-
Notifications
You must be signed in to change notification settings - Fork 24.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ESQL: extend BUCKET with spans. Turn it into a grouping function #107272
Conversation
This renames the function AUTO_BUCKET to just BUCKET.
This extends `BUCKET` function to accept a two-parameters-only invocation: the first parameter remains as is, while the second is a span. It can be a numeric (floating point) span, if the first argument is numeric, or a date period or time duration, if the first argument is a date. Also, the function can now be invoked with the alias `BIN`.
Documentation preview: |
Hi @bpintea, I've created a changelog YAML for you. |
out.writeExpression(bucket.from()); | ||
out.writeExpression(bucket.to()); | ||
out.writeExpression(bucket.bucketsOrSpan()); | ||
out.writeOptionalExpression(bucket.from()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
BUCKET
is "newly" introduced, so these aren't posing a bwc-issue.
Pinging @elastic/es-analytical-engine (Team:Analytics) |
double t = ((Number) to.fold()).doubleValue(); | ||
r = pickRounding(b, f, t); | ||
} else { | ||
r = ((Number) bucketsOrSpan.fold()).doubleValue(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A 0d
will result in a NaN
, but this isn't new and would address it subsequently.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Gave it a first round, will do another after lunch.
Looks good so far but I have a couple remarks.
.../esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/math/Bucket.java
Show resolved
Hide resolved
x-pack/plugin/esql/qa/testFixtures/src/main/resources/ints.csv-spec
Outdated
Show resolved
Hide resolved
.../esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/math/Bucket.java
Outdated
Show resolved
Hide resolved
x-pack/plugin/esql/qa/testFixtures/src/main/resources/ints.csv-spec
Outdated
Show resolved
Hide resolved
4 |2023-11-01T00:00:00.000Z | ||
3 |2025-10-01T00:00:00.000Z | ||
; | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should add test cases that use BIN
, e.g. with queries that compare the output of BIN
to that of BUCKET
. Applies also to int.csv-spec
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've added some BIN
tests. Not really comparing to BUCKET (I'd leave the aliasing test aside), but they're copies of existing tests with s/BUCKET/BIN
.
@@ -229,6 +231,7 @@ asin |Returns the {wikipedia}/Inverse_trigonometric_functions[arcsine] | |||
atan |Returns the {wikipedia}/Inverse_trigonometric_functions[arctangent] of the input numeric expression as an angle, expressed in radians. | |||
atan2 |The {wikipedia}/Atan2[angle] between the positive x-axis and the ray from the origin to the point (x , y) in the Cartesian plane, expressed in radians. | |||
avg |The average of a numeric field. | |||
bin |Creates human-friendly buckets and returns a datetime value for each row that corresponds to the resulting bucket the row falls into. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thought (out of scope): Hm, IMO it'd be better if this said "alias for bucket", but that'll require some plumbing to achieve.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed, that'd be nice to have.
.../esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/math/Bucket.java
Outdated
Show resolved
Hide resolved
.../esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/math/Bucket.java
Outdated
Show resolved
Hide resolved
? resolution.and(checkArgsCount(4)) | ||
.and(() -> isStringOrDate(from, sourceText(), THIRD)) | ||
.and(() -> isStringOrDate(to, sourceText(), FOURTH)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
praise: that's neat with and
allowing to use a supplier.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Alright, all done now. Close to LGTM; we should look into the tests for BIN
though and double check the kibana docs, IMHO.
"optional" : false, | ||
"optional" : true, | ||
"description" : "" | ||
}, | ||
{ | ||
"name" : "to", | ||
"type" : "datetime", | ||
"optional" : false, | ||
"optional" : true, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is not correct; in the integer
case, neither from
nor to
are optional, no?
Applies below as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeh, not sure how to go about this file, it being generated: the optionality of the parameters can't be accurately specified for functions with more than one optional parameter (the two or four bit), or based on types of various non-optional parameters.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, that's not ideal. That means we probably want to update our docs generation a bit. (out of scope, in this case)
CC @nik9000 , if you agree I'll open an issue so we don't forget.
.../esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/math/Bucket.java
Show resolved
Hide resolved
suppliers.add(new TestCaseSupplier(name, List.of(numberType, DataTypes.DOUBLE), () -> { | ||
List<TestCaseSupplier.TypedData> args = new ArrayList<>(); | ||
args.add(new TestCaseSupplier.TypedData(number.get(), "field")); | ||
args.add(new TestCaseSupplier.TypedData(50., DataTypes.DOUBLE, "span").forceLiteral()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe we could randomize the span here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It could be randomised, though the matcher (and the style of these tests) would then need to be updated. I've kept it as is for now, but can be convinced of otherwise. :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably okay either way, I'll leave that to your discretion :)
suppliers.add(new TestCaseSupplier(name, List.of(numberType, DataTypes.DOUBLE), () -> { | ||
List<TestCaseSupplier.TypedData> args = new ArrayList<>(); | ||
args.add(new TestCaseSupplier.TypedData(number.get(), "field")); | ||
args.add(new TestCaseSupplier.TypedData(50., DataTypes.DOUBLE, "span").forceLiteral()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably okay either way, I'll leave that to your discretion :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks @bpintea !
@@ -229,6 +231,7 @@ asin |Returns the {wikipedia}/Inverse_trigonometric_functions[arcsine] | |||
atan |Returns the {wikipedia}/Inverse_trigonometric_functions[arctangent] of the input numeric expression as an angle, expressed in radians. | |||
atan2 |The {wikipedia}/Atan2[angle] between the positive x-axis and the ray from the origin to the point (x , y) in the Cartesian plane, expressed in radians. | |||
avg |The average of a numeric field. | |||
bin |Creates human-friendly buckets and returns a datetime value for each row that corresponds to the resulting bucket the row falls into. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about numeric bucketing?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point, this was due an update for a while now -- I've updated it.
public TypeResolution and(Supplier<TypeResolution> other) { | ||
return failed ? this : other.get(); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not a fan since it touches QL.
*/ | ||
public class Bucket extends EsqlScalarFunction implements Validatable { | ||
public class Bucket extends EsqlScalarFunction implements Validatable, TwoOptionalArguments { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's restrict bucketing to being a grouping function first - for evals/scalar function's there's date_trunc.
For that introduce a dedicated GroupingFunction base class, similar to the approach used in SQL and wire that in the verifier so this is allowed:
STATS c = count() BY bucket(...)
while this is not:
EVAL x = bucket(..)
STATS c = count() BY x
We could allow in time the latter however conceptually bucketing should create buckets/groups/bins - if we treat them as scalar functions, we'd have to materialize the group which is tricky.
Note that if the keys are needed, one could do:
STATS by key = bucket()
which is the same as EVAL however it better preserves the context.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I had rethought this, as other implementations still offer it as a scalar. Though not sure if it's that useful as such and indeed one can get the keys with an aggregation, though reducing the scope.
But I followed the recommendations and turned BUCKET into a grouping function.
| WHERE hire_date >= "1985-01-01T00:00:00Z" AND hire_date < "1986-01-01T00:00:00Z" | ||
| EVAL month = BUCKET(hire_date, 20, "1985-01-01T00:00:00Z", "1986-01-01T00:00:00Z") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With the merged implicit conversion for literals, the tests above using strings should still work.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
They're all still there, just moved to bucket.csv-spec
to group them.
@@ -193,7 +193,7 @@ private FunctionDefinition[][] functions() { | |||
def(Asin.class, Asin::new, "asin"), | |||
def(Atan.class, Atan::new, "atan"), | |||
def(Atan2.class, Atan2::new, "atan2"), | |||
def(Bucket.class, Bucket::new, "bucket"), | |||
def(Bucket.class, Bucket::new, "bucket", "bin"), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See my comment above on grouping - potentially extract this into a separate grouping section.
private final Expression field; | ||
private final Expression buckets; | ||
private final Expression bucketsOrSpan; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think orSpan
is necessary (when dealing with time, the size of the bucket is the time span).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left another small round of comments.
private final Expression field; | ||
private final Expression buckets; | ||
private final Expression bucket; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Inconsistent - the @Param
and method refer to buckets
instead - pick either bucket or buckets and use that everywhere.
Also - Bucket.bucket?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reverted back to buckets
, that was the intention, thx.
@@ -5,7 +5,7 @@ | |||
`field`:: | |||
|
|||
|
|||
`buckets`:: | |||
`bucketsOrSpan`:: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This need to be updated.
@@ -13,20 +13,56 @@ | |||
"description" : "" | |||
}, | |||
{ | |||
"name" : "buckets", | |||
"name" : "bucketsOrSpan", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here.
inner -> failures.add( | ||
fail( | ||
inner, | ||
"cannot imbricate grouping functions; found [{}] inside [{}]", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
imbicate -> nest
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed.
public void testGroupingInsideAggs() { | ||
assertEquals( | ||
"1:22: can only use grouping function [bucket(emp_no, 5.)] part of the BY clause", | ||
error("from test| stats 3 + bucket(emp_no, 5.) by bucket(emp_no, 6.)") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add a test that shows the following works:
stats 3 + bucket(emp_no, 5) by bucket(emp_no, 5)
- namely repeating the grouping function in the by clauses, as an aggregation.
Also a test with bucket only inside the agg but not inside BY, plus another one without a BY clause.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added all these tests and a couple more. Updating the verifier was needed too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
inner -> failures.add( | ||
fail( | ||
inner, | ||
"cannot imbricate grouping functions; found [{}] inside [{}]", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"imbricate" -> maybe "nest"?
## Summary Wraps in the changes from elastic/elasticsearch#107272 <img width="491" alt="Screenshot 2024-04-25 at 4 46 31 PM" src="https://github.com/elastic/kibana/assets/315764/4fb3db49-7702-466b-b1fd-b22ca3ed7a0d"> ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (still needs to be done... waiting on elastic/elasticsearch#107918)
## Summary Wraps in the changes from elastic/elasticsearch#107272 <img width="491" alt="Screenshot 2024-04-25 at 4 46 31 PM" src="https://github.com/elastic/kibana/assets/315764/4fb3db49-7702-466b-b1fd-b22ca3ed7a0d"> ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (still needs to be done... waiting on elastic/elasticsearch#107918) (cherry picked from commit 5c69e1f)
# Backport This will backport the following commits from `main` to `8.14`: - [[ES|QL] Update `bucket` signature (#181787)](#181787) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Drew Tate","email":"drew.tate@elastic.co"},"sourceCommit":{"committedDate":"2024-04-26T14:28:14Z","message":"[ES|QL] Update `bucket` signature (#181787)\n\n## Summary\n\nWraps in the changes from\nhttps://github.com/elastic/elasticsearch/pull/107272\n\n<img width=\"491\" alt=\"Screenshot 2024-04-25 at 4 46 31 PM\"\nsrc=\"https://github.com/elastic/kibana/assets/315764/4fb3db49-7702-466b-b1fd-b22ca3ed7a0d\">\n\n\n\n### Checklist\n\n- [ ] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios (still needs to\nbe done... waiting on\nhttps://github.com/elastic/elasticsearch/pull/107918)","sha":"5c69e1f89aee39dd159b2d3095298c07af94b98c","branchLabelMapping":{"^v8.15.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","backport:prev-minor","Feature:ES|QL","v8.14.0","Team:ESQL","v8.15.0"],"title":"[ES|QL] Update `bucket` signature","number":181787,"url":"#181787 Update `bucket` signature (#181787)\n\n## Summary\n\nWraps in the changes from\nhttps://github.com/elastic/elasticsearch/pull/107272\n\n<img width=\"491\" alt=\"Screenshot 2024-04-25 at 4 46 31 PM\"\nsrc=\"https://github.com/elastic/kibana/assets/315764/4fb3db49-7702-466b-b1fd-b22ca3ed7a0d\">\n\n\n\n### Checklist\n\n- [ ] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios (still needs to\nbe done... waiting on\nhttps://github.com/elastic/elasticsearch/pull/107918)","sha":"5c69e1f89aee39dd159b2d3095298c07af94b98c"}},"sourceBranch":"main","suggestedTargetBranches":["8.14"],"targetPullRequestStates":[{"branch":"8.14","label":"v8.14.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.15.0","branchLabelMappingKey":"^v8.15.0$","isSourceBranch":true,"state":"MERGED","url":"#181787 Update `bucket` signature (#181787)\n\n## Summary\n\nWraps in the changes from\nhttps://github.com/elastic/elasticsearch/pull/107272\n\n<img width=\"491\" alt=\"Screenshot 2024-04-25 at 4 46 31 PM\"\nsrc=\"https://github.com/elastic/kibana/assets/315764/4fb3db49-7702-466b-b1fd-b22ca3ed7a0d\">\n\n\n\n### Checklist\n\n- [ ] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios (still needs to\nbe done... waiting on\nhttps://github.com/elastic/elasticsearch/pull/107918)","sha":"5c69e1f89aee39dd159b2d3095298c07af94b98c"}}]}] BACKPORT--> Co-authored-by: Drew Tate <drew.tate@elastic.co>
## Summary Wraps in the changes from elastic/elasticsearch#107272 <img width="491" alt="Screenshot 2024-04-25 at 4 46 31 PM" src="https://github.com/elastic/kibana/assets/315764/4fb3db49-7702-466b-b1fd-b22ca3ed7a0d"> ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (still needs to be done... waiting on elastic/elasticsearch#107918)
There were some last minute changes to ES|QL that will ship in 8.14 that we need to take into account: - [BUCKET is now an aggregation function](elastic/elasticsearch#107272) - [index names can no longer be escaped with backticks ](elastic/elasticsearch#108431) I'm also including a change that translates `=` to `==` in WHERE commands, and more useful error messages (map a syntax error to the command where it occurred). As BUCKET is often used for timeseries data and we replaced single and double quotes around index names with backticks, this introduces a high chance of generating syntactically invalid queries. This PR updates the docs and examples and removes the correction from `"` and `'` to "`"
) There were some last minute changes to ES|QL that will ship in 8.14 that we need to take into account: - [BUCKET is now an aggregation function](elastic/elasticsearch#107272) - [index names can no longer be escaped with backticks ](elastic/elasticsearch#108431) I'm also including a change that translates `=` to `==` in WHERE commands, and more useful error messages (map a syntax error to the command where it occurred). As BUCKET is often used for timeseries data and we replaced single and double quotes around index names with backticks, this introduces a high chance of generating syntactically invalid queries. This PR updates the docs and examples and removes the correction from `"` and `'` to "`" (cherry picked from commit 6004cad)
) (#183037) # Backport This will backport the following commits from `main` to `8.14`: - [[Obs AI Assistant] Remove ES|QL escaping for index names (#183028)](#183028) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Dario Gieselaar","email":"dario.gieselaar@elastic.co"},"sourceCommit":{"committedDate":"2024-05-09T12:15:34Z","message":"[Obs AI Assistant] Remove ES|QL escaping for index names (#183028)\n\nThere were some last minute changes to ES|QL that will ship in 8.14 that\r\nwe need to take into account:\r\n\r\n- [BUCKET is now an aggregation\r\nfunction](elastic/elasticsearch#107272 [index names can no longer be escaped with backticks\r\n](elastic/elasticsearch#108431 also including a change that translates `=` to `==` in WHERE\r\ncommands, and more useful error messages (map a syntax error to the\r\ncommand where it occurred).\r\n\r\nAs BUCKET is often used for timeseries data and we replaced single and\r\ndouble quotes around index names with backticks, this introduces a high\r\nchance of generating syntactically invalid queries. This PR updates the\r\ndocs and examples and removes the correction from `\"` and `'` to \"`\"","sha":"6004cad53af71564b756e116b6b769a9d595dad6","branchLabelMapping":{"^v8.15.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","Team:Obs AI Assistant","ci:project-deploy-observability","v8.14.0","v8.15.0"],"title":"[Obs AI Assistant] Remove ES|QL escaping for index names","number":183028,"url":"#183028 AI Assistant] Remove ES|QL escaping for index names (#183028)\n\nThere were some last minute changes to ES|QL that will ship in 8.14 that\r\nwe need to take into account:\r\n\r\n- [BUCKET is now an aggregation\r\nfunction](elastic/elasticsearch#107272 [index names can no longer be escaped with backticks\r\n](elastic/elasticsearch#108431 also including a change that translates `=` to `==` in WHERE\r\ncommands, and more useful error messages (map a syntax error to the\r\ncommand where it occurred).\r\n\r\nAs BUCKET is often used for timeseries data and we replaced single and\r\ndouble quotes around index names with backticks, this introduces a high\r\nchance of generating syntactically invalid queries. This PR updates the\r\ndocs and examples and removes the correction from `\"` and `'` to \"`\"","sha":"6004cad53af71564b756e116b6b769a9d595dad6"}},"sourceBranch":"main","suggestedTargetBranches":["8.14"],"targetPullRequestStates":[{"branch":"8.14","label":"v8.14.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.15.0","branchLabelMappingKey":"^v8.15.0$","isSourceBranch":true,"state":"MERGED","url":"#183028 AI Assistant] Remove ES|QL escaping for index names (#183028)\n\nThere were some last minute changes to ES|QL that will ship in 8.14 that\r\nwe need to take into account:\r\n\r\n- [BUCKET is now an aggregation\r\nfunction](elastic/elasticsearch#107272 [index names can no longer be escaped with backticks\r\n](elastic/elasticsearch#108431 also including a change that translates `=` to `==` in WHERE\r\ncommands, and more useful error messages (map a syntax error to the\r\ncommand where it occurred).\r\n\r\nAs BUCKET is often used for timeseries data and we replaced single and\r\ndouble quotes around index names with backticks, this introduces a high\r\nchance of generating syntactically invalid queries. This PR updates the\r\ndocs and examples and removes the correction from `\"` and `'` to \"`\"","sha":"6004cad53af71564b756e116b6b769a9d595dad6"}}]}] BACKPORT--> Co-authored-by: Dario Gieselaar <dario.gieselaar@elastic.co>
This extends
BUCKET
function to accept a two-parameters-onlyinvocation: the first parameter remains as is, while the second is a
span. It can be a numeric (floating point) span, if the first argument
is numeric, or a date period or time duration, if the first argument is
a date.
Also, the function can now be invoked with the alias
BIN
.Additionally, the function has been turned into a grouping-only function
and thus can only be used within a
STATS
command.