[ES|QL] Update function metadata (#237569)

This PR updates the function definitions and inline docs based on the
latest metadata from Elasticsearch.

---------

Co-authored-by: Stratoula <[email protected]>

Author: kibanamachine

src/platform/packages/private/kbn-language-documentation/src/sections/generated/aggregation_functions.tsx

@@ -137,6 +137,8 @@ export const functions = {
   ### COUNT DISTINCT
   Returns the approximate number of distinct values.
 
+  Note: [Counts are approximate](https://www.elastic.co/docs/reference/query-languages/esql/functions-operators/aggregation-functions#esql-agg-count-distinct-approximate).
+
   \`\`\`esql
   FROM hosts
   | STATS COUNT_DISTINCT(ip0), COUNT_DISTINCT(ip1)

src/platform/packages/private/kbn-language-documentation/src/sections/generated/scalar_functions.tsx

@@ -1087,6 +1087,36 @@ export const functions = {
       ),
     },
     // Do not edit manually... automatically generated by scripts/generate_esql_docs.ts
+    {
+      label: i18n.translate('languageDocumentation.documentationESQL.knn', {
+        defaultMessage: 'KNN',
+      }),
+      preview: true,
+      license: undefined,
+      description: (
+        <Markdown
+          openLinksInNewTab
+          readOnly
+          enableSoftLineBreaks
+          markdownContent={i18n.translate('languageDocumentation.documentationESQL.knn.markdown', {
+            defaultMessage: `
+  ### KNN
+  Finds the k nearest vectors to a query vector, as measured by a similarity metric. knn function finds nearest vectors through approximate search on indexed dense_vectors or semantic_text fields.
+
+  \`\`\`esql
+  from colors metadata _score
+  | where knn(rgb_vector, [0, 120, 0])
+  | sort _score desc, color asc
+  \`\`\`
+  `,
+            description:
+              'Text is in markdown. Do not translate function names, special characters, or field names like sum(bytes)',
+            ignoreTag: true,
+          })}
+        />
+      ),
+    },
+    // Do not edit manually... automatically generated by scripts/generate_esql_docs.ts
     {
       label: i18n.translate('languageDocumentation.documentationESQL.kql', {
         defaultMessage: 'KQL',
@@ -3751,6 +3781,39 @@ export const functions = {
   ROW rad = [1.57, 3.14, 4.71]
   | EVAL deg = TO_DEGREES(rad)
   \`\`\`
+  `,
+              description:
+                'Text is in markdown. Do not translate function names, special characters, or field names like sum(bytes)',
+              ignoreTag: true,
+            }
+          )}
+        />
+      ),
+    },
+    // Do not edit manually... automatically generated by scripts/generate_esql_docs.ts
+    {
+      label: i18n.translate('languageDocumentation.documentationESQL.to_dense_vector', {
+        defaultMessage: 'TO_DENSE_VECTOR',
+      }),
+      preview: true,
+      license: undefined,
+      description: (
+        <Markdown
+          openLinksInNewTab
+          readOnly
+          enableSoftLineBreaks
+          markdownContent={i18n.translate(
+            'languageDocumentation.documentationESQL.to_dense_vector.markdown',
+            {
+              defaultMessage: `
+  ### TO DENSE VECTOR
+  Converts a multi-valued input of numbers, or a hexadecimal string, to a dense_vector.
+
+  \`\`\`esql
+  row ints = [1, 2, 3]
+  | eval vector = to_dense_vector(ints)
+  | keep vector
+  \`\`\`
   `,
               description:
                 'Text is in markdown. Do not translate function names, special characters, or field names like sum(bytes)',

src/platform/packages/private/kbn-language-documentation/src/sections/generated/timeseries_aggregation_functions.tsx

@@ -33,7 +33,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.absent_over_time', {
         defaultMessage: 'ABSENT_OVER_TIME',
       }),
-      preview: false,
+      preview: true,
       license: undefined,
       description: (
         <Markdown
@@ -66,7 +66,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.avg_over_time', {
         defaultMessage: 'AVG_OVER_TIME',
       }),
-      preview: false,
+      preview: true,
       license: undefined,
       description: (
         <Markdown
@@ -98,7 +98,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.count_distinct_over_time', {
         defaultMessage: 'COUNT_DISTINCT_OVER_TIME',
       }),
-      preview: false,
+      preview: true,
       license: undefined,
       description: (
         <Markdown
@@ -132,7 +132,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.count_over_time', {
         defaultMessage: 'COUNT_OVER_TIME',
       }),
-      preview: false,
+      preview: true,
       license: undefined,
       description: (
         <Markdown
@@ -151,6 +151,41 @@ export const functions = {
   | STATS count=count(count_over_time(network.cost))
     BY cluster, time_bucket = bucket(@timestamp,1minute)
   \`\`\`
+  `,
+              description:
+                'Text is in markdown. Do not translate function names, special characters, or field names like sum(bytes)',
+              ignoreTag: true,
+            }
+          )}
+        />
+      ),
+    },
+    // Do not edit manually... automatically generated by scripts/generate_esql_docs.ts
+    {
+      label: i18n.translate('languageDocumentation.documentationESQL.delta', {
+        defaultMessage: 'DELTA',
+      }),
+      preview: true,
+      license: undefined,
+      description: (
+        <Markdown
+          openLinksInNewTab
+          readOnly
+          enableSoftLineBreaks
+          markdownContent={i18n.translate(
+            'languageDocumentation.documentationESQL.delta.markdown',
+            {
+              defaultMessage: `
+  ### DELTA
+  Calculates the absolute change of a gauge field in a time window.
+
+  Note: Available with the [TS](https://www.elastic.co/docs/reference/query-languages/esql/commands/source-commands#esql-ts) command
+
+  \`\`\`esql
+  TS k8s
+  | WHERE pod == "one"
+  | STATS tx = sum(delta(network.bytes_in)) BY cluster, time_bucket = bucket(@timestamp, 10minute)
+  \`\`\`
   `,
               description:
                 'Text is in markdown. Do not translate function names, special characters, or field names like sum(bytes)',
@@ -165,7 +200,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.first_over_time', {
         defaultMessage: 'FIRST_OVER_TIME',
       }),
-      preview: false,
+      preview: true,
       license: undefined,
       description: (
         <Markdown
@@ -183,6 +218,103 @@ export const functions = {
   TS k8s
   | STATS max_cost=max(first_over_time(network.cost)) BY cluster, time_bucket = bucket(@timestamp,1minute)
   \`\`\`
+  `,
+              description:
+                'Text is in markdown. Do not translate function names, special characters, or field names like sum(bytes)',
+              ignoreTag: true,
+            }
+          )}
+        />
+      ),
+    },
+    // Do not edit manually... automatically generated by scripts/generate_esql_docs.ts
+    {
+      label: i18n.translate('languageDocumentation.documentationESQL.idelta', {
+        defaultMessage: 'IDELTA',
+      }),
+      preview: true,
+      license: undefined,
+      description: (
+        <Markdown
+          openLinksInNewTab
+          readOnly
+          enableSoftLineBreaks
+          markdownContent={i18n.translate(
+            'languageDocumentation.documentationESQL.idelta.markdown',
+            {
+              defaultMessage: `
+  ### IDELTA
+  Calculates the idelta of a gauge. idelta is the absolute change between the last two data points (it ignores all but the last two data points in each time period). This function is very similar to delta, but is more responsive to recent changes.
+
+  \`\`\`esql
+  TS k8s
+  | STATS events = sum(idelta(events_received)) by pod, time_bucket = bucket(@timestamp, 10minute)
+  \`\`\`
+  `,
+              description:
+                'Text is in markdown. Do not translate function names, special characters, or field names like sum(bytes)',
+              ignoreTag: true,
+            }
+          )}
+        />
+      ),
+    },
+    // Do not edit manually... automatically generated by scripts/generate_esql_docs.ts
+    {
+      label: i18n.translate('languageDocumentation.documentationESQL.increase', {
+        defaultMessage: 'INCREASE',
+      }),
+      preview: true,
+      license: undefined,
+      description: (
+        <Markdown
+          openLinksInNewTab
+          readOnly
+          enableSoftLineBreaks
+          markdownContent={i18n.translate(
+            'languageDocumentation.documentationESQL.increase.markdown',
+            {
+              defaultMessage: `
+  ### INCREASE
+  Calculates the absolute increase of a counter field in a time window.
+
+  \`\`\`esql
+  TS k8s
+  | WHERE pod == "one"
+  | STATS increase_bytes_in = sum(increase(network.total_bytes_in)) BY cluster, time_bucket = bucket(@timestamp, 10minute)
+  \`\`\`
+  `,
+              description:
+                'Text is in markdown. Do not translate function names, special characters, or field names like sum(bytes)',
+              ignoreTag: true,
+            }
+          )}
+        />
+      ),
+    },
+    // Do not edit manually... automatically generated by scripts/generate_esql_docs.ts
+    {
+      label: i18n.translate('languageDocumentation.documentationESQL.irate', {
+        defaultMessage: 'IRATE',
+      }),
+      preview: true,
+      license: undefined,
+      description: (
+        <Markdown
+          openLinksInNewTab
+          readOnly
+          enableSoftLineBreaks
+          markdownContent={i18n.translate(
+            'languageDocumentation.documentationESQL.irate.markdown',
+            {
+              defaultMessage: `
+  ### IRATE
+  Calculates the irate of a counter field. irate is the per-second rate of increase between the last two data points (it ignores all but the last two data points in each time period). This function is very similar to rate, but is more responsive to recent changes in the rate of increase.
+
+  \`\`\`esql
+  TS k8s | WHERE pod == "one"
+  | STATS irate_bytes_in = sum(irate(network.total_bytes_in)) BY cluster, time_bucket = bucket(@timestamp, 10minute)
+  \`\`\`
   `,
               description:
                 'Text is in markdown. Do not translate function names, special characters, or field names like sum(bytes)',
@@ -197,7 +329,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.last_over_time', {
         defaultMessage: 'LAST_OVER_TIME',
       }),
-      preview: false,
+      preview: true,
       license: undefined,
       description: (
         <Markdown
@@ -229,7 +361,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.max_over_time', {
         defaultMessage: 'MAX_OVER_TIME',
       }),
-      preview: false,
+      preview: true,
       license: undefined,
       description: (
         <Markdown
@@ -261,7 +393,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.min_over_time', {
         defaultMessage: 'MIN_OVER_TIME',
       }),
-      preview: false,
+      preview: true,
       license: undefined,
       description: (
         <Markdown
@@ -293,7 +425,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.present_over_time', {
         defaultMessage: 'PRESENT_OVER_TIME',
       }),
-      preview: false,
+      preview: true,
       license: undefined,
       description: (
         <Markdown
@@ -326,7 +458,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.rate', {
         defaultMessage: 'RATE',
       }),
-      preview: false,
+      preview: true,
       license: undefined,
       description: (
         <Markdown
@@ -336,7 +468,7 @@ export const functions = {
           markdownContent={i18n.translate('languageDocumentation.documentationESQL.rate.markdown', {
             defaultMessage: `
   ### RATE
-  Calculates the rate of a counter field.
+  Calculates the per-second average rate of increase of a [counter](docs-content://manage-data/data-store/data-streams/time-series-data-stream-tsds.md#time-series-metric). Rate calculations account for breaks in monotonicity, such as counter resets when a service restarts, and extrapolate values within each bucketed time interval. Rate is the most appropriate aggregate function for counters. It is only allowed in a [STATS](https://www.elastic.co/docs/reference/query-languages/esql/commands/stats-by) command under a [\`TS\`](https://www.elastic.co/docs/reference/query-languages/esql/commands/ts) source command, to be properly applied per time series.
 
   \`\`\`esql
   TS k8s
@@ -355,7 +487,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.sum_over_time', {
         defaultMessage: 'SUM_OVER_TIME',
       }),
-      preview: false,
+      preview: true,
       license: undefined,
       description: (
         <Markdown

src/platform/packages/shared/kbn-esql-ast/src/commands_registry/commands/fork/autocomplete.test.ts

@@ -327,7 +327,11 @@ describe('FORK Autocomplete', () => {
               'FROM a | FORK (STATS AVG(',
               [
                 ...getFieldNamesByType(AVG_TYPES),
-                ...getFunctionSignaturesByReturnType(Location.STATS, AVG_TYPES, { scalar: true }),
+                ...getFunctionSignaturesByReturnType(
+                  Location.STATS,
+                  [...AVG_TYPES, 'aggregate_metric_double'],
+                  { scalar: true }
+                ),
               ],
               mockCallbacks
             );

src/platform/packages/shared/kbn-esql-ast/src/commands_registry/commands/stats/autocomplete.test.ts

@@ -67,7 +67,12 @@ export const EXPECTED_FIELD_AND_FUNCTION_SUGGESTIONS = [
 ];
 
 // types accepted by the AVG function
-export const AVG_TYPES: Array<FieldType & FunctionReturnType> = ['double', 'integer', 'long'];
+export const AVG_TYPES: Array<FieldType & FunctionReturnType> = [
+  'double',
+  'integer',
+  'long',
+  'aggregate_metric_double',
+];
 
 export const EXPECTED_FOR_FIRST_EMPTY_EXPRESSION = [
   'BY ',
@@ -378,6 +383,7 @@ describe('STATS Autocomplete', () => {
               'keyword',
               'date_nanos',
               'unsigned_long',
+              'aggregate_metric_double',
             ],
             {
               scalar: true,
@@ -399,9 +405,13 @@ describe('STATS Autocomplete', () => {
           'from a | stats avg(b) by stringField',
           [
             ...getFieldNamesByType(AVG_TYPES),
-            ...getFunctionSignaturesByReturnType(Location.EVAL, AVG_TYPES, {
-              scalar: true,
-            }),
+            ...getFunctionSignaturesByReturnType(
+              Location.EVAL,
+              [...AVG_TYPES, 'aggregate_metric_double'],
+              {
+                scalar: true,
+              }
+            ),
           ],
           mockCallbacks,
           mockContext,