ESQL: extend BUCKET with spans. Turn it into a grouping function #107272
Conversation
This renames the function AUTO_BUCKET to just BUCKET.
This extends `BUCKET` function to accept a two-parameters-only invocation: the first parameter remains as is, while the second is a span. It can be a numeric (floating point) span, if the first argument is numeric, or a date period or time duration, if the first argument is a date. Also, the function can now be invoked with the alias `BIN`.
|
Documentation preview: |
|
Hi @bpintea, I've created a changelog YAML for you. |
| out.writeExpression(bucket.from()); | ||
| out.writeExpression(bucket.to()); | ||
| out.writeExpression(bucket.bucketsOrSpan()); | ||
| out.writeOptionalExpression(bucket.from()); |
There was a problem hiding this comment.
BUCKET is "newly" introduced, so these aren't posing a bwc-issue.
|
Pinging @elastic/es-analytical-engine (Team:Analytics) |
elasticsearchmachine
added
the
Team:Analytics
| double t = ((Number) to.fold()).doubleValue(); | ||
| r = pickRounding(b, f, t); | ||
| } else { | ||
| r = ((Number) bucketsOrSpan.fold()).doubleValue(); |
There was a problem hiding this comment.
A 0d will result in a NaN, but this isn't new and would address it subsequently.
.../esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/math/Bucket.java
Show resolved
Hide resolved
x-pack/plugin/esql/qa/testFixtures/src/main/resources/ints.csv-spec
Outdated
Show resolved
Hide resolved
.../esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/math/Bucket.java
Outdated
Show resolved
Hide resolved
x-pack/plugin/esql/qa/testFixtures/src/main/resources/ints.csv-spec
Outdated
Show resolved
Hide resolved
| 4 |2023-11-01T00:00:00.000Z | ||
| 3 |2025-10-01T00:00:00.000Z | ||
| ; | ||
|
|
There was a problem hiding this comment.
I think we should add test cases that use BIN, e.g. with queries that compare the output of BIN to that of BUCKET. Applies also to int.csv-spec.
There was a problem hiding this comment.
I've added some BIN tests. Not really comparing to BUCKET (I'd leave the aliasing test aside), but they're copies of existing tests with s/BUCKET/BIN.
| @@ -229,6 +231,7 @@ asin |Returns the {wikipedia}/Inverse_trigonometric_functions[arcsine] | |||
| atan |Returns the {wikipedia}/Inverse_trigonometric_functions[arctangent] of the input numeric expression as an angle, expressed in radians. | |||
| atan2 |The {wikipedia}/Atan2[angle] between the positive x-axis and the ray from the origin to the point (x , y) in the Cartesian plane, expressed in radians. | |||
| avg |The average of a numeric field. | |||
| bin |Creates human-friendly buckets and returns a datetime value for each row that corresponds to the resulting bucket the row falls into. | |||
There was a problem hiding this comment.
Thought (out of scope): Hm, IMO it'd be better if this said "alias for bucket", but that'll require some plumbing to achieve.
There was a problem hiding this comment.
Agreed, that'd be nice to have.
.../esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/math/Bucket.java
Outdated
Show resolved
Hide resolved
.../esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/math/Bucket.java
Outdated
Show resolved
Hide resolved
| ? resolution.and(checkArgsCount(4)) | ||
| .and(() -> isStringOrDate(from, sourceText(), THIRD)) | ||
| .and(() -> isStringOrDate(to, sourceText(), FOURTH)) |
There was a problem hiding this comment.
praise: that's neat with and allowing to use a supplier.
| "optional" : false, | ||
| "optional" : true, | ||
| "description" : "" | ||
| }, | ||
| { | ||
| "name" : "to", | ||
| "type" : "datetime", | ||
| "optional" : false, | ||
| "optional" : true, |
There was a problem hiding this comment.
I think this is not correct; in the integer case, neither from nor to are optional, no?
Applies below as well.
There was a problem hiding this comment.
Yeh, not sure how to go about this file, it being generated: the optionality of the parameters can't be accurately specified for functions with more than one optional parameter (the two or four bit), or based on types of various non-optional parameters.
There was a problem hiding this comment.
Oh, that's not ideal. That means we probably want to update our docs generation a bit. (out of scope, in this case)
CC @nik9000 , if you agree I'll open an issue so we don't forget.
.../esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/math/Bucket.java
Show resolved
Hide resolved
| suppliers.add(new TestCaseSupplier(name, List.of(numberType, DataTypes.DOUBLE), () -> { | ||
| List<TestCaseSupplier.TypedData> args = new ArrayList<>(); | ||
| args.add(new TestCaseSupplier.TypedData(number.get(), "field")); | ||
| args.add(new TestCaseSupplier.TypedData(50., DataTypes.DOUBLE, "span").forceLiteral()); |
There was a problem hiding this comment.
Maybe we could randomize the span here.
There was a problem hiding this comment.
It could be randomised, though the matcher (and the style of these tests) would then need to be updated. I've kept it as is for now, but can be convinced of otherwise. :)
There was a problem hiding this comment.
Probably okay either way, I'll leave that to your discretion :)
| suppliers.add(new TestCaseSupplier(name, List.of(numberType, DataTypes.DOUBLE), () -> { | ||
| List<TestCaseSupplier.TypedData> args = new ArrayList<>(); | ||
| args.add(new TestCaseSupplier.TypedData(number.get(), "field")); | ||
| args.add(new TestCaseSupplier.TypedData(50., DataTypes.DOUBLE, "span").forceLiteral()); |
There was a problem hiding this comment.
Probably okay either way, I'll leave that to your discretion :)
| @@ -229,6 +231,7 @@ asin |Returns the {wikipedia}/Inverse_trigonometric_functions[arcsine] | |||
| atan |Returns the {wikipedia}/Inverse_trigonometric_functions[arctangent] of the input numeric expression as an angle, expressed in radians. | |||
| atan2 |The {wikipedia}/Atan2[angle] between the positive x-axis and the ray from the origin to the point (x , y) in the Cartesian plane, expressed in radians. | |||
| avg |The average of a numeric field. | |||
| bin |Creates human-friendly buckets and returns a datetime value for each row that corresponds to the resulting bucket the row falls into. | |||
There was a problem hiding this comment.
Good point, this was due an update for a while now -- I've updated it.
| public TypeResolution and(Supplier<TypeResolution> other) { | ||
| return failed ? this : other.get(); | ||
| } |
| */ | ||
| public class Bucket extends EsqlScalarFunction implements Validatable { | ||
| public class Bucket extends EsqlScalarFunction implements Validatable, TwoOptionalArguments { |
There was a problem hiding this comment.
Let's restrict bucketing to being a grouping function first - for evals/scalar function's there's date_trunc.
For that introduce a dedicated GroupingFunction base class, similar to the approach used in SQL and wire that in the verifier so this is allowed:
STATS c = count() BY bucket(...)
while this is not:
EVAL x = bucket(..)
STATS c = count() BY x
We could allow in time the latter however conceptually bucketing should create buckets/groups/bins - if we treat them as scalar functions, we'd have to materialize the group which is tricky.
Note that if the keys are needed, one could do:
STATS by key = bucket()
which is the same as EVAL however it better preserves the context.
There was a problem hiding this comment.
I had rethought this, as other implementations still offer it as a scalar. Though not sure if it's that useful as such and indeed one can get the keys with an aggregation, though reducing the scope.
But I followed the recommendations and turned BUCKET into a grouping function.
| | WHERE hire_date >= "1985-01-01T00:00:00Z" AND hire_date < "1986-01-01T00:00:00Z" | ||
| | EVAL month = BUCKET(hire_date, 20, "1985-01-01T00:00:00Z", "1986-01-01T00:00:00Z") |
There was a problem hiding this comment.
With the merged implicit conversion for literals, the tests above using strings should still work.
There was a problem hiding this comment.
They're all still there, just moved to bucket.csv-spec to group them.
| @@ -193,7 +193,7 @@ private FunctionDefinition[][] functions() { | |||
| def(Asin.class, Asin::new, "asin"), | |||
| def(Atan.class, Atan::new, "atan"), | |||
| def(Atan2.class, Atan2::new, "atan2"), | |||
| def(Bucket.class, Bucket::new, "bucket"), | |||
| def(Bucket.class, Bucket::new, "bucket", "bin"), | |||
There was a problem hiding this comment.
See my comment above on grouping - potentially extract this into a separate grouping section.
| private final Expression field; | ||
| private final Expression buckets; | ||
| private final Expression bucketsOrSpan; |
There was a problem hiding this comment.
I don't think orSpan is necessary (when dealing with time, the size of the bucket is the time span).
bpintea
changed the title
| private final Expression field; | ||
| private final Expression buckets; | ||
| private final Expression bucket; |
There was a problem hiding this comment.
Inconsistent - the @Param and method refer to buckets instead - pick either bucket or buckets and use that everywhere.
Also - Bucket.bucket?
There was a problem hiding this comment.
Reverted back to buckets, that was the intention, thx.
| @@ -5,7 +5,7 @@ | |||
| `field`:: | |||
|
|
|||
|
|
|||
| `buckets`:: | |||
| `bucketsOrSpan`:: | |||
| @@ -13,20 +13,56 @@ | |||
| "description" : "" | |||
| }, | |||
| { | |||
| "name" : "buckets", | |||
| "name" : "bucketsOrSpan", | |||
| inner -> failures.add( | ||
| fail( | ||
| inner, | ||
| "cannot imbricate grouping functions; found [{}] inside [{}]", |
| public void testGroupingInsideAggs() { | ||
| assertEquals( | ||
| "1:22: can only use grouping function [bucket(emp_no, 5.)] part of the BY clause", | ||
| error("from test| stats 3 + bucket(emp_no, 5.) by bucket(emp_no, 6.)") |
There was a problem hiding this comment.
Please add a test that shows the following works:
stats 3 + bucket(emp_no, 5) by bucket(emp_no, 5) - namely repeating the grouping function in the by clauses, as an aggregation.
Also a test with bucket only inside the agg but not inside BY, plus another one without a BY clause.
There was a problem hiding this comment.
Added all these tests and a couple more. Updating the verifier was needed too.
| inner -> failures.add( | ||
| fail( | ||
| inner, | ||
| "cannot imbricate grouping functions; found [{}] inside [{}]", |
There was a problem hiding this comment.
"imbricate" -> maybe "nest"?
## Summary Wraps in the changes from elastic/elasticsearch#107272 <img width="491" alt="Screenshot 2024-04-25 at 4 46 31 PM" src="https://github.com/elastic/kibana/assets/315764/4fb3db49-7702-466b-b1fd-b22ca3ed7a0d"> ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (still needs to be done... waiting on elastic/elasticsearch#107918)
## Summary Wraps in the changes from elastic/elasticsearch#107272 <img width="491" alt="Screenshot 2024-04-25 at 4 46 31 PM" src="https://github.com/elastic/kibana/assets/315764/4fb3db49-7702-466b-b1fd-b22ca3ed7a0d"> ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (still needs to be done... waiting on elastic/elasticsearch#107918) (cherry picked from commit 5c69e1f)
# Backport This will backport the following commits from `main` to `8.14`: - [[ES|QL] Update `bucket` signature (#181787)](#181787) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Drew Tate","email":"drew.tate@elastic.co"},"sourceCommit":{"committedDate":"2024-04-26T14:28:14Z","message":"[ES|QL] Update `bucket` signature (#181787)\n\n## Summary\n\nWraps in the changes from\nhttps://github.com/elastic/elasticsearch/pull/107272\n\n<img width=\"491\" alt=\"Screenshot 2024-04-25 at 4 46 31 PM\"\nsrc=\"https://github.com/elastic/kibana/assets/315764/4fb3db49-7702-466b-b1fd-b22ca3ed7a0d\">\n\n\n\n### Checklist\n\n- [ ] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios (still needs to\nbe done... waiting on\nhttps://github.com/elastic/elasticsearch/pull/107918)","sha":"5c69e1f89aee39dd159b2d3095298c07af94b98c","branchLabelMapping":{"^v8.15.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","backport:prev-minor","Feature:ES|QL","v8.14.0","Team:ESQL","v8.15.0"],"title":"[ES|QL] Update `bucket` signature","number":181787,"url":"#181787 Update `bucket` signature (#181787)\n\n## Summary\n\nWraps in the changes from\nhttps://github.com/elastic/elasticsearch/pull/107272\n\n<img width=\"491\" alt=\"Screenshot 2024-04-25 at 4 46 31 PM\"\nsrc=\"https://github.com/elastic/kibana/assets/315764/4fb3db49-7702-466b-b1fd-b22ca3ed7a0d\">\n\n\n\n### Checklist\n\n- [ ] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios (still needs to\nbe done... waiting on\nhttps://github.com/elastic/elasticsearch/pull/107918)","sha":"5c69e1f89aee39dd159b2d3095298c07af94b98c"}},"sourceBranch":"main","suggestedTargetBranches":["8.14"],"targetPullRequestStates":[{"branch":"8.14","label":"v8.14.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.15.0","branchLabelMappingKey":"^v8.15.0$","isSourceBranch":true,"state":"MERGED","url":"#181787 Update `bucket` signature (#181787)\n\n## Summary\n\nWraps in the changes from\nhttps://github.com/elastic/elasticsearch/pull/107272\n\n<img width=\"491\" alt=\"Screenshot 2024-04-25 at 4 46 31 PM\"\nsrc=\"https://github.com/elastic/kibana/assets/315764/4fb3db49-7702-466b-b1fd-b22ca3ed7a0d\">\n\n\n\n### Checklist\n\n- [ ] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios (still needs to\nbe done... waiting on\nhttps://github.com/elastic/elasticsearch/pull/107918)","sha":"5c69e1f89aee39dd159b2d3095298c07af94b98c"}}]}] BACKPORT--> Co-authored-by: Drew Tate <drew.tate@elastic.co>
## Summary Wraps in the changes from elastic/elasticsearch#107272 <img width="491" alt="Screenshot 2024-04-25 at 4 46 31 PM" src="https://github.com/elastic/kibana/assets/315764/4fb3db49-7702-466b-b1fd-b22ca3ed7a0d"> ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (still needs to be done... waiting on elastic/elasticsearch#107918)
There were some last minute changes to ES|QL that will ship in 8.14 that we need to take into account: - [BUCKET is now an aggregation function](elastic/elasticsearch#107272) - [index names can no longer be escaped with backticks ](elastic/elasticsearch#108431) I'm also including a change that translates `=` to `==` in WHERE commands, and more useful error messages (map a syntax error to the command where it occurred). As BUCKET is often used for timeseries data and we replaced single and double quotes around index names with backticks, this introduces a high chance of generating syntactically invalid queries. This PR updates the docs and examples and removes the correction from `"` and `'` to "`"
) There were some last minute changes to ES|QL that will ship in 8.14 that we need to take into account: - [BUCKET is now an aggregation function](elastic/elasticsearch#107272) - [index names can no longer be escaped with backticks ](elastic/elasticsearch#108431) I'm also including a change that translates `=` to `==` in WHERE commands, and more useful error messages (map a syntax error to the command where it occurred). As BUCKET is often used for timeseries data and we replaced single and double quotes around index names with backticks, this introduces a high chance of generating syntactically invalid queries. This PR updates the docs and examples and removes the correction from `"` and `'` to "`" (cherry picked from commit 6004cad)
) (#183037) # Backport This will backport the following commits from `main` to `8.14`: - [[Obs AI Assistant] Remove ES|QL escaping for index names (#183028)](#183028) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Dario Gieselaar","email":"dario.gieselaar@elastic.co"},"sourceCommit":{"committedDate":"2024-05-09T12:15:34Z","message":"[Obs AI Assistant] Remove ES|QL escaping for index names (#183028)\n\nThere were some last minute changes to ES|QL that will ship in 8.14 that\r\nwe need to take into account:\r\n\r\n- [BUCKET is now an aggregation\r\nfunction](elastic/elasticsearch#107272 [index names can no longer be escaped with backticks\r\n](elastic/elasticsearch#108431 also including a change that translates `=` to `==` in WHERE\r\ncommands, and more useful error messages (map a syntax error to the\r\ncommand where it occurred).\r\n\r\nAs BUCKET is often used for timeseries data and we replaced single and\r\ndouble quotes around index names with backticks, this introduces a high\r\nchance of generating syntactically invalid queries. This PR updates the\r\ndocs and examples and removes the correction from `\"` and `'` to \"`\"","sha":"6004cad53af71564b756e116b6b769a9d595dad6","branchLabelMapping":{"^v8.15.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","Team:Obs AI Assistant","ci:project-deploy-observability","v8.14.0","v8.15.0"],"title":"[Obs AI Assistant] Remove ES|QL escaping for index names","number":183028,"url":"#183028 AI Assistant] Remove ES|QL escaping for index names (#183028)\n\nThere were some last minute changes to ES|QL that will ship in 8.14 that\r\nwe need to take into account:\r\n\r\n- [BUCKET is now an aggregation\r\nfunction](elastic/elasticsearch#107272 [index names can no longer be escaped with backticks\r\n](elastic/elasticsearch#108431 also including a change that translates `=` to `==` in WHERE\r\ncommands, and more useful error messages (map a syntax error to the\r\ncommand where it occurred).\r\n\r\nAs BUCKET is often used for timeseries data and we replaced single and\r\ndouble quotes around index names with backticks, this introduces a high\r\nchance of generating syntactically invalid queries. This PR updates the\r\ndocs and examples and removes the correction from `\"` and `'` to \"`\"","sha":"6004cad53af71564b756e116b6b769a9d595dad6"}},"sourceBranch":"main","suggestedTargetBranches":["8.14"],"targetPullRequestStates":[{"branch":"8.14","label":"v8.14.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.15.0","branchLabelMappingKey":"^v8.15.0$","isSourceBranch":true,"state":"MERGED","url":"#183028 AI Assistant] Remove ES|QL escaping for index names (#183028)\n\nThere were some last minute changes to ES|QL that will ship in 8.14 that\r\nwe need to take into account:\r\n\r\n- [BUCKET is now an aggregation\r\nfunction](elastic/elasticsearch#107272 [index names can no longer be escaped with backticks\r\n](elastic/elasticsearch#108431 also including a change that translates `=` to `==` in WHERE\r\ncommands, and more useful error messages (map a syntax error to the\r\ncommand where it occurred).\r\n\r\nAs BUCKET is often used for timeseries data and we replaced single and\r\ndouble quotes around index names with backticks, this introduces a high\r\nchance of generating syntactically invalid queries. This PR updates the\r\ndocs and examples and removes the correction from `\"` and `'` to \"`\"","sha":"6004cad53af71564b756e116b6b769a9d595dad6"}}]}] BACKPORT--> Co-authored-by: Dario Gieselaar <dario.gieselaar@elastic.co>
This extends
BUCKETfunction to accept a two-parameters-onlyinvocation: the first parameter remains as is, while the second is a
span. It can be a numeric (floating point) span, if the first argument
is numeric, or a date period or time duration, if the first argument is
a date.
Also, the function can now be invoked with the alias
BIN.Additionally, the function has been turned into a grouping-only function
and thus can only be used within a
STATScommand.