ::: :::: +::::{dropdown} Time-series aggregate functions +:open: +:::{include} _snippets/lists/time-series-aggregation-functions.md +::: +:::: + ::::{dropdown} Grouping functions :open: :::{include} _snippets/lists/grouping-functions.md diff --git a/docs/reference/query-languages/esql/functions-operators/aggregation-functions.md b/docs/reference/query-languages/esql/functions-operators/aggregation-functions.md index 6dd1360c5458d..f0b1a6212307b 100644 --- a/docs/reference/query-languages/esql/functions-operators/aggregation-functions.md +++ b/docs/reference/query-languages/esql/functions-operators/aggregation-functions.md @@ -16,6 +16,9 @@ The [`STATS`](/reference/query-languages/esql/commands/stats-by.md) and [`INLINE :::{include} ../_snippets/lists/aggregation-functions.md ::: +:::{include} ../_snippets/functions/layout/absent.md +::: + :::{include} ../_snippets/functions/layout/avg.md ::: @@ -25,6 +28,12 @@ The [`STATS`](/reference/query-languages/esql/commands/stats-by.md) and [`INLINE :::{include} ../_snippets/functions/layout/count_distinct.md ::: +:::{include} ../_snippets/functions/layout/first.md +::: + +:::{include} ../_snippets/functions/layout/last.md +::: + :::{include} ../_snippets/functions/layout/max.md ::: diff --git a/docs/reference/query-languages/esql/functions-operators/time-series-aggregation-functions.md b/docs/reference/query-languages/esql/functions-operators/time-series-aggregation-functions.md new file mode 100644 index 0000000000000..b3c49ff40b0ee --- /dev/null +++ b/docs/reference/query-languages/esql/functions-operators/time-series-aggregation-functions.md @@ -0,0 +1,47 @@ +--- +navigation_title: "Time series aggregation functions" +mapped_pages: + - https://www.elastic.co/guide/en/elasticsearch/reference/current/esql-functions-operators.html#esql-time-series-agg-functions +--- + +# {{esql}} time series aggregation functions [esql-time-series-aggregation-functions] + +The first [`STATS`](/reference/query-languages/esql/commands/stats-by.md) under +a [`TS`](/reference/query-languages/esql/commands/ts.md) source command +supports the following time series aggregation functions: + +:::{include} ../_snippets/lists/time-series-aggregation-functions.md +::: + +:::{include} ../_snippets/functions/layout/absent_over_time.md +::: + +:::{include} ../_snippets/functions/layout/avg_over_time.md +::: + +:::{include} ../_snippets/functions/layout/count_over_time.md +::: + +:::{include} ../_snippets/functions/layout/count_distinct_over_time.md +::: + +:::{include} ../_snippets/functions/layout/first_over_time.md +::: + +:::{include} ../_snippets/functions/layout/last_over_time.md +::: + +:::{include} ../_snippets/functions/layout/max_over_time.md +::: + +:::{include} ../_snippets/functions/layout/min_over_time.md +::: + +:::{include} ../_snippets/functions/layout/present_over_time.md +::: + +:::{include} ../_snippets/functions/layout/rate.md +::: + +:::{include} ../_snippets/functions/layout/sum_over_time.md +::: diff --git a/docs/reference/query-languages/esql/kibana/definition/functions/absent_over_time.json b/docs/reference/query-languages/esql/kibana/definition/functions/absent_over_time.json index b520b01efe4d6..879918c653dda 100644 --- a/docs/reference/query-languages/esql/kibana/definition/functions/absent_over_time.json +++ b/docs/reference/query-languages/esql/kibana/definition/functions/absent_over_time.json @@ -2,8 +2,7 @@ "comment" : "This is generated by ESQL's AbstractFunctionTestCase. Do not edit it. See ../README.md for how to regenerate it.", "type" : "time_series_agg", "name" : "absent_over_time", - "description" : "The absence of a field in the output result over time range.", - "note" : "Available with the TS command in snapshot builds", + "description" : "Calculates the absence of a field in the output result over time range.", "signatures" : [ { "params" : [ diff --git a/docs/reference/query-languages/esql/kibana/definition/functions/avg_over_time.json b/docs/reference/query-languages/esql/kibana/definition/functions/avg_over_time.json index 1caacba2f190a..5f449bb6459f5 100644 --- a/docs/reference/query-languages/esql/kibana/definition/functions/avg_over_time.json +++ b/docs/reference/query-languages/esql/kibana/definition/functions/avg_over_time.json @@ -2,8 +2,7 @@ "comment" : "This is generated by ESQL's AbstractFunctionTestCase. Do not edit it. See ../README.md for how to regenerate it.", "type" : "time_series_agg", "name" : "avg_over_time", - "description" : "The average over time of a numeric field.", - "note" : "Available with the TS command in snapshot builds", + "description" : "Calculates the average over time of a numeric field.", "signatures" : [ { "params" : [ diff --git a/docs/reference/query-languages/esql/kibana/definition/functions/count_distinct_over_time.json b/docs/reference/query-languages/esql/kibana/definition/functions/count_distinct_over_time.json index c67aa8a4a47e3..fd994aa15537e 100644 --- a/docs/reference/query-languages/esql/kibana/definition/functions/count_distinct_over_time.json +++ b/docs/reference/query-languages/esql/kibana/definition/functions/count_distinct_over_time.json @@ -2,8 +2,7 @@ "comment" : "This is generated by ESQL's AbstractFunctionTestCase. Do not edit it. See ../README.md for how to regenerate it.", "type" : "time_series_agg", "name" : "count_distinct_over_time", - "description" : "The count of distinct values over time for a field.", - "note" : "Available with the TS command in snapshot builds", + "description" : "Calculates the count of distinct values over time for a field.", "signatures" : [ { "params" : [ diff --git a/docs/reference/query-languages/esql/kibana/definition/functions/count_over_time.json b/docs/reference/query-languages/esql/kibana/definition/functions/count_over_time.json index 8e1a5cd4b543d..efdc885ee1265 100644 --- a/docs/reference/query-languages/esql/kibana/definition/functions/count_over_time.json +++ b/docs/reference/query-languages/esql/kibana/definition/functions/count_over_time.json @@ -2,8 +2,7 @@ "comment" : "This is generated by ESQL's AbstractFunctionTestCase. Do not edit it. See ../README.md for how to regenerate it.", "type" : "time_series_agg", "name" : "count_over_time", - "description" : "The count over time value of a field.", - "note" : "Available with the TS command in snapshot builds", + "description" : "Calculates the count over time value of a field.", "signatures" : [ { "params" : [ diff --git a/docs/reference/query-languages/esql/kibana/definition/functions/first.json b/docs/reference/query-languages/esql/kibana/definition/functions/first.json index 336afa2f43a2b..b62e50fc9c52b 100644 --- a/docs/reference/query-languages/esql/kibana/definition/functions/first.json +++ b/docs/reference/query-languages/esql/kibana/definition/functions/first.json @@ -2,7 +2,7 @@ "comment" : "This is generated by ESQL's AbstractFunctionTestCase. Do not edit it. See ../README.md for how to regenerate it.", "type" : "agg", "name" : "first", - "description" : "The earliest value of a field.", + "description" : "Calculates the earliest value of a field.", "signatures" : [ { "params" : [ diff --git a/docs/reference/query-languages/esql/kibana/definition/functions/first_over_time.json b/docs/reference/query-languages/esql/kibana/definition/functions/first_over_time.json index 52ec116d2b50e..052b2a65e223c 100644 --- a/docs/reference/query-languages/esql/kibana/definition/functions/first_over_time.json +++ b/docs/reference/query-languages/esql/kibana/definition/functions/first_over_time.json @@ -2,8 +2,7 @@ "comment" : "This is generated by ESQL's AbstractFunctionTestCase. Do not edit it. See ../README.md for how to regenerate it.", "type" : "time_series_agg", "name" : "first_over_time", - "description" : "The earliest value of a field, where recency determined by the `@timestamp` field.", - "note" : "Available with the TS command in snapshot builds", + "description" : "Calculates the earliest value of a field, where recency determined by the `@timestamp` field.", "signatures" : [ { "params" : [ diff --git a/docs/reference/query-languages/esql/kibana/definition/functions/last.json b/docs/reference/query-languages/esql/kibana/definition/functions/last.json index 2525423825096..bda91801cd95c 100644 --- a/docs/reference/query-languages/esql/kibana/definition/functions/last.json +++ b/docs/reference/query-languages/esql/kibana/definition/functions/last.json @@ -2,7 +2,7 @@ "comment" : "This is generated by ESQL's AbstractFunctionTestCase. Do not edit it. See ../README.md for how to regenerate it.", "type" : "agg", "name" : "last", - "description" : "The latest value of a field.", + "description" : "Calculates the latest value of a field.", "signatures" : [ { "params" : [ diff --git a/docs/reference/query-languages/esql/kibana/definition/functions/last_over_time.json b/docs/reference/query-languages/esql/kibana/definition/functions/last_over_time.json index 53a817f0f00a1..0c732d51ea66b 100644 --- a/docs/reference/query-languages/esql/kibana/definition/functions/last_over_time.json +++ b/docs/reference/query-languages/esql/kibana/definition/functions/last_over_time.json @@ -2,8 +2,7 @@ "comment" : "This is generated by ESQL's AbstractFunctionTestCase. Do not edit it. See ../README.md for how to regenerate it.", "type" : "time_series_agg", "name" : "last_over_time", - "description" : "The latest value of a field, where recency determined by the `@timestamp` field.", - "note" : "Available with the TS command in snapshot builds", + "description" : "Calculates the latest value of a field, where recency determined by the `@timestamp` field.", "signatures" : [ { "params" : [ diff --git a/docs/reference/query-languages/esql/kibana/definition/functions/max_over_time.json b/docs/reference/query-languages/esql/kibana/definition/functions/max_over_time.json index cb42db1869496..340e6543a4e3f 100644 --- a/docs/reference/query-languages/esql/kibana/definition/functions/max_over_time.json +++ b/docs/reference/query-languages/esql/kibana/definition/functions/max_over_time.json @@ -2,8 +2,7 @@ "comment" : "This is generated by ESQL's AbstractFunctionTestCase. Do not edit it. See ../README.md for how to regenerate it.", "type" : "time_series_agg", "name" : "max_over_time", - "description" : "The maximum over time value of a field.", - "note" : "Available with the TS command in snapshot builds", + "description" : "Calculates the maximum over time value of a field.", "signatures" : [ { "params" : [ diff --git a/docs/reference/query-languages/esql/kibana/definition/functions/min_over_time.json b/docs/reference/query-languages/esql/kibana/definition/functions/min_over_time.json index 260063eaea843..ab34295c27765 100644 --- a/docs/reference/query-languages/esql/kibana/definition/functions/min_over_time.json +++ b/docs/reference/query-languages/esql/kibana/definition/functions/min_over_time.json @@ -2,8 +2,7 @@ "comment" : "This is generated by ESQL's AbstractFunctionTestCase. Do not edit it. See ../README.md for how to regenerate it.", "type" : "time_series_agg", "name" : "min_over_time", - "description" : "The minimum over time value of a field.", - "note" : "Available with the TS command in snapshot builds", + "description" : "Calculates the minimum over time value of a field.", "signatures" : [ { "params" : [ diff --git a/docs/reference/query-languages/esql/kibana/definition/functions/present_over_time.json b/docs/reference/query-languages/esql/kibana/definition/functions/present_over_time.json index 0c219c6500257..87a66d4a49ef5 100644 --- a/docs/reference/query-languages/esql/kibana/definition/functions/present_over_time.json +++ b/docs/reference/query-languages/esql/kibana/definition/functions/present_over_time.json @@ -2,8 +2,7 @@ "comment" : "This is generated by ESQL's AbstractFunctionTestCase. Do not edit it. See ../README.md for how to regenerate it.", "type" : "time_series_agg", "name" : "present_over_time", - "description" : "The presence of a field in the output result over time range.", - "note" : "Available with the TS command in snapshot builds", + "description" : "Calculates the presence of a field in the output result over time range.", "signatures" : [ { "params" : [ diff --git a/docs/reference/query-languages/esql/kibana/definition/functions/rate.json b/docs/reference/query-languages/esql/kibana/definition/functions/rate.json index 6c1d63c2a575f..751619fb00472 100644 --- a/docs/reference/query-languages/esql/kibana/definition/functions/rate.json +++ b/docs/reference/query-languages/esql/kibana/definition/functions/rate.json @@ -2,8 +2,7 @@ "comment" : "This is generated by ESQL's AbstractFunctionTestCase. Do not edit it. See ../README.md for how to regenerate it.", "type" : "time_series_agg", "name" : "rate", - "description" : "The rate of a counter field.", - "note" : "Available with the TS command", + "description" : "Calculates the rate of a counter field.", "signatures" : [ { "params" : [ diff --git a/docs/reference/query-languages/esql/kibana/definition/functions/sum_over_time.json b/docs/reference/query-languages/esql/kibana/definition/functions/sum_over_time.json index 008e2f60b0825..2888b2caded55 100644 --- a/docs/reference/query-languages/esql/kibana/definition/functions/sum_over_time.json +++ b/docs/reference/query-languages/esql/kibana/definition/functions/sum_over_time.json @@ -2,8 +2,7 @@ "comment" : "This is generated by ESQL's AbstractFunctionTestCase. Do not edit it. See ../README.md for how to regenerate it.", "type" : "time_series_agg", "name" : "sum_over_time", - "description" : "The sum over time value of a field.", - "note" : "Available with the TS command in snapshot builds", + "description" : "Calculates the sum over time value of a field.", "signatures" : [ { "params" : [ diff --git a/docs/reference/query-languages/esql/kibana/docs/functions/absent_over_time.md b/docs/reference/query-languages/esql/kibana/docs/functions/absent_over_time.md index 4774417903814..079cae1583906 100644 --- a/docs/reference/query-languages/esql/kibana/docs/functions/absent_over_time.md +++ b/docs/reference/query-languages/esql/kibana/docs/functions/absent_over_time.md @@ -1,9 +1,7 @@ % This is generated by ESQL's AbstractFunctionTestCase. Do not edit it. See ../README.md for how to regenerate it. ### ABSENT OVER TIME -The absence of a field in the output result over time range. - -Note: Available with the [TS](https://www.elastic.co/docs/reference/query-languages/esql/commands/source-commands#esql-ts) command in snapshot builds +Calculates the absence of a field in the output result over time range. ```esql TS k8s diff --git a/docs/reference/query-languages/esql/kibana/docs/functions/avg_over_time.md b/docs/reference/query-languages/esql/kibana/docs/functions/avg_over_time.md index c03578920f469..54937b3322eb6 100644 --- a/docs/reference/query-languages/esql/kibana/docs/functions/avg_over_time.md +++ b/docs/reference/query-languages/esql/kibana/docs/functions/avg_over_time.md @@ -1,9 +1,7 @@ % This is generated by ESQL's AbstractFunctionTestCase. Do not edit it. See ../README.md for how to regenerate it. ### AVG OVER TIME -The average over time of a numeric field. - -Note: Available with the [TS](https://www.elastic.co/docs/reference/query-languages/esql/commands/source-commands#esql-ts) command in snapshot builds +Calculates the average over time of a numeric field. ```esql TS k8s diff --git a/docs/reference/query-languages/esql/kibana/docs/functions/count_distinct_over_time.md b/docs/reference/query-languages/esql/kibana/docs/functions/count_distinct_over_time.md index 7e1c0ea7676ee..4d7b065a29365 100644 --- a/docs/reference/query-languages/esql/kibana/docs/functions/count_distinct_over_time.md +++ b/docs/reference/query-languages/esql/kibana/docs/functions/count_distinct_over_time.md @@ -1,9 +1,7 @@ % This is generated by ESQL's AbstractFunctionTestCase. Do not edit it. See ../README.md for how to regenerate it. ### COUNT DISTINCT OVER TIME -The count of distinct values over time for a field. - -Note: Available with the [TS](https://www.elastic.co/docs/reference/query-languages/esql/commands/source-commands#esql-ts) command in snapshot builds +Calculates the count of distinct values over time for a field. ```esql TS k8s diff --git a/docs/reference/query-languages/esql/kibana/docs/functions/count_over_time.md b/docs/reference/query-languages/esql/kibana/docs/functions/count_over_time.md index b0396052a1b4e..2c30528cb9653 100644 --- a/docs/reference/query-languages/esql/kibana/docs/functions/count_over_time.md +++ b/docs/reference/query-languages/esql/kibana/docs/functions/count_over_time.md @@ -1,9 +1,7 @@ % This is generated by ESQL's AbstractFunctionTestCase. Do not edit it. See ../README.md for how to regenerate it. ### COUNT OVER TIME -The count over time value of a field. - -Note: Available with the [TS](https://www.elastic.co/docs/reference/query-languages/esql/commands/source-commands#esql-ts) command in snapshot builds +Calculates the count over time value of a field. ```esql TS k8s diff --git a/docs/reference/query-languages/esql/kibana/docs/functions/first.md b/docs/reference/query-languages/esql/kibana/docs/functions/first.md index 65e4dcb11e3d6..975639846004f 100644 --- a/docs/reference/query-languages/esql/kibana/docs/functions/first.md +++ b/docs/reference/query-languages/esql/kibana/docs/functions/first.md @@ -1,7 +1,7 @@ % This is generated by ESQL's AbstractFunctionTestCase. Do not edit it. See ../README.md for how to regenerate it. ### FIRST -The earliest value of a field. +Calculates the earliest value of a field. ```esql FROM k8s diff --git a/docs/reference/query-languages/esql/kibana/docs/functions/first_over_time.md b/docs/reference/query-languages/esql/kibana/docs/functions/first_over_time.md index adeaf4ba8fb79..6dace45bf6ec1 100644 --- a/docs/reference/query-languages/esql/kibana/docs/functions/first_over_time.md +++ b/docs/reference/query-languages/esql/kibana/docs/functions/first_over_time.md @@ -1,9 +1,7 @@ % This is generated by ESQL's AbstractFunctionTestCase. Do not edit it. See ../README.md for how to regenerate it. ### FIRST OVER TIME -The earliest value of a field, where recency determined by the `@timestamp` field. - -Note: Available with the [TS](https://www.elastic.co/docs/reference/query-languages/esql/commands/source-commands#esql-ts) command in snapshot builds +Calculates the earliest value of a field, where recency determined by the `@timestamp` field. ```esql TS k8s diff --git a/docs/reference/query-languages/esql/kibana/docs/functions/last.md b/docs/reference/query-languages/esql/kibana/docs/functions/last.md index db0e6fd8c26b5..10b225464c684 100644 --- a/docs/reference/query-languages/esql/kibana/docs/functions/last.md +++ b/docs/reference/query-languages/esql/kibana/docs/functions/last.md @@ -1,7 +1,7 @@ % This is generated by ESQL's AbstractFunctionTestCase. Do not edit it. See ../README.md for how to regenerate it. ### LAST -The latest value of a field. +Calculates the latest value of a field. ```esql FROM k8s diff --git a/docs/reference/query-languages/esql/kibana/docs/functions/last_over_time.md b/docs/reference/query-languages/esql/kibana/docs/functions/last_over_time.md index 2ee52fe8f15ff..7c86922ea729e 100644 --- a/docs/reference/query-languages/esql/kibana/docs/functions/last_over_time.md +++ b/docs/reference/query-languages/esql/kibana/docs/functions/last_over_time.md @@ -1,9 +1,7 @@ % This is generated by ESQL's AbstractFunctionTestCase. Do not edit it. See ../README.md for how to regenerate it. ### LAST OVER TIME -The latest value of a field, where recency determined by the `@timestamp` field. - -Note: Available with the [TS](https://www.elastic.co/docs/reference/query-languages/esql/commands/source-commands#esql-ts) command in snapshot builds +Calculates the latest value of a field, where recency determined by the `@timestamp` field. ```esql TS k8s diff --git a/docs/reference/query-languages/esql/kibana/docs/functions/max_over_time.md b/docs/reference/query-languages/esql/kibana/docs/functions/max_over_time.md index 317f74abf2c33..c36d52de9249d 100644 --- a/docs/reference/query-languages/esql/kibana/docs/functions/max_over_time.md +++ b/docs/reference/query-languages/esql/kibana/docs/functions/max_over_time.md @@ -1,9 +1,7 @@ % This is generated by ESQL's AbstractFunctionTestCase. Do not edit it. See ../README.md for how to regenerate it. ### MAX OVER TIME -The maximum over time value of a field. - -Note: Available with the [TS](https://www.elastic.co/docs/reference/query-languages/esql/commands/source-commands#esql-ts) command in snapshot builds +Calculates the maximum over time value of a field. ```esql TS k8s diff --git a/docs/reference/query-languages/esql/kibana/docs/functions/min_over_time.md b/docs/reference/query-languages/esql/kibana/docs/functions/min_over_time.md index d05a7b20814d4..544c02e4c78e5 100644 --- a/docs/reference/query-languages/esql/kibana/docs/functions/min_over_time.md +++ b/docs/reference/query-languages/esql/kibana/docs/functions/min_over_time.md @@ -1,9 +1,7 @@ % This is generated by ESQL's AbstractFunctionTestCase. Do not edit it. See ../README.md for how to regenerate it. ### MIN OVER TIME -The minimum over time value of a field. - -Note: Available with the [TS](https://www.elastic.co/docs/reference/query-languages/esql/commands/source-commands#esql-ts) command in snapshot builds +Calculates the minimum over time value of a field. ```esql TS k8s diff --git a/docs/reference/query-languages/esql/kibana/docs/functions/present_over_time.md b/docs/reference/query-languages/esql/kibana/docs/functions/present_over_time.md index 319f9187727ba..d799da62ba628 100644 --- a/docs/reference/query-languages/esql/kibana/docs/functions/present_over_time.md +++ b/docs/reference/query-languages/esql/kibana/docs/functions/present_over_time.md @@ -1,9 +1,7 @@ % This is generated by ESQL's AbstractFunctionTestCase. Do not edit it. See ../README.md for how to regenerate it. ### PRESENT OVER TIME -The presence of a field in the output result over time range. - -Note: Available with the [TS](https://www.elastic.co/docs/reference/query-languages/esql/commands/source-commands#esql-ts) command in snapshot builds +Calculates the presence of a field in the output result over time range. ```esql TS k8s diff --git a/docs/reference/query-languages/esql/kibana/docs/functions/rate.md b/docs/reference/query-languages/esql/kibana/docs/functions/rate.md index 9fb248a3d7245..66cbfffb695ab 100644 --- a/docs/reference/query-languages/esql/kibana/docs/functions/rate.md +++ b/docs/reference/query-languages/esql/kibana/docs/functions/rate.md @@ -1,9 +1,7 @@ % This is generated by ESQL's AbstractFunctionTestCase. Do not edit it. See ../README.md for how to regenerate it. ### RATE -The rate of a counter field. - -Note: Available with the [TS](https://www.elastic.co/docs/reference/query-languages/esql/commands/source-commands#esql-ts) command +Calculates the rate of a counter field. ```esql TS k8s diff --git a/docs/reference/query-languages/esql/kibana/docs/functions/sum_over_time.md b/docs/reference/query-languages/esql/kibana/docs/functions/sum_over_time.md index 66a450a278bcc..680ea0140b023 100644 --- a/docs/reference/query-languages/esql/kibana/docs/functions/sum_over_time.md +++ b/docs/reference/query-languages/esql/kibana/docs/functions/sum_over_time.md @@ -1,9 +1,7 @@ % This is generated by ESQL's AbstractFunctionTestCase. Do not edit it. See ../README.md for how to regenerate it. ### SUM OVER TIME -The sum over time value of a field. - -Note: Available with the [TS](https://www.elastic.co/docs/reference/query-languages/esql/commands/source-commands#esql-ts) command in snapshot builds +Calculates the sum over time value of a field. ```esql TS k8s diff --git a/docs/reference/query-languages/toc.yml b/docs/reference/query-languages/toc.yml index 8ded858718b00..abf53a0db99bf 100644 --- a/docs/reference/query-languages/toc.yml +++ b/docs/reference/query-languages/toc.yml @@ -97,6 +97,7 @@ toc: - file: esql/commands/from.md - file: esql/commands/row.md - file: esql/commands/show.md + - file: esql/commands/ts.md - file: esql/commands/processing-commands.md children: - file: esql/commands/change-point.md @@ -121,6 +122,7 @@ toc: - file: esql/esql-functions-operators.md children: - file: esql/functions-operators/aggregation-functions.md + - file: esql/functions-operators/time-series-aggregation-functions.md - file: esql/functions-operators/grouping-functions.md - file: esql/functions-operators/conditional-functions-and-expressions.md - file: esql/functions-operators/date-time-functions.md diff --git a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/AbsentOverTime.java b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/AbsentOverTime.java index 21fdd9bca363b..bc0e6eff72ec3 100644 --- a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/AbsentOverTime.java +++ b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/AbsentOverTime.java @@ -39,9 +39,8 @@ public class AbsentOverTime extends TimeSeriesAggregateFunction { @FunctionInfo( type = FunctionType.TIME_SERIES_AGGREGATE, returnType = { "boolean" }, - description = "The absence of a field in the output result over time range.", - appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.UNAVAILABLE) }, - note = "Available with the [TS](/reference/query-languages/esql/commands/source-commands.md#esql-ts) command in snapshot builds", + description = "Calculates the absence of a field in the output result over time range.", + appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.PREVIEW, version = "9.2.0") }, examples = { @Example(file = "k8s-timeseries", tag = "absent_over_time") } ) public AbsentOverTime( diff --git a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/AvgOverTime.java b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/AvgOverTime.java index 0f8c1dddafcb5..b1c92c3f6dafd 100644 --- a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/AvgOverTime.java +++ b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/AvgOverTime.java @@ -40,10 +40,9 @@ public class AvgOverTime extends TimeSeriesAggregateFunction implements Surrogat @FunctionInfo( returnType = "double", - description = "The average over time of a numeric field.", + description = "Calculates the average over time of a numeric field.", type = FunctionType.TIME_SERIES_AGGREGATE, - appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.UNAVAILABLE) }, - note = "Available with the [TS](/reference/query-languages/esql/commands/source-commands.md#esql-ts) command in snapshot builds", + appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.PREVIEW, version = "9.2.0") }, examples = { @Example(file = "k8s-timeseries", tag = "avg_over_time") } ) public AvgOverTime( diff --git a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/CountDistinctOverTime.java b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/CountDistinctOverTime.java index 2e996085e9fc1..f1cce3c144f4f 100644 --- a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/CountDistinctOverTime.java +++ b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/CountDistinctOverTime.java @@ -40,9 +40,8 @@ public class CountDistinctOverTime extends TimeSeriesAggregateFunction implement @FunctionInfo( type = FunctionType.TIME_SERIES_AGGREGATE, returnType = { "long" }, - description = "The count of distinct values over time for a field.", - appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.UNAVAILABLE) }, - note = "Available with the [TS](/reference/query-languages/esql/commands/source-commands.md#esql-ts) command in snapshot builds", + description = "Calculates the count of distinct values over time for a field.", + appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.PREVIEW, version = "9.2.0") }, examples = { @Example(file = "k8s-timeseries", tag = "count_distinct_over_time") } ) public CountDistinctOverTime( diff --git a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/CountOverTime.java b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/CountOverTime.java index 8bd46d6d52d10..c392e7438620b 100644 --- a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/CountOverTime.java +++ b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/CountOverTime.java @@ -39,9 +39,8 @@ public class CountOverTime extends TimeSeriesAggregateFunction { @FunctionInfo( type = FunctionType.TIME_SERIES_AGGREGATE, returnType = { "long" }, - description = "The count over time value of a field.", - appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.UNAVAILABLE) }, - note = "Available with the [TS](/reference/query-languages/esql/commands/source-commands.md#esql-ts) command in snapshot builds", + description = "Calculates the count over time value of a field.", + appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.PREVIEW, version = "9.2.0") }, examples = { @Example(file = "k8s-timeseries", tag = "count_over_time") } ) public CountOverTime( diff --git a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/Delta.java b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/Delta.java index 469530836b7df..4e1ae09f936e8 100644 --- a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/Delta.java +++ b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/Delta.java @@ -44,7 +44,7 @@ public class Delta extends TimeSeriesAggregateFunction implements OptionalArgume @FunctionInfo( type = FunctionType.TIME_SERIES_AGGREGATE, returnType = { "double" }, - description = "The absolute change of a gauge field in a time window.", + description = "Calculates the absolute change of a gauge field in a time window.", appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.UNAVAILABLE) }, note = "Available with the [TS](/reference/query-languages/esql/commands/source-commands.md#esql-ts) command" ) diff --git a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/First.java b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/First.java index fcde898f94bc1..2a9b43371b7ea 100644 --- a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/First.java +++ b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/First.java @@ -46,8 +46,8 @@ public class First extends AggregateFunction implements ToAggregator { @FunctionInfo( type = FunctionType.AGGREGATE, returnType = { "long", "integer", "double", "keyword" }, - description = "The earliest value of a field.", - appliesTo = @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.UNAVAILABLE), + description = "Calculates the earliest value of a field.", + appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.GA, version = "9.2.0") }, examples = @Example(file = "stats_first", tag = "first") ) public First( diff --git a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/FirstOverTime.java b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/FirstOverTime.java index 1be78f157ad06..908d4bd97cc32 100644 --- a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/FirstOverTime.java +++ b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/FirstOverTime.java @@ -51,9 +51,8 @@ public class FirstOverTime extends TimeSeriesAggregateFunction implements Option @FunctionInfo( type = FunctionType.TIME_SERIES_AGGREGATE, returnType = { "long", "integer", "double" }, - description = "The earliest value of a field, where recency determined by the `@timestamp` field.", - appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.UNAVAILABLE) }, - note = "Available with the [TS](/reference/query-languages/esql/commands/source-commands.md#esql-ts) command in snapshot builds", + description = "Calculates the earliest value of a field, where recency determined by the `@timestamp` field.", + appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.PREVIEW, version = "9.2.0") }, examples = { @Example(file = "k8s-timeseries", tag = "first_over_time") } ) public FirstOverTime(Source source, @Param(name = "field", type = { "long", "integer", "double" }) Expression field) { diff --git a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/Idelta.java b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/Idelta.java index ef095b6d8ac14..0553a265b0572 100644 --- a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/Idelta.java +++ b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/Idelta.java @@ -44,11 +44,10 @@ public class Idelta extends TimeSeriesAggregateFunction implements OptionalArgum @FunctionInfo( type = FunctionType.TIME_SERIES_AGGREGATE, returnType = { "double" }, - description = "The idelta of a gauge. idelta is the absolute change between the last two data points (" + description = "Calculates the idelta of a gauge. idelta is the absolute change between the last two data points (" + "it ignores all but the last two data points in each time period). " + "This function is very similar to delta, but is more responsive to recent changes.", - appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.UNAVAILABLE) }, - note = "Available with the [TS](/reference/query-languages/esql/commands/source-commands.md#esql-ts) command" + appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.PREVIEW, version = "9.2.0") } ) public Idelta(Source source, @Param(name = "field", type = { "long", "integer", "double" }) Expression field) { this(source, field, new UnresolvedAttribute(source, "@timestamp")); diff --git a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/Increase.java b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/Increase.java index 2a36df8c03c90..e490ffad181ec 100644 --- a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/Increase.java +++ b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/Increase.java @@ -49,9 +49,8 @@ public class Increase extends TimeSeriesAggregateFunction implements OptionalArg @FunctionInfo( type = FunctionType.TIME_SERIES_AGGREGATE, returnType = { "double" }, - description = "The absolute increase of a counter field in a time window.", - appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.UNAVAILABLE) }, - note = "Available with the [TS](/reference/query-languages/esql/commands/source-commands.md#esql-ts) command" + description = "Calculates the absolute increase of a counter field in a time window.", + appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.PREVIEW, version = "9.2.0") } ) public Increase( Source source, diff --git a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/Irate.java b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/Irate.java index 4b5da7bccbb94..2195e814e9d4a 100644 --- a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/Irate.java +++ b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/Irate.java @@ -44,11 +44,10 @@ public class Irate extends TimeSeriesAggregateFunction implements OptionalArgume @FunctionInfo( type = FunctionType.TIME_SERIES_AGGREGATE, returnType = { "double" }, - description = "The irate of a counter field. irate is the per-second rate of increase between the last two data points (" + description = "Calculates the irate of a counter field. irate is the per-second rate of increase between the last two data points (" + "it ignores all but the last two data points in each time period). " + "This function is very similar to rate, but is more responsive to recent changes in the rate of increase.", - appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.UNAVAILABLE) }, - note = "Available with the [TS](/reference/query-languages/esql/commands/source-commands.md#esql-ts) command", + appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.PREVIEW, version = "9.2.0") }, examples = { @Example(file = "k8s-timeseries", tag = "irate") } ) public Irate(Source source, @Param(name = "field", type = { "counter_long", "counter_integer", "counter_double" }) Expression field) { diff --git a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/Last.java b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/Last.java index 53410a3a8a46f..bcacae6d380e9 100644 --- a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/Last.java +++ b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/Last.java @@ -46,8 +46,8 @@ public class Last extends AggregateFunction implements ToAggregator { @FunctionInfo( type = FunctionType.AGGREGATE, returnType = { "long", "integer", "double", "keyword" }, - description = "The latest value of a field.", - appliesTo = @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.UNAVAILABLE), + description = "Calculates the latest value of a field.", + appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.GA, version = "9.2.0") }, examples = @Example(file = "stats_last", tag = "last") ) public Last( diff --git a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/LastOverTime.java b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/LastOverTime.java index de8d48b2ca9b8..cd4fc1f801c08 100644 --- a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/LastOverTime.java +++ b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/LastOverTime.java @@ -51,9 +51,8 @@ public class LastOverTime extends TimeSeriesAggregateFunction implements Optiona @FunctionInfo( type = FunctionType.TIME_SERIES_AGGREGATE, returnType = { "long", "integer", "double" }, - description = "The latest value of a field, where recency determined by the `@timestamp` field.", - appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.UNAVAILABLE) }, - note = "Available with the [TS](/reference/query-languages/esql/commands/source-commands.md#esql-ts) command in snapshot builds", + description = "Calculates the latest value of a field, where recency determined by the `@timestamp` field.", + appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.PREVIEW, version = "9.2.0") }, examples = { @Example(file = "k8s-timeseries", tag = "last_over_time") } ) public LastOverTime(Source source, @Param(name = "field", type = { "long", "integer", "double" }) Expression field) { diff --git a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/MaxOverTime.java b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/MaxOverTime.java index ecda2a8c37627..5550d8709aaeb 100644 --- a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/MaxOverTime.java +++ b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/MaxOverTime.java @@ -38,10 +38,9 @@ public class MaxOverTime extends TimeSeriesAggregateFunction { @FunctionInfo( returnType = { "boolean", "double", "integer", "long", "date", "date_nanos", "ip", "keyword", "unsigned_long", "version" }, - description = "The maximum over time value of a field.", + description = "Calculates the maximum over time value of a field.", type = FunctionType.TIME_SERIES_AGGREGATE, - appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.UNAVAILABLE) }, - note = "Available with the [TS](/reference/query-languages/esql/commands/source-commands.md#esql-ts) command in snapshot builds", + appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.PREVIEW, version = "9.2.0") }, examples = { @Example(file = "k8s-timeseries", tag = "max_over_time") } ) public MaxOverTime( diff --git a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/MinOverTime.java b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/MinOverTime.java index 16964c3099580..56d3f66239c93 100644 --- a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/MinOverTime.java +++ b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/MinOverTime.java @@ -38,10 +38,9 @@ public class MinOverTime extends TimeSeriesAggregateFunction { @FunctionInfo( returnType = { "boolean", "double", "integer", "long", "date", "date_nanos", "ip", "keyword", "unsigned_long", "version" }, - description = "The minimum over time value of a field.", + description = "Calculates the minimum over time value of a field.", type = FunctionType.TIME_SERIES_AGGREGATE, - appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.UNAVAILABLE) }, - note = "Available with the [TS](/reference/query-languages/esql/commands/source-commands.md#esql-ts) command in snapshot builds", + appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.PREVIEW, version = "9.2.0") }, examples = { @Example(file = "k8s-timeseries", tag = "min_over_time") } ) public MinOverTime( diff --git a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/PresentOverTime.java b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/PresentOverTime.java index f01b76e78cb8a..d27d172ae6dfc 100644 --- a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/PresentOverTime.java +++ b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/PresentOverTime.java @@ -39,9 +39,8 @@ public class PresentOverTime extends TimeSeriesAggregateFunction { @FunctionInfo( type = FunctionType.TIME_SERIES_AGGREGATE, returnType = { "boolean" }, - description = "The presence of a field in the output result over time range.", - appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.UNAVAILABLE) }, - note = "Available with the [TS](/reference/query-languages/esql/commands/source-commands.md#esql-ts) command in snapshot builds", + description = "Calculates the presence of a field in the output result over time range.", + appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.PREVIEW, version = "9.2.0") }, examples = { @Example(file = "k8s-timeseries", tag = "present_over_time") } ) public PresentOverTime( diff --git a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/Rate.java b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/Rate.java index 48548429aeee9..c9e4a2eb68e15 100644 --- a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/Rate.java +++ b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/Rate.java @@ -44,9 +44,8 @@ public class Rate extends TimeSeriesAggregateFunction implements OptionalArgumen @FunctionInfo( type = FunctionType.TIME_SERIES_AGGREGATE, returnType = { "double" }, - description = "The rate of a counter field.", - appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.UNAVAILABLE) }, - note = "Available with the [TS](/reference/query-languages/esql/commands/source-commands.md#esql-ts) command", + description = "Calculates the rate of a counter field.", + appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.PREVIEW, version = "9.2.0") }, examples = { @Example(file = "k8s-timeseries", tag = "rate") } ) public Rate(Source source, @Param(name = "field", type = { "counter_long", "counter_integer", "counter_double" }) Expression field) { diff --git a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/SumOverTime.java b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/SumOverTime.java index 447b35db376df..14b125e6c7b87 100644 --- a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/SumOverTime.java +++ b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/aggregate/SumOverTime.java @@ -38,10 +38,9 @@ public class SumOverTime extends TimeSeriesAggregateFunction { @FunctionInfo( returnType = { "double", "long" }, - description = "The sum over time value of a field.", + description = "Calculates the sum over time value of a field.", type = FunctionType.TIME_SERIES_AGGREGATE, - appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.UNAVAILABLE) }, - note = "Available with the [TS](/reference/query-languages/esql/commands/source-commands.md#esql-ts) command in snapshot builds", + appliesTo = { @FunctionAppliesTo(lifeCycle = FunctionAppliesToLifecycle.PREVIEW, version = "9.2.0") }, examples = { @Example(file = "k8s-timeseries", tag = "sum_over_time") } ) public SumOverTime(