Merge pull request ESQL-1236 from abdonpijpelink/processing_commands_files

[DOCS] Move processing commands to a file per command

docs/reference/esql/esql-processing-commands.asciidoc

@@ -26,298 +26,14 @@ ESQL supports these processing commands:
 * <<esql-stats-by>>
 * <<esql-where>>
 
-
-[[esql-dissect]]
-=== `DISSECT`
-
-`DISSECT` enables you to extract structured data out of a string. `DISSECT`
-matches the string against a delimiter-based pattern, and extracts the specified
-keys as columns.
-
-Refer to the <<dissect-processor,dissect processor documentation>> for the
-syntax of dissect patterns.
-
-[source,esql]
-----
-ROW a = "1953-01-23T12:15:00Z - some text - 127.0.0.1"
-| DISSECT a "%{Y}-%{M}-%{D}T%{h}:%{m}:%{s}Z - %{msg} - %{ip}"
-----
-
-[[esql-drop]]
-=== `DROP`
-
-Use `DROP` to remove columns from a table:
-
-[source,esql]
-----
-FROM employees
-| DROP height
-----
-
-Rather than specify each column by name, you can use wildcards to drop all
-columns with a name that matches a pattern:
-
-[source,esql]
-----
-FROM employees
-| DROP height*
-----
-
-[[esql-eval]]
-=== `EVAL`
-`EVAL` enables you to add new columns to the end of a table:
-
-[source,esql]
-----
-FROM employees
-| PROJECT first_name, last_name, height
-| EVAL height_feet = height * 3.281, height_cm = height * 100
-----
-
-If the specified column already exists, the existing column will be dropped, and
-the new column will be appended to the table:
-
-[source,esql]
-----
-FROM employees
-| PROJECT first_name, last_name, height
-| EVAL height = height * 3.281
-----
-
-[discrete]
-==== Functions
-`EVAL` supports various functions for calculating values. Refer to
-<<esql-functions,Functions>> for more information.
-
-[[esql-grok]]
-=== `GROK`
-
-`GROK` enables you to extract structured data out of a string. `GROK` matches
-the string against patterns, based on regular expressions, and extracts the
-specified patterns as columns.
-
-Refer to the <<grok-processor,grok processor documentation>> for the syntax for
-of grok patterns.
-
-[source,esql]
-----
-ROW a = "12 15.5 15.6 true"
-| GROK a "%{NUMBER:b:int} %{NUMBER:c:float} %{NUMBER:d:double} %{WORD:e:boolean}"
-----
-
-[[esql-limit]]
-=== `LIMIT`
-
-The `LIMIT` processing command enables you to limit the number of rows:
-
-[source,esql]
-----
-FROM employees
-| LIMIT 5
-----
-
-[[esql-mv_expand]]
-=== `MV_EXPAND`
-
-The `MV_EXPAND` processing command expands multivalued fields into one row per value, duplicating other fields:
-
-[source,esql]
-----
-include::{esql-specs}/mv_expand.csv-spec[tag=simple]
-----
-
-[%header,format=dsv,separator=|]
-|===
-include::{esql-specs}/mv_expand.csv-spec[tag=simple-result]
-|===
-
-[[esql-project]]
-=== `PROJECT`
-
-The `PROJECT` command enables you to specify what columns are returned and the
-order in which they are returned.
-
-To limit the columns that are returned, use a comma-separated list of column
-names. The columns are returned in the specified order:
-
-[source,esql]
-----
-FROM employees
-| PROJECT first_name, last_name, height
-----
-
-Rather than specify each column by name, you can use wildcards to return all
-columns with a name that matches a pattern:
-
-[source,esql]
-----
-FROM employees
-| PROJECT h*
-----
-
-The asterisk wildcard (`*`) by itself translates to all columns that do not
-match the other arguments. This query will first return all columns with a name
-that starts with an h, followed by all other columns:
-
-[source,esql]
-----
-FROM employees
-| PROJECT h*, *
-----
-
-[[esql-rename]]
-=== `RENAME`
-
-Use `RENAME` to rename a column. If a column with the new name already exists,
-it will be replaced by the new column.
-
-[source,esql]
-----
-FROM employees
-| PROJECT first_name, last_name, still_hired
-| RENAME employed = still_hired
-----
-
-Multiple columns can be renamed with a single `RENAME` command:
-
-[source,esql]
-----
-FROM employees
-| PROJECT first_name, last_name
-| RENAME fn = first_name, ln = last_name
-----
-
-[[esql-sort]]
-=== `SORT`
-Use the `SORT` command to sort rows on one or more fields:
-
-[source,esql]
-----
-FROM employees
-| PROJECT first_name, last_name, height
-| SORT height
-----
-
-The default sort order is ascending. Set an explicit sort order using `ASC` or
-`DESC`:
-
-[source,esql]
-----
-FROM employees
-| PROJECT first_name, last_name, height
-| SORT height DESC
-----
-
-If two rows have the same sort key, the original order will be preserved. You
-can provide additional sort expressions to act as tie breakers:
-
-[source,esql]
-----
-FROM employees
-| PROJECT first_name, last_name, height
-| SORT height DESC, first_name ASC
-----
-
-[discrete]
-==== `null` values
-By default, `null` values are treated as being larger than any other value. With
-an ascending sort order, `null` values are sorted last, and with a descending
-sort order, `null` values are sorted first. You can change that by providing
-`NULLS FIRST` or `NULLS LAST`:
-
-[source,esql]
-----
-FROM employees
-| PROJECT first_name, last_name, height
-| SORT first_name ASC NULLS FIRST
-----
-
-[[esql-stats-by]]
-=== `STATS ... BY`
-Use `STATS ... BY` to group rows according to a common value and calculate one
-or more aggregated values over the grouped rows.
-
-[source,esql]
-----
-FROM employees
-| STATS count = COUNT(languages) BY languages
-----
-
-If `BY` is omitted, the output table contains exactly one row with the
-aggregations applied over the entire dataset:
-
-[source,esql]
-----
-FROM employees
-| STATS avg_lang = AVG(languages)
-----
-
-It's possible to calculate multiple values:
-
-[source,esql]
-----
-FROM employees
-| STATS avg_lang = AVG(languages), max_lang = MAX(languages)
-----
-
-It's also possible to group by multiple values (only supported for long and
-keyword family fields):
-
-[source,esql]
-----
-FROM employees
-| EVAL hired = DATE_FORMAT(hire_date, "YYYY")
-| STATS avg_salary = AVG(salary) BY hired, languages.long
-| EVAL avg_salary = ROUND(avg_salary)
-| SORT hired, languages.long
-----
-
-The following aggregation functions are supported:
-
-* `AVG`
-* `COUNT`
-* `COUNT_DISTINCT`
-* `MAX`
-* `MEDIAN`
-* `MEDIAN_ABSOLUTE_DEVIATION`
-* `MIN`
-* `SUM`
-
-[[esql-where]]
-=== `WHERE`
-
-Use `WHERE` to produce a table that contains all the rows from the input table
-for which the provided condition evaluates to `true`:
-
-[source,esql]
-----
-FROM employees
-| PROJECT first_name, last_name, still_hired
-| WHERE still_hired == true
-----
-
-Which, if `still_hired` is a boolean field, can be simplified to:
-
-[source,esql]
-----
-FROM employees
-| PROJECT first_name, last_name, still_hired
-| WHERE still_hired
-----
-
-[discrete]
-==== Operators
-
-Refer to <<esql-operators>> for an overview of the supported operators.
-
-[discrete]
-==== Functions
-`WHERE` supports various functions for calculating values. Refer to
-<<esql-functions,Functions>> for more information.
-
-[source,esql]
-----
-FROM employees
-| PROJECT first_name, last_name, height
-| WHERE length(first_name) < 4
-----
+include::processing-commands/dissect.asciidoc[]
+include::processing-commands/drop.asciidoc[]
+include::processing-commands/eval.asciidoc[]
+include::processing-commands/grok.asciidoc[]
+include::processing-commands/limit.asciidoc[]
+include::processing-commands/mv_expand.asciidoc[]
+include::processing-commands/project.asciidoc[]
+include::processing-commands/rename.asciidoc[]
+include::processing-commands/sort.asciidoc[]
+include::processing-commands/stats.asciidoc[]
+include::processing-commands/where.asciidoc[]

docs/reference/esql/processing-commands/dissect.asciidoc

@@ -0,0 +1,21 @@
+[[esql-dissect]]
+=== `DISSECT`
+
+`DISSECT` enables you to extract structured data out of a string. `DISSECT`
+matches the string against a delimiter-based pattern, and extracts the specified
+keys as columns.
+
+Refer to the <<dissect-processor,dissect processor documentation>> for the
+syntax of dissect patterns.
+
+[source,esql]
+----
+include::{esql-specs}/dissect.csv-spec[tag=dissect]
+----
+
+Returns:
+
+[%header,format=dsv,separator=|]
+|===
+include::{esql-specs}/dissect.csv-spec[tag=dissect-result]
+|===

docs/reference/esql/processing-commands/drop.asciidoc

@@ -0,0 +1,17 @@
+[[esql-drop]]
+=== `DROP`
+
+Use `DROP` to remove columns:
+
+[source,esql]
+----
+include::{esql-specs}/docs.csv-spec[tag=dropheight]
+----
+
+Rather than specify each column by name, you can use wildcards to drop all
+columns with a name that matches a pattern:
+
+[source,esql]
+----
+include::{esql-specs}/docs.csv-spec[tag=dropheightwithwildcard]
+----

docs/reference/esql/processing-commands/eval.asciidoc

@@ -0,0 +1,35 @@
+[[esql-eval]]
+=== `EVAL`
+`EVAL` enables you to append new columns:
+
+[source,esql]
+----
+include::{esql-specs}/docs.csv-spec[tag=eval]
+----
+
+Returns:
+
+[%header,format=dsv,separator=|]
+|===
+include::{esql-specs}/docs.csv-spec[tag=eval-result]
+|===
+
+If the specified column already exists, the existing column will be dropped, and
+the new column will be appended to the table:
+
+[source,esql]
+----
+include::{esql-specs}/docs.csv-spec[tag=evalReplace]
+----
+
+Returns:
+
+[%header,format=dsv,separator=|]
+|===
+include::{esql-specs}/docs.csv-spec[tag=evalReplace-result]
+|===
+
+[discrete]
+==== Functions
+`EVAL` supports various functions for calculating values. Refer to
+<<esql-functions,Functions>> for more information.

docs/reference/esql/processing-commands/grok.asciidoc

@@ -0,0 +1,23 @@
+[[esql-grok]]
+=== `GROK`
+
+`GROK` enables you to extract structured data out of a string. `GROK` matches
+the string against patterns, based on regular expressions, and extracts the
+specified patterns as columns.
+
+Refer to the <<grok-processor,grok processor documentation>> for the syntax for
+of grok patterns.
+
+For example:
+
+[source,esql]
+----
+include::{esql-specs}/grok.csv-spec[tag=grok]
+----
+
+Returns:
+
+[%header,format=dsv,separator=|]
+|===
+include::{esql-specs}/grok.csv-spec[tag=grok-result]
+|===

docs/reference/esql/processing-commands/limit.asciidoc

@@ -0,0 +1,9 @@
+[[esql-limit]]
+=== `LIMIT`
+
+The `LIMIT` processing command enables you to limit the number of rows:
+
+[source,esql]
+----
+include::{esql-specs}/docs.csv-spec[tag=limit]
+----

docs/reference/esql/processing-commands/mv_expand.asciidoc

@@ -0,0 +1,16 @@
+[[esql-mv_expand]]
+=== `MV_EXPAND`
+
+The `MV_EXPAND` processing command expands multivalued fields into one row per value, duplicating other fields:
+
+[source,esql]
+----
+include::{esql-specs}/mv_expand.csv-spec[tag=simple]
+----
+
+Which returns:
+
+[%header,format=dsv,separator=|]
+|===
+include::{esql-specs}/mv_expand.csv-spec[tag=simple-result]
+|===

docs/reference/esql/processing-commands/project.asciidoc

@@ -0,0 +1,37 @@
+[[esql-project]]
+=== `PROJECT`
+
+The `PROJECT` command enables you to specify what columns are returned and the
+order in which they are returned.
+
+To limit the columns that are returned, use a comma-separated list of column
+names. The columns are returned in the specified order:
+
+[source,esql]
+----
+include::{esql-specs}/docs.csv-spec[tag=project]
+----
+
+Which returns:
+
+[%header,format=dsv,separator=|]
+|===
+include::{esql-specs}/docs.csv-spec[tag=project-result]
+|===
+
+Rather than specify each column by name, you can use wildcards to return all
+columns with a name that matches a pattern:
+
+[source,esql]
+----
+include::{esql-specs}/docs.csv-spec[tag=projectWildcard]
+----
+
+The asterisk wildcard (`*`) by itself translates to all columns that do not
+match the other arguments. This query will first return all columns with a name
+that starts with an h, followed by all other columns:
+
+[source,esql]
+----
+include::{esql-specs}/docs.csv-spec[tag=projectDoubleWildcard]
+----

docs/reference/esql/processing-commands/rename.asciidoc

@@ -0,0 +1,17 @@
+[[esql-rename]]
+=== `RENAME`
+
+Use `RENAME` to rename a column. If a column with the new name already exists,
+it will be replaced by the new column.
+
+[source,esql]
+----
+include::{esql-specs}/docs.csv-spec[tag=rename]
+----
+
+Multiple columns can be renamed with a single `RENAME` command:
+
+[source,esql]
+----
+include::{esql-specs}/docs.csv-spec[tag=renameMultipleColumns]
+----

docs/reference/esql/processing-commands/sort.asciidoc

@@ -0,0 +1,36 @@
+[[esql-sort]]
+=== `SORT`
+Use the `SORT` command to sort rows on one or more fields:
+
+[source,esql]
+----
+include::{esql-specs}/docs.csv-spec[tag=sort]
+----
+
+The default sort order is ascending. Set an explicit sort order using `ASC` or
+`DESC`:
+
+[source,esql]
+----
+include::{esql-specs}/docs.csv-spec[tag=sortDesc]
+----
+
+Two rows with the same sort key are considered equal. You can provide additional
+sort expressions to act as tie breakers:
+
+[source,esql]
+----
+include::{esql-specs}/docs.csv-spec[tag=sortTie]
+----
+
+[discrete]
+==== `null` values
+By default, `null` values are treated as being larger than any other value. With
+an ascending sort order, `null` values are sorted last, and with a descending
+sort order, `null` values are sorted first. You can change that by providing
+`NULLS FIRST` or `NULLS LAST`:
+
+[source,esql]
+----
+include::{esql-specs}/docs.csv-spec[tag=sortNullsFirst]
+----

docs/reference/esql/processing-commands/stats.asciidoc

@@ -0,0 +1,57 @@
+[[esql-stats-by]]
+=== `STATS ... BY`
+Use `STATS ... BY` to group rows according to a common value and calculate one
+or more aggregated values over the grouped rows.
+
+[source,esql]
+----
+include::{esql-specs}/docs.csv-spec[tag=stats]
+----
+
+Which returns:
+
+[%header,format=dsv,separator=|]
+|===
+include::{esql-specs}/docs.csv-spec[tag=stats-result]
+|===
+
+If `BY` is omitted, the output table contains exactly one row with the
+aggregations applied over the entire dataset:
+
+[source,esql]
+----
+include::{esql-specs}/docs.csv-spec[tag=statsWithoutBy]
+----
+
+Returning:
+
+[%header,format=dsv,separator=|]
+|===
+include::{esql-specs}/docs.csv-spec[tag=statsWithoutBy-result]
+|===
+
+It's possible to calculate multiple values:
+
+[source,esql]
+----
+include::{esql-specs}/docs.csv-spec[tag=statsCalcMultipleValues]
+----
+
+It's also possible to group by multiple values (only supported for long and
+keyword family fields):
+
+[source,esql]
+----
+include::{esql-specs}/docs.csv-spec[tag=statsGroupByMultipleValues]
+----
+
+The following aggregation functions are supported:
+
+* `AVG`
+* `COUNT`
+* `COUNT_DISTINCT`
+* `MAX`
+* `MEDIAN`
+* `MEDIAN_ABSOLUTE_DEVIATION`
+* `MIN`
+* `SUM`

docs/reference/esql/processing-commands/where.asciidoc

@@ -0,0 +1,32 @@
+[[esql-where]]
+=== `WHERE`
+
+Use `WHERE` to produce a table that contains all the rows from the input table
+for which the provided condition evaluates to `true`:
+
+[source,esql]
+----
+include::{esql-specs}/docs.csv-spec[tag=where]
+----
+
+Which, if `still_hired` is a boolean field, can be simplified to:
+
+[source,esql]
+----
+include::{esql-specs}/docs.csv-spec[tag=whereBoolean]
+----
+
+[discrete]
+==== Operators
+
+Refer to <<esql-operators>> for an overview of the supported operators.
+
+[discrete]
+==== Functions
+`WHERE` supports various functions for calculating values. Refer to
+<<esql-functions,Functions>> for more information.
+
+[source,esql]
+----
+include::{esql-specs}/docs.csv-spec[tag=whereFunction]
+----

x-pack/plugin/esql/qa/testFixtures/src/main/resources/dissect.csv-spec

@@ -15,10 +15,17 @@ foo bar   | null       | null
 
 
 complexPattern
-row a = "1953-01-23T12:15:00Z - some text - 127.0.0.1;" | dissect a "%{Y}-%{M}-%{D}T%{h}:%{m}:%{s}Z - %{msg} - %{ip};" | project Y, M, D, h, m, s, msg, ip;
+// tag::dissect[]
+ROW a = "1953-01-23T12:15:00Z - some text - 127.0.0.1;" 
+| DISSECT a "%{Y}-%{M}-%{D}T%{h}:%{m}:%{s}Z - %{msg} - %{ip};" 
+| PROJECT Y, M, D, h, m, s, msg, ip
+// end::dissect[]
+;
 
+// tag::dissect-result[]
 Y:keyword | M:keyword | D:keyword | h:keyword | m:keyword | s:keyword | msg:keyword  | ip:keyword
 1953      | 01        | 23        | 12        | 15        | 00        | some text    | 127.0.0.1
+// end::dissect-result[]
 ;
 
 

x-pack/plugin/esql/qa/testFixtures/src/main/resources/docs.csv-spec

@@ -0,0 +1,288 @@
+docsDropHeight
+// tag::dropheight[]
+FROM employees 
+| DROP height
+// end::dropheight[]
+| LIMIT 0;
+
+avg_worked_seconds:long | birth_date:date | emp_no:integer | first_name:keyword | gender:keyword | height.float:double | height.half_float:double | height.scaled_float:double | hire_date:date | is_rehired:boolean | job_positions:keyword | languages:integer | languages.byte:integer | languages.long:long | languages.short:integer | last_name:keyword | salary:integer | salary_change:double | salary_change.int:integer |salary_change.long:long | still_hired:boolean
+;
+
+docsDropHeightWithWildcard
+// tag::dropheightwithwildcard[]
+FROM employees 
+| DROP height*
+// end::dropheightwithwildcard[]
+| LIMIT 0;
+
+avg_worked_seconds:long | birth_date:date | emp_no:integer | first_name:keyword | gender:keyword | hire_date:date | is_rehired:boolean | job_positions:keyword | languages:integer | languages.byte:integer | languages.long:long | languages.short:integer | last_name:keyword | salary:integer | salary_change:double | salary_change.int:integer |salary_change.long:long | still_hired:boolean
+;
+
+docsEval
+// tag::eval[]
+FROM employees
+| PROJECT first_name, last_name, height
+| EVAL height_feet = height * 3.281, height_cm = height * 100
+// end::eval[]
+| WHERE first_name == "Georgi"
+| LIMIT 1;
+
+// tag::eval-result[]
+first_name:keyword | last_name:keyword | height:double | height_feet:double | height_cm:double
+Georgi |Facello | 2.03 | 6.66043 | 202.99999999999997
+// end::eval-result[]
+;
+
+docsEvalReplace
+// tag::evalReplace[]
+FROM employees
+| PROJECT first_name, last_name, height
+| EVAL height = height * 3.281
+// end::evalReplace[]
+| WHERE first_name == "Georgi"
+| LIMIT 1;
+
+// tag::evalReplace-result[]
+first_name:keyword | last_name:keyword | height:double
+Georgi | Facello | 6.66043
+// end::evalReplace-result[]
+;
+
+docsLimit
+// tag::limit[]
+FROM employees
+| LIMIT 5
+// end::limit[]
+| PROJECT emp_no
+| SORT emp_no ASC
+;
+
+emp_no:integer
+10001
+10002
+10003
+10004
+10005
+;
+
+docsProject
+// tag::project[]
+FROM employees
+| PROJECT emp_no, first_name, last_name, height
+// end::project[]
+| SORT emp_no ASC
+| LIMIT 5
+;
+
+// tag::project-result[]
+emp_no:integer | first_name:keyword | last_name:keyword | height:double
+10001          |Georgi         |Facello        |2.03
+10002          |Bezalel        |Simmel         |2.08
+10003          |Parto          |Bamford        |1.83
+10004          |Chirstian      |Koblick        |1.78
+10005          |Kyoichi        |Maliniak       |2.05
+// end::project-result[]
+;
+
+docsProjectWildcard
+// tag::projectWildcard[]
+FROM employees
+| PROJECT h*
+// end::projectWildcard[]
+| LIMIT 0;
+
+height:double | height.float:double | height.half_float:double | height.scaled_float:double | hire_date:date
+;
+
+docsProjectDoubleWildcard
+// tag::projectDoubleWildcard[]
+FROM employees
+| PROJECT h*, *
+// end::projectDoubleWildcard[]
+| LIMIT 0;
+
+height:double | height.float:double | height.half_float:double | height.scaled_float:double |       hire_date:date | avg_worked_seconds:long | birth_date:date | emp_no:integer | first_name:keyword | gender:keyword | is_rehired:boolean | job_positions:keyword | languages:integer | languages.byte:integer | languages.long:long | languages.short:integer | last_name:keyword | salary:integer | salary_change:double | salary_change.int:integer |salary_change.long:long | still_hired:boolean
+;
+
+docsRename
+// tag::rename[]
+FROM employees
+| PROJECT first_name, last_name, still_hired
+| RENAME employed = still_hired
+// end::rename[]
+| LIMIT 0;
+
+first_name:keyword | last_name:keyword | employed:boolean
+;
+
+docsRenameMultipleColumns
+// tag::renameMultipleColumns[]
+FROM employees
+| PROJECT first_name, last_name
+| RENAME fn = first_name, ln = last_name
+// end::renameMultipleColumns[]
+| LIMIT 0;
+
+fn:keyword | ln:keyword
+;
+
+docsSort
+// tag::sort[]
+FROM employees
+| PROJECT first_name, last_name, height
+| SORT height
+// end::sort[]
+| SORT height, first_name
+| LIMIT 3;
+
+first_name:keyword | last_name:keyword | height:double
+Mayuko         |Warwick        |1.41
+Breannda       |Billingsley    |1.42
+Vishv          |Zockler        |1.42
+;
+
+docsSortDesc
+// tag::sortDesc[]
+FROM employees
+| PROJECT first_name, last_name, height
+| SORT height DESC
+// end::sortDesc[]
+| SORT height DESC, first_name ASC
+| LIMIT 3;
+
+first_name:keyword | last_name:keyword | height:double
+Arumugam       |Ossenbruggen   |2.1
+Kwee           |Schusler       |2.1
+Saniya         |Kalloufi       |2.1
+;
+
+docsSortTie
+// tag::sortTie[]
+FROM employees
+| PROJECT first_name, last_name, height
+| SORT height DESC, first_name ASC
+// end::sortTie[]
+| LIMIT 3;
+
+first_name:keyword | last_name:keyword | height:double
+Arumugam       |Ossenbruggen   |2.1
+Kwee           |Schusler       |2.1
+Saniya         |Kalloufi       |2.1
+;
+
+docsSortNullsFirst
+// tag::sortNullsFirst[]
+FROM employees
+| PROJECT first_name, last_name, height
+| SORT first_name ASC NULLS FIRST
+// end::sortNullsFirst[]
+| SORT first_name ASC NULLS FIRST, height
+| LIMIT 3;
+
+first_name:keyword | last_name:keyword | height:double
+null           |Swan           |1.46
+null           |Lortz          |1.53
+null           |Brender        |1.55
+;
+
+docsStats
+// tag::stats[]
+FROM employees
+| STATS count = COUNT(languages) BY languages
+| SORT languages
+// end::stats[]
+;
+
+// tag::stats-result[]
+count:long | languages:integer
+15             |1
+19             |2
+17             |3
+18             |4
+21             |5
+// end::stats-result[]
+;
+
+docsStatsWithoutBy
+// tag::statsWithoutBy[]
+FROM employees
+| STATS avg_lang = AVG(languages)
+// end::statsWithoutBy[]
+;
+
+// tag::statsWithoutBy-result[]
+avg_lang:double
+3.1222222222222222
+// end::statsWithoutBy-result[]
+;
+
+docsStatsMultiple
+// tag::statsCalcMultipleValues[]
+FROM employees
+| STATS avg_lang = AVG(languages), max_lang = MAX(languages)
+// end::statsCalcMultipleValues[]
+;
+
+avg_lang:double | max_lang:integer
+3.1222222222222222|5
+;
+
+docsStatsGroupByMultipleValues
+// tag::statsGroupByMultipleValues[]
+FROM employees
+| EVAL hired = DATE_FORMAT(hire_date, "YYYY")
+| STATS avg_salary = AVG(salary) BY hired, languages.long
+| EVAL avg_salary = ROUND(avg_salary)
+| SORT hired, languages.long
+// end::statsGroupByMultipleValues[]
+| LIMIT 4
+;
+
+hired:keyword |languages.long:long | avg_salary:double
+1985           |1              |54668.0        
+1985           |3              |47723.0        
+1985           |4              |44817.0        
+1985           |5              |47720.0  
+;
+
+docsWhere
+// tag::where[]
+FROM employees
+| PROJECT first_name, last_name, still_hired
+| WHERE still_hired == true
+// end::where[]
+| STATS count = COUNT(last_name) BY still_hired
+;
+
+count:long | still_hired:boolean
+45             |true
+;
+
+docsWhereBoolean
+// tag::whereBoolean[]
+FROM employees
+| PROJECT first_name, last_name, still_hired
+| WHERE still_hired
+// end::whereBoolean[]
+| STATS count = COUNT(last_name) BY still_hired
+;
+
+count:long | still_hired:boolean
+45             |true
+;
+
+docsWhereFunction
+// tag::whereFunction[]
+FROM employees
+| PROJECT first_name, last_name, height
+| WHERE length(first_name) < 4
+// end::whereFunction[]
+| SORT first_name
+;
+
+first_name:keyword | last_name:keyword | height:double
+Gao            |Dolinsky       |1.94
+Tse            |Herber         |1.45
+Udi            |Jansch         |1.93
+Uri            |Lenart         |1.75
+;

x-pack/plugin/esql/qa/testFixtures/src/main/resources/grok.csv-spec

@@ -15,10 +15,17 @@ foo bar   | null
 
 
 complexPattern
-row a = "1953-01-23T12:15:00Z 127.0.0.1 some.email@foo.com 42" | grok a "%{TIMESTAMP_ISO8601:date} %{IP:ip} %{EMAILADDRESS:email} %{NUMBER:num:int}" | project date, ip, email, num;
+// tag::grok[]
+ROW a = "1953-01-23T12:15:00Z 127.0.0.1 some.email@foo.com 42" 
+| GROK a "%{TIMESTAMP_ISO8601:date} %{IP:ip} %{EMAILADDRESS:email} %{NUMBER:num:int}" 
+| PROJECT date, ip, email, num
+// end::grok[]
+;
 
+// tag::grok-result[]
 date:keyword          | ip:keyword    | email:keyword       | num:integer
 1953-01-23T12:15:00Z  | 127.0.0.1     | some.email@foo.com  | 42
+// end::grok-result[]
 ;