Skip to content

ESQL Fix bug when renaming @timestamp in TS queries #136062

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

ESQL Fix bug when renaming @timestamp in TS queries #136062

wants to merge 8 commits into from
+390 −21

Conversation

not-napoleon
Copy link
Member

Resolves #134994

This PR addresses the issue with queries like

TS k8s
| RENAME `@timestamp` AS newTs 
| STATS maxRate = max(rate(network.total_cost))  BY time_bucket = bucket(newTs, 1hour)

Here, the rate aggregation function has an implied argument of @timestamp, but that field no longer exists when we get to the to the stats command. To solve this, we introduce a new specialization to the ResolveRefs rule that finds the timestamp alias and plumbs it into the TimeSeriesAggregation. In addition to fixing the references for the implied arguments, it also sends the reference on as part of the TimeSeriesAggregation for other use in the TranslateTimeSeriesAggregate rule.

@not-napoleon not-napoleon added >bug :StorageEngine/ES|QL Timeseries / metrics / logsdb capabilities in ES|QL v9.3.0 labels Oct 6, 2025
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-storage-engine (Team:StorageEngine)

@elasticsearchmachine
Copy link
Collaborator

Hi @not-napoleon, I've created a changelog YAML for you.

@not-napoleon not-napoleon requested a review from dnhatn October 6, 2025 21:52
not-napoleon
not-napoleon commented Oct 6, 2025
View reviewed changes
.../java/org/elasticsearch/xpack/esql/optimizer/rules/logical/TranslateTimeSeriesAggregate.java
}
if (attr.name().equals(MetadataAttribute.TIMESTAMP_FIELD)) {
timestamp.set(attr);
}
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I consider it a happy bonus of this PR that we are no longer fishing out the timestamp as part of the translate rule. I wonder if we should do something similar for the TSID. It just seems wrong to be doing this here.

not-napoleon
not-napoleon commented Oct 6, 2025
View reviewed changes
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/plan/QueryPlan.java
* @param typeToken Only process expressions matching the given type
* @param rule a non-modifying consumer which operates on the given token type
* @param <E> the type of expression this pass will process
*/
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had to ask @fang-xing-esql how this worked, so I've written down what I learned from that conversation.

not-napoleon
not-napoleon commented Oct 6, 2025
View reviewed changes
...st/java/org/elasticsearch/xpack/esql/plan/logical/TimeSeriesAggregateSerializationTests.java
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't add a randomized timestamp to the serialization tests because I expect that it won't be serialized.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alex-spies alex-spies Awaiting requested review from alex-spies

@dnhatn dnhatn Awaiting requested review from dnhatn

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
>bug :StorageEngine/ES|QL Timeseries / metrics / logsdb capabilities in ES|QL Team:StorageEngine v9.3.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[ES|QL] TS Command: Can't rename timestamp field
2 participants
@not-napoleon @elasticsearchmachine