Skip to content

ESQL: Support exponential histograms in TS queries #138563

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Nov 27, 2025
Merged

ESQL: Support exponential histograms in TS queries #138563

merged 8 commits into from
Nov 27, 2025

Conversation

@JonasKunz
Copy link
Contributor

@JonasKunz JonasKunz commented Nov 25, 2025
edited
Loading

Adds support for querying exponential histograms in TS queries, e.g.:

TS exp_histo_sample 
 | WHERE TRANGE(to_datetime("2025-09-25T00:30:00Z"), to_datetime("2025-09-25T01:00:00Z"))
 | STATS min = MIN(responseTime),
         max = MAX(responseTime),
         median = MEDIAN(responseTime),
         p75 = PERCENTILE(responseTime,75),
         sum = SUM(responseTime),
         avg = AVG(responseTime) 
         BY instance, time=TBUCKET(10m)

The query above aggregates all histogram samples per bucket and yields the corresponding aggregation results.
This PR implements this behaviour by ensuring that we use a hidden merge_over_time inner aggregate function when the queried field is of type exponential_histogram.

This PR does not handle other _over_time functions yet (e.g. last_over_time).
This will be fixed in a follow-up PR.

@elasticsearchmachine elasticsearchmachine added external-contributor Pull request authored by a developer outside the Elasticsearch team v9.3.0 labels Nov 25, 2025
@JonasKunz JonasKunz added >non-issue :Analytics/ES|QL AKA ESQL test-release Trigger CI checks against release build labels Nov 25, 2025
@JonasKunz JonasKunz marked this pull request as ready for review November 25, 2025 11:56
@elasticsearchmachine elasticsearchmachine added the Team:Analytics Meta label for analytical engine team (ESQL/Aggs/Geo) label Nov 25, 2025
@elasticsearchmachine
Copy link
Collaborator

elasticsearchmachine commented Nov 25, 2025

Pinging @elastic/es-analytical-engine (Team:Analytics)

@JonasKunz JonasKunz requested review from dnhatn and kkrik-es November 25, 2025 11:59
@JonasKunz
Copy link
Contributor Author

JonasKunz commented Nov 25, 2025

Release tests seem to be failing for an unrelated reason, so I'm removing the tag again.

@JonasKunz JonasKunz removed the test-release Trigger CI checks against release build label Nov 25, 2025
@miguel-sanchez-elastic miguel-sanchez-elastic mentioned this pull request Nov 25, 2025
Open
3 tasks
kkrik-es
kkrik-es reviewed Nov 26, 2025
View reviewed changes
.../java/org/elasticsearch/xpack/esql/optimizer/rules/logical/TranslateTimeSeriesAggregate.java
// Then check if there is TimeSeriesAggregateFunction on the path to the outer aggregation (in the chain of parents).
// If not, wrap the field reference with the appropriate TimeSeriesAggregateFunction based on its type
Expression aggregatedExpression = af.field();
if (aggregatedExpression instanceof ExtractHistogramComponent extractHistogramComponent) {
Copy link
Contributor

@kkrik-es kkrik-es Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the type of the inner field? I wonder if we should generalize this, having a loop that keeps unrolling fields until it finds a real field.

Copy link
Contributor Author

@JonasKunz JonasKunz Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In this instanceof case we know that it must be an actual field:
ExtractHistogramComponent is a function which only accepts exponential_histogram-typed values as first parameter. The only way to get one is either a Merge aggregation (which is impossible here because we are alread in an aggregation) or a field reference.

I tried to outline the general solution for this problem in the comment above:

// One possible strategy would be to search for all field references in the expression.
// Then check if there is TimeSeriesAggregateFunction on the path to the outer aggregation (in the chain of parents).
// If not, wrap the field reference with the appropriate TimeSeriesAggregateFunction based on its type

This would be the general solution where we don't need to know all the intermediate expressions and which also works if multiple fields (e.g. SUM(gaugeA + gaugeB) are involved.

Should I create an issue for this?

Copy link
Member

@dnhatn dnhatn Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I opened #138702

kkrik-es
kkrik-es approved these changes Nov 26, 2025
View reviewed changes
Copy link
Contributor

@kkrik-es kkrik-es left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cute! Please wait for Nhat too.

@JonasKunz JonasKunz mentioned this pull request Nov 26, 2025
Open
10 tasks
@dnhatn dnhatn mentioned this pull request Nov 26, 2025
Open
dnhatn
dnhatn approved these changes Nov 26, 2025
View reviewed changes
Copy link
Member

@dnhatn dnhatn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks Jonas!

@JonasKunz JonasKunz merged commit 26a95cb into elastic:main Nov 27, 2025
34 checks passed
@JonasKunz JonasKunz deleted the exp-histo-ts branch November 27, 2025 07:29
@JonasKunz JonasKunz mentioned this pull request Nov 27, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dnhatn dnhatn dnhatn approved these changes

@kkrik-es kkrik-es kkrik-es approved these changes

Assignees

No one assigned

Labels

:Analytics/ES|QL AKA ESQL external-contributor Pull request authored by a developer outside the Elasticsearch team >non-issue Team:Analytics Meta label for analytical engine team (ESQL/Aggs/Geo) v9.3.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@JonasKunz @elasticsearchmachine @dnhatn @kkrik-es