Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: a21242054b
Branches Tags
elasticsearch
/
docs
/
reference
/
esql
/
functions
/
examples
/
bucket.asciidoc

bucket.asciidoc 4.7 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123 
  1. // This is generated by ESQL's AbstractFunctionTestCase. Do no edit it. See ../README.md for how to regenerate it.
    2. 

  2. 

  3. *Examples*
    4. 

  4. 

  5. `BUCKET` can work in two modes: one in which the size of the bucket is computed
    6. 

  6. based on a buckets count recommendation (four parameters) and a range, and
    7. 

  7. another in which the bucket size is provided directly (two parameters).
    8. 

  8. 

  9. Using a target number of buckets, a start of a range, and an end of a range,
    10. 

  10. `BUCKET` picks an appropriate bucket size to generate the target number of buckets or fewer.
    11. 

  11. For example, asking for at most 20 buckets over a year results in monthly buckets:
    12. 

  12. [source.merge.styled,esql]
    13. 

  13. ----
    14. 

  14. include::{esql-specs}/bucket.csv-spec[tag=docsBucketMonth]
    15. 

  15. ----
    16. 

  16. [%header.monospaced.styled,format=dsv,separator=|]
    17. 

  17. |===
    18. 

  18. include::{esql-specs}/bucket.csv-spec[tag=docsBucketMonth-result]
    19. 

  19. |===
    20. 

  20. 

  21. The goal isn't to provide *exactly* the target number of buckets,
    22. 

  22. it's to pick a range that people are comfortable with that provides at most the target number of buckets.
    23. 

  23. 

  24. Combine `BUCKET` with an <<esql-agg-functions,aggregation>> to create a histogram:
    25. 

  25. [source.merge.styled,esql]
    26. 

  26. ----
    27. 

  27. include::{esql-specs}/bucket.csv-spec[tag=docsBucketMonthlyHistogram]
    28. 

  28. ----
    29. 

  29. [%header.monospaced.styled,format=dsv,separator=|]
    30. 

  30. |===
    31. 

  31. include::{esql-specs}/bucket.csv-spec[tag=docsBucketMonthlyHistogram-result]
    32. 

  32. |===
    33. 

  33. 

  34. NOTE: `BUCKET` does not create buckets that don't match any documents.
    35. 

  35. That's why this example is missing `1985-03-01` and other dates.
    36. 

  36. 

  37. Asking for more buckets can result in a smaller range.
    38. 

  38. For example, asking for at most 100 buckets in a year results in weekly buckets:
    39. 

  39. [source.merge.styled,esql]
    40. 

  40. ----
    41. 

  41. include::{esql-specs}/bucket.csv-spec[tag=docsBucketWeeklyHistogram]
    42. 

  42. ----
    43. 

  43. [%header.monospaced.styled,format=dsv,separator=|]
    44. 

  44. |===
    45. 

  45. include::{esql-specs}/bucket.csv-spec[tag=docsBucketWeeklyHistogram-result]
    46. 

  46. |===
    47. 

  47. 

  48. NOTE: `BUCKET` does not filter any rows. It only uses the provided range to pick a good bucket size.
    49. 

  49. For rows with a value outside of the range, it returns a bucket value that corresponds to a bucket outside the range.
    50. 

  50. Combine`BUCKET` with <<esql-where>> to filter rows.
    51. 

  51. 

  52. If the desired bucket size is known in advance, simply provide it as the second
    53. 

  53. argument, leaving the range out:
    54. 

  54. [source.merge.styled,esql]
    55. 

  55. ----
    56. 

  56. include::{esql-specs}/bucket.csv-spec[tag=docsBucketWeeklyHistogramWithSpan]
    57. 

  57. ----
    58. 

  58. [%header.monospaced.styled,format=dsv,separator=|]
    59. 

  59. |===
    60. 

  60. include::{esql-specs}/bucket.csv-spec[tag=docsBucketWeeklyHistogramWithSpan-result]
    61. 

  61. |===
    62. 

  62. 

  63. NOTE: When providing the bucket size as the second parameter, it must be a time
    64. 

  64. duration or date period.
    65. 

  65. 

  66. `BUCKET` can also operate on numeric fields. For example, to create a salary histogram:
    67. 

  67. [source.merge.styled,esql]
    68. 

  68. ----
    69. 

  69. include::{esql-specs}/bucket.csv-spec[tag=docsBucketNumeric]
    70. 

  70. ----
    71. 

  71. [%header.monospaced.styled,format=dsv,separator=|]
    72. 

  72. |===
    73. 

  73. include::{esql-specs}/bucket.csv-spec[tag=docsBucketNumeric-result]
    74. 

  74. |===
    75. 

  75. 

  76. Unlike the earlier example that intentionally filters on a date range, you rarely want to filter on a numeric range.
    77. 

  77. You have to find the `min` and `max` separately. {esql} doesn't yet have an easy way to do that automatically.
    78. 

  78. 

  79. The range can be omitted if the desired bucket size is known in advance. Simply
    80. 

  80. provide it as the second argument:
    81. 

  81. [source.merge.styled,esql]
    82. 

  82. ----
    83. 

  83. include::{esql-specs}/bucket.csv-spec[tag=docsBucketNumericWithSpan]
    84. 

  84. ----
    85. 

  85. [%header.monospaced.styled,format=dsv,separator=|]
    86. 

  86. |===
    87. 

  87. include::{esql-specs}/bucket.csv-spec[tag=docsBucketNumericWithSpan-result]
    88. 

  88. |===
    89. 

  89. 

  90. NOTE: When providing the bucket size as the second parameter, it must be
    91. 

  91. of a floating point type.
    92. 

  92. 

  93. Create hourly buckets for the last 24 hours, and calculate the number of events per hour:
    94. 

  94. [source.merge.styled,esql]
    95. 

  95. ----
    96. 

  96. include::{esql-specs}/bucket.csv-spec[tag=docsBucketLast24hr]
    97. 

  97. ----
    98. 

  98. [%header.monospaced.styled,format=dsv,separator=|]
    99. 

  99. |===
    100. 

  100. include::{esql-specs}/bucket.csv-spec[tag=docsBucketLast24hr-result]
    101. 

  101. |===
    102. 

  102. Create monthly buckets for the year 1985, and calculate the average salary by hiring month
    103. 

  103. [source.merge.styled,esql]
    104. 

  104. ----
    105. 

  105. include::{esql-specs}/bucket.csv-spec[tag=bucket_in_agg]
    106. 

  106. ----
    107. 

  107. [%header.monospaced.styled,format=dsv,separator=|]
    108. 

  108. |===
    109. 

  109. include::{esql-specs}/bucket.csv-spec[tag=bucket_in_agg-result]
    110. 

  110. |===
    111. 

  111. 

  112. `BUCKET` may be used in both the aggregating and grouping part of the
    113. 

  113. <<esql-stats-by, STATS ... BY ...>> command provided that in the aggregating
    114. 

  114. part the function is referenced by an alias defined in the
    115. 

  115. grouping part, or that it is invoked with the exact same expression:
    116. 

  116. [source.merge.styled,esql]
    117. 

  117. ----
    118. 

  118. include::{esql-specs}/bucket.csv-spec[tag=reuseGroupingFunctionWithExpression]
    119. 

  119. ----
    120. 

  120. [%header.monospaced.styled,format=dsv,separator=|]
    121. 

  121. |===
    122. 

  122. include::{esql-specs}/bucket.csv-spec[tag=reuseGroupingFunctionWithExpression-result]
    123. 

  123. |===
    124.