[DOCS] Small ES|QL improvements (#101877)

* [DOCS] Small ES|QL improvements

* Fix test failure

docs/reference/esql/esql-examples.asciidoc

@@ -13,11 +13,11 @@
 ----
 FROM logs-*
 | WHERE event.code IS NOT NULL
-| STATS event_code_count = count(event.code) by event.code,host.name
-| ENRICH win_events on event.code with event_description
+| STATS event_code_count = COUNT(event.code) BY event.code,host.name
+| ENRICH win_events ON event.code WITH event_description
 | WHERE event_description IS NOT NULL and host.name IS NOT NULL
-| RENAME event_description as event.description
-| SORT event_code_count desc
+| RENAME event_description AS event.description
+| SORT event_code_count DESC
 | KEEP event_code_count,event.code,host.name,event.description
 ----
 
@@ -40,7 +40,7 @@ FROM logs-endpoint
 | WHERE process.name == "curl.exe"
 | STATS bytes = SUM(destination.bytes) BY destination.address
 | EVAL kb =  bytes/1024
-| SORT kb desc
+| SORT kb DESC
 | LIMIT 10
 | KEEP kb,destination.address
 ----
@@ -60,7 +60,7 @@ FROM logs-endpoint
 ----
 FROM logs-*
 | GROK dns.question.name "%{DATA}\\.%{GREEDYDATA:dns.question.registered_domain:string}"
-| STATS unique_queries = count_distinct(dns.question.name) by dns.question.registered_domain, process.name
+| STATS unique_queries = COUNT_DISTINCT(dns.question.name) BY dns.question.registered_domain, process.name
 | WHERE unique_queries > 10
 | SORT unique_queries DESC
 | RENAME unique_queries AS `Unique Queries`, dns.question.registered_domain AS `Registered Domain`, process.name AS `Process`
@@ -85,7 +85,7 @@ FROM logs-*
 | ENRICH ldap_lookup_new ON user.name
 | WHERE group.name IS NOT NULL
 | EVAL follow_up = CASE(destcount >= 100, "true","false")
-| SORT destcount desc
+| SORT destcount DESC
 | KEEP destcount, host.name, user.name, group.name, follow_up
 ----
 

docs/reference/esql/functions/case.asciidoc

@@ -4,7 +4,7 @@
 
 *Syntax*
 
-[source,txt]
+[source,esql]
 ----
 CASE(condition1, value1[, ..., conditionN, valueN][, default_value])
 ----

docs/reference/esql/functions/date_parse.asciidoc

@@ -4,7 +4,7 @@
 
 *Syntax*
 
-[source,txt]
+[source,esql]
 ----
 DATE_PARSE([format,] date_string)
 ----

docs/reference/esql/functions/date_trunc.asciidoc

@@ -8,6 +8,6 @@ Rounds down a date to the closest interval. Intervals can be expressed using the
 ----
 FROM employees
 | EVAL year_hired = DATE_TRUNC(1 year, hire_date)
-| STATS count(emp_no) BY year_hired
+| STATS COUNT(emp_no) BY year_hired
 | SORT year_hired
 ----

docs/reference/esql/processing-commands/dissect.asciidoc

@@ -6,7 +6,7 @@
 
 [source,esql]
 ----
-DISSECT input "pattern" [ APPEND_SEPARATOR="<separator>"]
+DISSECT input "pattern" [APPEND_SEPARATOR="<separator>"]
 ----
 
 *Parameters*

x-pack/plugin/esql/qa/testFixtures/src/main/resources/docs.csv-spec

@@ -431,7 +431,7 @@ Hello Universe
 docsCase
 // tag::case[]
 FROM employees
-| EVAL type = case(
+| EVAL type = CASE(
     languages <= 1, "monolingual",
     languages <= 2, "bilingual",
      "polyglot")

x-pack/plugin/esql/qa/testFixtures/src/main/resources/ints.csv-spec

@@ -362,7 +362,7 @@ autoBucket
 // tag::auto_bucket[]
 FROM employees
 | WHERE hire_date >= "1985-01-01T00:00:00Z" AND hire_date < "1986-01-01T00:00:00Z"
-| EVAL bs = auto_bucket(salary, 20, 25324, 74999)
+| EVAL bs = AUTO_BUCKET(salary, 20, 25324, 74999)
 | SORT hire_date, salary
 | KEEP hire_date, salary, bs
 // end::auto_bucket[]

x-pack/plugin/esql/qa/testFixtures/src/main/resources/null.csv-spec

@@ -46,12 +46,12 @@ isNotNullForDocs
 // tag::is-not-null[]
 FROM employees
 | WHERE is_rehired IS NOT NULL
-| STATS count(emp_no)
+| STATS COUNT(emp_no)
 // end::is-not-null[]
 ;
 
 // tag::is-not-null-result[]
-count(emp_no):long 
+COUNT(emp_no):long 
 84
 // end::is-not-null-result[]
 ;