github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 09:19:04 -04:00
Code Issues Projects Releases Packages Wiki Activity

[ES|QL] Highlights the code examples in our inline docs (#214915)

Browse source 
## Summary

Adds ES|QL highlight in our inline docs


![image
(87)](https://github.com/user-attachments/assets/a08c21b4-f11b-4366-aaa1-8505e973d201)
This commit is contained in:
Stratoula Kalafateli 2025-03-19 10:46:30 +01:00 committed by GitHub
parent d764bd91f5
commit 66b00f3583
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 186 additions and 178 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/platform/packages/private/kbn-language-documentation/scripts/generate_esql_docs.ts
View file

@ -107,6 +107,10 @@ function writeFunctionDocs(functionDocs: Map<string, DocsSectionContent>, pathTo
doc.description,
Array.from(functionDocs.keys())
);
const defaultMessage = replaceCodeBlocksForESQLFormatting(docWithoutLinks).replaceAll(
'`',
'\\`'
);
return `
const foo =
// Do not edit manually... automatically generated by scripts/generate_esql_docs.ts
@ -126,7 +130,7 @@ function writeFunctionDocs(functionDocs: Map<string, DocsSectionContent>, pathTo
markdownContent={i18n.translate(
'languageDocumentation.documentationESQL.${name}.markdown',
{
defaultMessage: \`${docWithoutLinks.replaceAll('`', '\\`')}\`,
defaultMessage: \`${defaultMessage}\`,
description:
'Text is in markdown. Do not translate function names, special characters, or field names like sum(bytes)',
ignoreTag: true,
@ -177,6 +181,10 @@ function removeAsciiDocInternalCrossReferences(asciidocString: string, functionN
});
}
function replaceCodeBlocksForESQLFormatting(text: string) {
return text.replace(/```(\n[\s\S]*?\n)```/g, '``` esql$1```');
}
/**
* This function searches the AST for the functions list
*/

98
src/platform/packages/private/kbn-language-documentation/src/sections/esql_documentation_sections.tsx
View file

@ -23,7 +23,7 @@ An ES|QL (Elasticsearch query language) query consists of a series of commands,
A source command can be followed by one or more **processing commands**. Processing commands can change the output table of the previous command by adding, removing, and changing rows and columns.
\`\`\`
\`\`\` esql
source-command
| processing-command1
| processing-command2
@ -54,7 +54,7 @@ export const sourceCommands = {
defaultMessage: `### FROM
The \`FROM\` source command returns a table with up to 10,000 documents from a data stream, index, or alias. Each row in the resulting table represents a document. Each column corresponds to a field, and can be accessed by the name of that field.
\`\`\`
\`\`\` esql
FROM employees
\`\`\`
@ -62,7 +62,7 @@ You can use [date math](https://www.elastic.co/guide/en/elasticsearch/reference/
Use comma-separated lists or wildcards to query multiple data streams, indices, or aliases:
\`\`\`
\`\`\` esql
FROM employees-00001,employees-*
\`\`\`
@ -76,7 +76,7 @@ ES|QL can access the following metadata fields:
Use the \`METADATA\` directive to enable metadata fields:
\`\`\`
\`\`\` esql
FROM index METADATA _index, _id
\`\`\`
@ -84,7 +84,7 @@ Metadata fields are only available if the source of the data is an index. Conseq
Once enabled, the fields are then available to subsequent processing commands, just like the other index fields:
\`\`\`
\`\`\` esql
FROM ul_logs, apps METADATA _index, _version
| WHERE id IN (13, 14) AND _version == 1
| EVAL key = CONCAT(_index, "_", TO_STR(id))
@ -94,7 +94,7 @@ FROM ul_logs, apps METADATA _index, _version
Also, similar to the index fields, once an aggregation is performed, a metadata field will no longer be accessible to subsequent commands, unless used as grouping field:
\`\`\`
\`\`\` esql
FROM employees METADATA _index, _id
| STATS max = MAX(emp_no) BY _index
\`\`\`
@ -115,19 +115,19 @@ FROM employees METADATA _index, _id
defaultMessage: `### ROW
The \`ROW\` source command produces a row with one or more columns with values that you specify. This can be useful for testing.
\`\`\`
\`\`\` esql
ROW a = 1, b = "two", c = null
\`\`\`
Use square brackets to create multi-value columns:
\`\`\`
\`\`\` esql
ROW a = [2, 1]
\`\`\`
ROW supports the use of functions:
\`\`\`
\`\`\` esql
ROW a = ROUND(1.23, 0)
\`\`\`
`,
@ -186,7 +186,7 @@ export const processingCommands = {
Refer to the [dissect processor documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/dissect-processor.html) for the syntax of dissect patterns.
\`\`\`
\`\`\` esql
ROW a = "1953-01-23T12:15:00Z - some text - 127.0.0.1"
| DISSECT a "%'\{Y\}-%\{M\}-%\{D\}T%\{h\}:%\{m\}:%\{s\}Z - %\{msg\} - %\{ip\}'"
\`\`\` `,
@ -208,14 +208,14 @@ ROW a = "1953-01-23T12:15:00Z - some text - 127.0.0.1"
defaultMessage: `### DROP
Use \`DROP\` to remove columns from a table:
\`\`\`
\`\`\` esql
FROM employees
| DROP height
\`\`\`
Rather than specify each column by name, you can use wildcards to drop all columns with a name that matches a pattern:
\`\`\`
\`\`\` esql
FROM employees
| DROP height*
\`\`\`
@ -239,7 +239,7 @@ FROM employees
defaultMessage: `### ENRICH
You can use \`ENRICH\` to add data from your existing indices to incoming records. Its similar to [ingest enrich](https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest-enriching-data.html), but it works at query time.
\`\`\`
\`\`\` esql
ROW language_code = "1"
| ENRICH languages_policy
\`\`\`
@ -248,21 +248,21 @@ ROW language_code = "1"
\`ENRICH\` will look for records in the [enrich index](https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest-enriching-data.html#enrich-index) based on the match field value. The matching key in the input dataset can be defined using \`ON <field-name>\`; if its not specified, the match will be performed on a field with the same name as the match field defined in the enrich policy.
\`\`\`
\`\`\` esql
ROW a = "1"
| ENRICH languages_policy ON a
\`\`\`
You can specify which attributes (between those defined as enrich fields in the policy) have to be added to the result, using \`WITH <field1>, <field2>...\` syntax.
\`\`\`
\`\`\` esql
ROW a = "1"
| ENRICH languages_policy ON a WITH language_name
\`\`\`
Attributes can also be renamed using \`WITH new_name=<field1>\`
\`\`\`
\`\`\` esql
ROW a = "1"
| ENRICH languages_policy ON a WITH name = language_name
\`\`\`
@ -289,7 +289,7 @@ In case of name collisions, the newly created fields will override the existing
defaultMessage: `### EVAL
\`EVAL\` enables you to add new columns:
\`\`\`
\`\`\` esql
FROM employees
| KEEP first_name, last_name, height
| EVAL height_feet = height * 3.281, height_cm = height * 100
@ -297,7 +297,7 @@ FROM employees
If the specified column already exists, the existing column will be dropped, and the new column will be appended to the table:
\`\`\`
\`\`\` esql
FROM employees
| KEEP first_name, last_name, height
| EVAL height = height * 3.281
@ -325,7 +325,7 @@ FROM employees
Refer to the [grok processor documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/grok-processor.html) for the syntax of grok patterns.
\`\`\`
\`\`\` esql
ROW a = "12 15.5 15.6 true"
| GROK a "%'{NUMBER:b:int}' %'{NUMBER:c:float}' %'{NUMBER:d:double}' %'{WORD:e:boolean}'"
\`\`\`
@ -348,21 +348,21 @@ The \`KEEP\` command enables you to specify what columns are returned and the or
To limit the columns that are returned, use a comma-separated list of column names. The columns are returned in the specified order:
\`\`\`
\`\`\` esql
FROM employees
| KEEP first_name, last_name, height
\`\`\`
Rather than specify each column by name, you can use wildcards to return all columns with a name that matches a pattern:
\`\`\`
\`\`\` esql
FROM employees
| KEEP h*
\`\`\`
The asterisk wildcard (\`*\`) by itself translates to all columns that do not match the other arguments. This query will first return all columns with a name that starts with an h, followed by all other columns:
\`\`\`
\`\`\` esql
FROM employees
| KEEP h*, *
\`\`\`
@ -385,7 +385,7 @@ FROM employees
defaultMessage: `### LIMIT
The \`LIMIT\` processing command enables you to limit the number of rows:
\`\`\`
\`\`\` esql
FROM employees
| LIMIT 5
\`\`\`
@ -411,14 +411,14 @@ FROM employees
defaultMessage: `### LOOKUP JOIN
You can use \`LOOKUP JOIN\` to add data from an existing index to incoming rows. While this is similar to \`ENRICH\`, it does not require an enrich policy to be executed beforehand. Additionally, if multiple matching documents are found in the lookup index, they will generate multiple output rows.
\`\`\`
\`\`\` esql
ROW language_code = 1
| LOOKUP JOIN languages ON language_code
\`\`\`
An index that is used in \`LOOKUP JOIN\` needs to be in lookup mode. To create a lookup index, set the index mode to lookup.
\`\`\`
\`\`\` esql
PUT languages
'{
"settings": {
@ -431,7 +431,7 @@ PUT languages
The join key field must have a compatible type and match the name of the field in the lookup index to find matching documents. You can use \`RENAME\` or \`EVAL\` to rename columns as needed.
\`\`\`
\`\`\` esql
FROM employees
| EVAL language_code = languages
| LOOKUP JOIN languages ON language_code
@ -459,7 +459,7 @@ In case of name collisions, the fields from the lookup index will override the e
{
defaultMessage: `### MV_EXPAND
The \`MV_EXPAND\` processing command expands multivalued fields into one row per value, duplicating other fields:
\`\`\`
\`\`\` esql
ROW a=[1,2,3], b="b", j=["a","b"]
| MV_EXPAND a
\`\`\`
@ -483,13 +483,13 @@ ROW a=[1,2,3], b="b", j=["a","b"]
defaultMessage: `### RENAME
Use \`RENAME\` to rename a column using the following syntax:
\`\`\`
\`\`\` esql
RENAME <old-name> AS <new-name>
\`\`\`
For example:
\`\`\`
\`\`\` esql
FROM employees
| KEEP first_name, last_name, still_hired
| RENAME still_hired AS employed
@ -499,7 +499,7 @@ If a column with the new name already exists, it will be replaced by the new col
Multiple columns can be renamed with a single \`RENAME\` command:
\`\`\`
\`\`\` esql
FROM employees
| KEEP first_name, last_name
| RENAME first_name AS fn, last_name AS ln
@ -523,7 +523,7 @@ FROM employees
defaultMessage: `### SORT
Use the \`SORT\` command to sort rows on one or more fields:
\`\`\`
\`\`\` esql
FROM employees
| KEEP first_name, last_name, height
| SORT height
@ -531,7 +531,7 @@ FROM employees
The default sort order is ascending. Set an explicit sort order using \`ASC\` or \`DESC\`:
\`\`\`
\`\`\` esql
FROM employees
| KEEP first_name, last_name, height
| SORT height DESC
@ -539,7 +539,7 @@ FROM employees
If two rows have the same sort key, the original order will be preserved. You can provide additional sort expressions to act as tie breakers:
\`\`\`
\`\`\` esql
FROM employees
| KEEP first_name, last_name, height
| SORT height DESC, first_name ASC
@ -548,7 +548,7 @@ FROM employees
#### \`null\` values
By default, \`null\` values are treated as being larger than any other value. With an ascending sort order, \`null\` values are sorted last, and with a descending sort order, \`null\` values are sorted first. You can change that by providing \`NULLS FIRST\` or \`NULLS LAST\`:
\`\`\`
\`\`\` esql
FROM employees
| KEEP first_name, last_name, height
| SORT first_name ASC NULLS FIRST
@ -574,7 +574,7 @@ Use \`STATS ... BY\` to group rows according to a common value and calculate one
**Examples**:
\`\`\`
\`\`\` esql
FROM employees
| STATS count = COUNT(emp_no) BY languages
| SORT languages
@ -582,21 +582,21 @@ FROM employees
If \`BY\` is omitted, the output table contains exactly one row with the aggregations applied over the entire dataset:
\`\`\`
\`\`\` esql
FROM employees
| STATS avg_lang = AVG(languages)
\`\`\`
It's possible to calculate multiple values:
\`\`\`
\`\`\` esql
FROM employees
| STATS avg_lang = AVG(languages), max_lang = MAX(languages)
\`\`\`
It's also possible to group by multiple values (only supported for long and keyword family fields):
\`\`\`
\`\`\` esql
FROM employees
| EVAL hired = DATE_FORMAT(hire_date, "YYYY")
| STATS avg_salary = AVG(salary) BY hired, languages.long
@ -608,14 +608,14 @@ Refer to **Aggregation functions** for a list of functions that can be used with
Both the aggregating functions and the grouping expressions accept other functions. This is useful for using \`STATS...BY\` on multivalue columns. For example, to calculate the average salary change, you can use \`MV_AVG\` to first average the multiple values per employee, and use the result with the \`AVG\` function:
\`\`\`
\`\`\` esql
FROM employees
| STATS avg_salary_change = AVG(MV_AVG(salary_change))
\`\`\`
An example of grouping by an expression is grouping employees on the first letter of their last name:
\`\`\`
\`\`\` esql
FROM employees
| STATS my_count = COUNT() BY LEFT(last_name, 1)
| SORT \`LEFT(last_name, 1)\`
@ -623,14 +623,14 @@ FROM employees
Specifying the output column name is optional. If not specified, the new column name is equal to the expression. The following query returns a column named \`AVG(salary)\`:
\`\`\`
\`\`\` esql
FROM employees
| STATS AVG(salary)
\`\`\`
Because this name contains special characters, it needs to be quoted with backticks (\`) when using it in subsequent commands:
\`\`\`
\`\`\` esql
FROM employees
| STATS AVG(salary)
| EVAL avg_salary_rounded = ROUND(\`AVG(salary)\`)
@ -659,7 +659,7 @@ FROM employees
defaultMessage: `### WHERE
Use \`WHERE\` to produce a table that contains all the rows from the input table for which the provided condition evaluates to \`true\`:
\`\`\`
\`\`\` esql
FROM employees
| KEEP first_name, last_name, still_hired
| WHERE still_hired == true
@ -760,7 +760,7 @@ The following boolean operators are supported:
The \`::\` operator provides a convenient alternative syntax to the \`TO_<type>\` type conversion functions.
Example:
\`\`\`
\`\`\` esql
ROW ver = CONCAT(("0"::INT + 1)::STRING, ".2.3")::VERSION
\`\`\`
`,
@ -784,7 +784,7 @@ ROW ver = CONCAT(("0"::INT + 1)::STRING, ".2.3")::VERSION
defaultMessage: `### IN
The \`IN\` operator allows testing whether a field or expression equals an element in a list of literals, fields or expressions:
\`\`\`
\`\`\` esql
ROW a = 1, b = 4, c = 3
| WHERE c-a IN (3, b / 2, a)
\`\`\`
@ -813,7 +813,7 @@ Use \`LIKE\` to match strings using wildcards. The following wildcard characters
* \`*\` matches zero or more characters.
* \`?\` matches one character.
\`\`\`
\`\`\` esql
FROM employees
| WHERE first_name LIKE "?b*"
| KEEP first_name, last_name
@ -821,7 +821,7 @@ FROM employees
Use \`RLIKE\` to match strings using regular expressions:
\`\`\`
\`\`\` esql
FROM employees
| WHERE first_name RLIKE ".leja.*"
| KEEP first_name, last_name
@ -846,7 +846,7 @@ FROM employees
defaultMessage: `### NULL values
For NULL comparison use the \`IS NULL\` and \`IS NOT NULL\` predicates:
\`\`\`
\`\`\` esql
FROM employees
| WHERE birth_date IS NULL
| KEEP first_name, last_name
@ -854,7 +854,7 @@ FROM employees
| LIMIT 3
\`\`\`
\`\`\`
\`\`\` esql
FROM employees
| WHERE is_rehired IS NOT NULL
| STATS count(emp_no)

30
src/platform/packages/private/kbn-language-documentation/src/sections/generated/aggregation_functions.tsx
View file

@ -43,7 +43,7 @@ export const functions = {
### AVG
The average of a numeric field.
\`\`\`
\`\`\` esql
FROM employees
| STATS AVG(height)
\`\`\`
@ -76,7 +76,7 @@ export const functions = {
### COUNT
Returns the total number (count) of input values.
\`\`\`
\`\`\` esql
FROM employees
| STATS COUNT(height)
\`\`\`
@ -110,7 +110,7 @@ export const functions = {
### COUNT_DISTINCT
Returns the approximate number of distinct values.
\`\`\`
\`\`\` esql
FROM hosts
| STATS COUNT_DISTINCT(ip0), COUNT_DISTINCT(ip1)
\`\`\`
@ -142,7 +142,7 @@ export const functions = {
### MAX
The maximum value of a field.
\`\`\`
\`\`\` esql
FROM employees
| STATS MAX(languages)
\`\`\`
@ -175,7 +175,7 @@ export const functions = {
### MEDIAN
The value that is greater than half of all values and less than half of all values, also known as the 50% \`PERCENTILE\`.
\`\`\`
\`\`\` esql
FROM employees
| STATS MEDIAN(salary), PERCENTILE(salary, 50)
\`\`\`
@ -212,7 +212,7 @@ export const functions = {
It is calculated as the median of each data points deviation from the median of the entire sample. That is, for a random variable \`X\`, the median absolute deviation is \`median(|median(X) - X|)\`.
\`\`\`
\`\`\` esql
FROM employees
| STATS MEDIAN(salary), MEDIAN_ABSOLUTE_DEVIATION(salary)
\`\`\`
@ -245,7 +245,7 @@ export const functions = {
### MIN
The minimum value of a field.
\`\`\`
\`\`\` esql
FROM employees
| STATS MIN(languages)
\`\`\`
@ -278,7 +278,7 @@ export const functions = {
### PERCENTILE
Returns the value at which a certain percentage of observed values occur. For example, the 95th percentile is the value which is greater than 95% of the observed values and the 50th percentile is the \`MEDIAN\`.
\`\`\`
\`\`\` esql
FROM employees
| STATS p0 = PERCENTILE(salary, 0)
, p50 = PERCENTILE(salary, 50)
@ -314,7 +314,7 @@ export const functions = {
### ST_CENTROID_AGG
Calculate the spatial centroid over a field with spatial point geometry type.
\`\`\`
\`\`\` esql
FROM airports
| STATS centroid=ST_CENTROID_AGG(location)
\`\`\`
@ -348,7 +348,7 @@ export const functions = {
### ST_EXTENT_AGG
Calculate the spatial extent over a field with geometry type. Returns a bounding box for all values of the field.
\`\`\`
\`\`\` esql
FROM airports
| WHERE country == "India"
| STATS extent = ST_EXTENT_AGG(location)
@ -383,7 +383,7 @@ export const functions = {
### STD_DEV
The standard deviation of a numeric field.
\`\`\`
\`\`\` esql
FROM employees
| STATS STD_DEV(height)
\`\`\`
@ -415,7 +415,7 @@ export const functions = {
### SUM
The sum of a numeric expression.
\`\`\`
\`\`\` esql
FROM employees
| STATS SUM(languages)
\`\`\`
@ -446,7 +446,7 @@ export const functions = {
### TOP
Collects the top values for a field. Includes repeated values.
\`\`\`
\`\`\` esql
FROM employees
| STATS top_salaries = TOP(salary, 3, "desc"), top_salary = MAX(salary)
\`\`\`
@ -479,7 +479,7 @@ export const functions = {
### VALUES
Returns all values in a group as a multivalued field. The order of the returned values isnt guaranteed. If you need the values returned in order use esql-mv_sort.
\`\`\`
\`\`\` esql
FROM employees
| EVAL first_letter = SUBSTRING(first_name, 0, 1)
| STATS first_name=MV_SORT(VALUES(first_name)) BY first_letter
@ -515,7 +515,7 @@ export const functions = {
### WEIGHTED_AVG
The weighted average of a numeric expression.
\`\`\`
\`\`\` esql
FROM employees
| STATS w_avg = WEIGHTED_AVG(salary, height) by languages
| EVAL w_avg = ROUND(w_avg)

4
src/platform/packages/private/kbn-language-documentation/src/sections/generated/grouping_functions.tsx
View file

@ -46,7 +46,7 @@ export const functions = {
Creates groups of values - buckets - out of a datetime or numeric input.
The size of the buckets can either be provided directly, or chosen based on a recommended count and values range.
\`\`\`
\`\`\` esql
FROM employees
| WHERE hire_date >= "1985-01-01T00:00:00Z" AND hire_date < "1986-01-01T00:00:00Z"
| STATS hire_date = MV_SORT(VALUES(hire_date)) BY month = BUCKET(hire_date, 20, "1985-01-01T00:00:00Z", "1986-01-01T00:00:00Z")
@ -82,7 +82,7 @@ export const functions = {
### CATEGORIZE
Groups text messages into categories of similarly formatted text values.
\`\`\`
\`\`\` esql
FROM sample_data
| STATS count=COUNT() BY category=CATEGORIZE(message)
\`\`\`

222
src/platform/packages/private/kbn-language-documentation/src/sections/generated/scalar_functions.tsx
View file

@ -42,7 +42,7 @@ export const functions = {
### ABS
Returns the absolute value.
\`\`\`
\`\`\` esql
ROW number = -1.0
| EVAL abs_number = ABS(number)
\`\`\`
@ -73,7 +73,7 @@ export const functions = {
### ACOS
Returns the arccosine of \`n\` as an angle, expressed in radians.
\`\`\`
\`\`\` esql
ROW a=.9
| EVAL acos=ACOS(a)
\`\`\`
@ -105,7 +105,7 @@ export const functions = {
Returns the arcsine of the input
numeric expression as an angle, expressed in radians.
\`\`\`
\`\`\` esql
ROW a=.9
| EVAL asin=ASIN(a)
\`\`\`
@ -137,7 +137,7 @@ export const functions = {
Returns the arctangent of the input
numeric expression as an angle, expressed in radians.
\`\`\`
\`\`\` esql
ROW a=12.9
| EVAL atan=ATAN(a)
\`\`\`
@ -171,7 +171,7 @@ export const functions = {
The angle between the positive x-axis and the ray from the
origin to the point (x , y) in the Cartesian plane, expressed in radians.
\`\`\`
\`\`\` esql
ROW y=12.9, x=.6
| EVAL atan2=ATAN2(y, x)
\`\`\`
@ -205,7 +205,7 @@ export const functions = {
### BIT_LENGTH
Returns the bit length of a string.
\`\`\`
\`\`\` esql
FROM airports
| WHERE country == "India"
| KEEP city
@ -242,7 +242,7 @@ export const functions = {
### BYTE_LENGTH
Returns the byte length of a string.
\`\`\`
\`\`\` esql
FROM airports
| WHERE country == "India"
| KEEP city
@ -282,7 +282,7 @@ export const functions = {
is returned when no condition matches. If the number of arguments is even, and
no condition matches, the function returns \`null\`.
\`\`\`
\`\`\` esql
FROM employees
| EVAL type = CASE(
languages <= 1, "monolingual",
@ -318,7 +318,7 @@ export const functions = {
Returns the cube root of a number. The input can be any numeric value, the return value is always a double.
Cube roots of infinities are null.
\`\`\`
\`\`\` esql
ROW d = 1000.0
| EVAL c = cbrt(d)
\`\`\`
@ -349,7 +349,7 @@ export const functions = {
### CEIL
Round a number up to the nearest integer.
\`\`\`
\`\`\` esql
ROW a=1.8
| EVAL a=CEIL(a)
\`\`\`
@ -383,7 +383,7 @@ export const functions = {
### CIDR_MATCH
Returns true if the provided IP is contained in one of the provided CIDR blocks.
\`\`\`
\`\`\` esql
FROM hosts
| WHERE CIDR_MATCH(ip1, "127.0.0.2/32", "127.0.0.3/32")
| KEEP card, host, ip0, ip1
@ -418,7 +418,7 @@ export const functions = {
### COALESCE
Returns the first of its arguments that is not null. If all arguments are null, it returns \`null\`.
\`\`\`
\`\`\` esql
ROW a=null, b="b"
| EVAL COALESCE(a, b)
\`\`\`
@ -452,7 +452,7 @@ export const functions = {
### CONCAT
Concatenates two or more strings.
\`\`\`
\`\`\` esql
FROM employees
| KEEP first_name, last_name
| EVAL fullname = CONCAT(first_name, " ", last_name)
@ -485,7 +485,7 @@ export const functions = {
### COS
Returns the cosine of an angle.
\`\`\`
\`\`\` esql
ROW a=1.8
| EVAL cos=COS(a)
\`\`\`
@ -516,7 +516,7 @@ export const functions = {
### COSH
Returns the hyperbolic cosine of a number.
\`\`\`
\`\`\` esql
ROW a=1.8
| EVAL cosh=COSH(a)
\`\`\`
@ -550,7 +550,7 @@ export const functions = {
Subtracts the \`startTimestamp\` from the \`endTimestamp\` and returns the difference in multiples of \`unit\`.
If \`startTimestamp\` is later than the \`endTimestamp\`, negative values are returned.
\`\`\`
\`\`\` esql
ROW date1 = TO_DATETIME("2023-12-02T11:00:00.000Z"), date2 = TO_DATETIME("2023-12-02T11:00:00.001Z")
| EVAL dd_ms = DATE_DIFF("microseconds", date1, date2)
\`\`\`
@ -584,7 +584,7 @@ export const functions = {
### DATE_EXTRACT
Extracts parts of a date, like year, month, day, hour.
\`\`\`
\`\`\` esql
ROW date = DATE_PARSE("yyyy-MM-dd", "2022-05-06")
| EVAL year = DATE_EXTRACT("year", date)
\`\`\`
@ -618,7 +618,7 @@ export const functions = {
### DATE_FORMAT
Returns a string representation of a date, in the provided format.
\`\`\`
\`\`\` esql
FROM employees
| KEEP first_name, last_name, hire_date
| EVAL hired = DATE_FORMAT("yyyy-MM-dd", hire_date)
@ -653,7 +653,7 @@ export const functions = {
### DATE_PARSE
Returns a date by parsing the second argument using the format specified in the first argument.
\`\`\`
\`\`\` esql
ROW date_string = "2022-05-06"
| EVAL date = DATE_PARSE("yyyy-MM-dd", date_string)
\`\`\`
@ -687,7 +687,7 @@ export const functions = {
### DATE_TRUNC
Rounds down a date to the closest interval.
\`\`\`
\`\`\` esql
FROM employees
| KEEP first_name, last_name, hire_date
| EVAL year_hired = DATE_TRUNC(1 year, hire_date)
@ -720,7 +720,7 @@ export const functions = {
### E
Returns Eulers number.
\`\`\`
\`\`\` esql
ROW E()
\`\`\`
`,
@ -752,7 +752,7 @@ export const functions = {
### ENDS_WITH
Returns a boolean that indicates whether a keyword string ends with another string.
\`\`\`
\`\`\` esql
FROM employees
| KEEP last_name
| EVAL ln_E = ENDS_WITH(last_name, "d")
@ -785,7 +785,7 @@ export const functions = {
### EXP
Returns the value of e raised to the power of the given number.
\`\`\`
\`\`\` esql
ROW d = 5.0
| EVAL s = EXP(d)
\`\`\`
@ -818,7 +818,7 @@ export const functions = {
### FLOOR
Round a number down to the nearest integer.
\`\`\`
\`\`\` esql
ROW a=1.8
| EVAL a=FLOOR(a)
\`\`\`
@ -855,7 +855,7 @@ export const functions = {
### FROM_BASE64
Decode a base64 string.
\`\`\`
\`\`\` esql
row a = "ZWxhc3RpYw=="
| eval d = from_base64(a)
\`\`\`
@ -890,7 +890,7 @@ export const functions = {
Returns the maximum value from multiple columns. This is similar to \`MV_MAX\`
except it is intended to run on multiple columns at once.
\`\`\`
\`\`\` esql
ROW a = 10, b = 20
| EVAL g = GREATEST(a, b)
\`\`\`
@ -923,7 +923,7 @@ export const functions = {
### HASH
Computes the hash of the input using various algorithms such as MD5, SHA, SHA-224, SHA-256, SHA-384, SHA-512.
\`\`\`
\`\`\` esql
FROM sample_data
| WHERE message != "Connection error"
| EVAL md5 = hash("md5", message), sha256 = hash("sha256", message)
@ -959,7 +959,7 @@ export const functions = {
Returns the hypotenuse of two numbers. The input can be any numeric values, the return value is always a double.
Hypotenuses of infinities are null.
\`\`\`
\`\`\` esql
ROW a = 3.0, b = 4.0
| EVAL c = HYPOT(a, b)
\`\`\`
@ -993,7 +993,7 @@ export const functions = {
### IP_PREFIX
Truncates an IP to a given prefix length.
\`\`\`
\`\`\` esql
row ip4 = to_ip("1.2.3.4"), ip6 = to_ip("fe80::cae2:65ff:fece:feb9")
| eval ip4_prefix = ip_prefix(ip4, 24, 0), ip6_prefix = ip_prefix(ip6, 0, 112);
\`\`\`
@ -1025,7 +1025,7 @@ export const functions = {
### KQL
Performs a KQL query. Returns true if the provided KQL query string matches the row.
\`\`\`
\`\`\` esql
FROM books
| WHERE KQL("author: Faulkner")
| KEEP book_no, author
@ -1061,7 +1061,7 @@ export const functions = {
### LEAST
Returns the minimum value from multiple columns. This is similar to \`MV_MIN\` except it is intended to run on multiple columns at once.
\`\`\`
\`\`\` esql
ROW a = 10, b = 20
| EVAL l = LEAST(a, b)
\`\`\`
@ -1093,7 +1093,7 @@ export const functions = {
### LEFT
Returns the substring that extracts *length* chars from *string* starting from the left.
\`\`\`
\`\`\` esql
FROM employees
| KEEP last_name
| EVAL left = LEFT(last_name, 3)
@ -1129,7 +1129,7 @@ export const functions = {
### LENGTH
Returns the character length of a string.
\`\`\`
\`\`\` esql
FROM airports
| WHERE country == "India"
| KEEP city
@ -1168,7 +1168,7 @@ export const functions = {
Returns \`0\` if the substring cannot be found.
Note that string positions start from \`1\`.
\`\`\`
\`\`\` esql
row a = "hello"
| eval a_ll = locate(a, "ll")
\`\`\`
@ -1202,7 +1202,7 @@ export const functions = {
Logs of zero, negative numbers, and base of one return \`null\` as well as a warning.
\`\`\`
\`\`\` esql
ROW base = 2.0, value = 8.0
| EVAL s = LOG(base, value)
\`\`\`
@ -1237,7 +1237,7 @@ export const functions = {
Logs of 0 and negative numbers return \`null\` as well as a warning.
\`\`\`
\`\`\` esql
ROW d = 1000.0
| EVAL s = LOG10(d)
\`\`\`
@ -1271,7 +1271,7 @@ export const functions = {
### LTRIM
Removes leading whitespaces from a string.
\`\`\`
\`\`\` esql
ROW message = " some text ", color = " red "
| EVAL message = LTRIM(message)
| EVAL color = LTRIM(color)
@ -1319,7 +1319,7 @@ export const functions = {
\`MATCH\` returns true if the provided query matches the row.
\`\`\`
\`\`\` esql
FROM books
| WHERE MATCH(author, "Faulkner")
| KEEP book_no, author
@ -1354,7 +1354,7 @@ export const functions = {
### MD5
Computes the MD5 hash of the input.
\`\`\`
\`\`\` esql
FROM sample_data
| WHERE message != "Connection error"
| EVAL md5 = md5(message)
@ -1419,7 +1419,7 @@ export const functions = {
### MV_AVG
Converts a multivalued field into a single valued field containing the average of all of the values.
\`\`\`
\`\`\` esql
ROW a=[3, 5, 1, 6]
| EVAL avg_a = MV_AVG(a)
\`\`\`
@ -1453,7 +1453,7 @@ export const functions = {
### MV_CONCAT
Converts a multivalued string expression into a single valued column containing the concatenation of all values separated by a delimiter.
\`\`\`
\`\`\` esql
ROW a=["foo", "zoo", "bar"]
| EVAL j = MV_CONCAT(a, ", ")
\`\`\`
@ -1487,7 +1487,7 @@ export const functions = {
### MV_COUNT
Converts a multivalued expression into a single valued column containing a count of the number of values.
\`\`\`
\`\`\` esql
ROW a=["foo", "zoo", "bar"]
| EVAL count_a = MV_COUNT(a)
\`\`\`
@ -1521,7 +1521,7 @@ export const functions = {
### MV_DEDUPE
Remove duplicate values from a multivalued field.
\`\`\`
\`\`\` esql
ROW a=["foo", "foo", "bar", "foo"]
| EVAL dedupe_a = MV_DEDUPE(a)
\`\`\`
@ -1558,7 +1558,7 @@ export const functions = {
first value. This is most useful when reading from a function that emits
multivalued columns in a known order like \`SPLIT\`.
\`\`\`
\`\`\` esql
ROW a="foo;bar;baz"
| EVAL first_a = MV_FIRST(SPLIT(a, ";"))
\`\`\`
@ -1594,7 +1594,7 @@ export const functions = {
value. This is most useful when reading from a function that emits multivalued
columns in a known order like \`SPLIT\`.
\`\`\`
\`\`\` esql
ROW a="foo;bar;baz"
| EVAL last_a = MV_LAST(SPLIT(a, ";"))
\`\`\`
@ -1628,7 +1628,7 @@ export const functions = {
### MV_MAX
Converts a multivalued expression into a single valued column containing the maximum value.
\`\`\`
\`\`\` esql
ROW a=[3, 5, 1]
| EVAL max_a = MV_MAX(a)
\`\`\`
@ -1662,7 +1662,7 @@ export const functions = {
### MV_MEDIAN
Converts a multivalued field into a single valued field containing the median value.
\`\`\`
\`\`\` esql
ROW a=[3, 5, 1]
| EVAL median_a = MV_MEDIAN(a)
\`\`\`
@ -1701,7 +1701,7 @@ export const functions = {
It is calculated as the median of each data points deviation from the median of the entire sample. That is, for a random variable \`X\`, the median absolute deviation is \`median(|median(X) - X|)\`.
\`\`\`
\`\`\` esql
ROW values = [0, 2, 5, 6]
| EVAL median_absolute_deviation = MV_MEDIAN_ABSOLUTE_DEVIATION(values), median = MV_MEDIAN(values)
\`\`\`
@ -1736,7 +1736,7 @@ export const functions = {
### MV_MIN
Converts a multivalued expression into a single valued column containing the minimum value.
\`\`\`
\`\`\` esql
ROW a=[2, 1]
| EVAL min_a = MV_MIN(a)
\`\`\`
@ -1770,7 +1770,7 @@ export const functions = {
### MV_PERCENTILE
Converts a multivalued field into a single valued field containing the value at which a certain percentage of observed values occur.
\`\`\`
\`\`\` esql
ROW values = [5, 5, 10, 12, 5000]
| EVAL p50 = MV_PERCENTILE(values, 50), median = MV_MEDIAN(values)
\`\`\`
@ -1804,7 +1804,7 @@ export const functions = {
### MV_PSERIES_WEIGHTED_SUM
Converts a multivalued expression into a single-valued column by multiplying every element on the input list by its corresponding term in P-Series and computing the sum.
\`\`\`
\`\`\` esql
ROW a = [70.0, 45.0, 21.0, 21.0, 21.0]
| EVAL sum = MV_PSERIES_WEIGHTED_SUM(a, 1.5)
| KEEP sum
@ -1841,7 +1841,7 @@ export const functions = {
This is most useful when reading from a function that emits multivalued columns
in a known order like \`SPLIT\` or \`MV_SORT\`.
\`\`\`
\`\`\` esql
row a = [1, 2, 2, 3]
| eval a1 = mv_slice(a, 1), a2 = mv_slice(a, 2, 3)
\`\`\`
@ -1875,7 +1875,7 @@ export const functions = {
### MV_SORT
Sorts a multivalued field in lexicographical order.
\`\`\`
\`\`\` esql
ROW a = [4, 2, -3, 2]
| EVAL sa = mv_sort(a), sd = mv_sort(a, "DESC")
\`\`\`
@ -1909,7 +1909,7 @@ export const functions = {
### MV_SUM
Converts a multivalued field into a single valued field containing the sum of all of the values.
\`\`\`
\`\`\` esql
ROW a=[3, 5, 6]
| EVAL sum_a = MV_SUM(a)
\`\`\`
@ -1943,7 +1943,7 @@ export const functions = {
### MV_ZIP
Combines the values from two multivalued fields with a delimiter that joins them together.
\`\`\`
\`\`\` esql
ROW a = ["x", "y", "z"], b = ["1", "2"]
| EVAL c = mv_zip(a, b, "-")
| KEEP a, b, c
@ -1976,7 +1976,7 @@ export const functions = {
### NOW
Returns current date and time.
\`\`\`
\`\`\` esql
ROW current_date = NOW()
\`\`\`
`,
@ -2006,7 +2006,7 @@ export const functions = {
### PI
Returns Pi, the ratio of a circles circumference to its diameter.
\`\`\`
\`\`\` esql
ROW PI()
\`\`\`
`,
@ -2036,7 +2036,7 @@ export const functions = {
### POW
Returns the value of \`base\` raised to the power of \`exponent\`.
\`\`\`
\`\`\` esql
ROW base = 2.0, exponent = 2
| EVAL result = POW(base, exponent)
\`\`\`
@ -2068,7 +2068,7 @@ export const functions = {
### QSTR
Performs a query string query. Returns true if the provided query string matches the row.
\`\`\`
\`\`\` esql
FROM books
| WHERE QSTR("author: Faulkner")
| KEEP book_no, author
@ -2104,7 +2104,7 @@ export const functions = {
### REPEAT
Returns a string constructed by concatenating \`string\` with itself the specified \`number\` of times.
\`\`\`
\`\`\` esql
ROW a = "Hello!"
| EVAL triple_a = REPEAT(a, 3)
\`\`\`
@ -2139,7 +2139,7 @@ export const functions = {
The function substitutes in the string \`str\` any match of the regular expression \`regex\`
with the replacement string \`newStr\`.
\`\`\`
\`\`\` esql
ROW str = "Hello World"
| EVAL str = REPLACE(str, "World", "Universe")
| KEEP str
@ -2174,7 +2174,7 @@ export const functions = {
### REVERSE
Returns a new string representing the input string in reverse order.
\`\`\`
\`\`\` esql
ROW message = "Some Text" | EVAL message_reversed = REVERSE(message);
\`\`\`
`,
@ -2207,7 +2207,7 @@ export const functions = {
### RIGHT
Return the substring that extracts *length* chars from *str* starting from the right.
\`\`\`
\`\`\` esql
FROM employees
| KEEP last_name
| EVAL right = RIGHT(last_name, 3)
@ -2247,7 +2247,7 @@ export const functions = {
precision is a negative number, rounds to the number of digits left
of the decimal point.
\`\`\`
\`\`\` esql
FROM employees
| KEEP first_name, last_name, height
| EVAL height_ft = ROUND(height * 3.281, 1)
@ -2282,7 +2282,7 @@ export const functions = {
### RTRIM
Removes trailing whitespaces from a string.
\`\`\`
\`\`\` esql
ROW message = " some text ", color = " red "
| EVAL message = RTRIM(message)
| EVAL color = RTRIM(color)
@ -2317,7 +2317,7 @@ export const functions = {
### SHA1
Computes the SHA1 hash of the input.
\`\`\`
\`\`\` esql
FROM sample_data
| WHERE message != "Connection error"
| EVAL sha1 = sha1(message)
@ -2352,7 +2352,7 @@ export const functions = {
### SHA256
Computes the SHA256 hash of the input.
\`\`\`
\`\`\` esql
FROM sample_data
| WHERE message != "Connection error"
| EVAL sha256 = sha256(message)
@ -2389,7 +2389,7 @@ export const functions = {
Returns the sign of the given number.
It returns \`-1\` for negative numbers, \`0\` for \`0\` and \`1\` for positive numbers.
\`\`\`
\`\`\` esql
ROW d = 100.0
| EVAL s = SIGNUM(d)
\`\`\`
@ -2421,7 +2421,7 @@ export const functions = {
### SIN
Returns the sine of an angle.
\`\`\`
\`\`\` esql
ROW a=1.8
| EVAL sin=SIN(a)
\`\`\`
@ -2452,7 +2452,7 @@ export const functions = {
### SINH
Returns the hyperbolic sine of a number.
\`\`\`
\`\`\` esql
ROW a=1.8
| EVAL sinh=SINH(a)
\`\`\`
@ -2485,7 +2485,7 @@ export const functions = {
### SPACE
Returns a string made of \`number\` spaces.
\`\`\`
\`\`\` esql
ROW message = CONCAT("Hello", SPACE(1), "World!");
\`\`\`
`,
@ -2518,7 +2518,7 @@ export const functions = {
### SPLIT
Split a single valued string into multiple strings.
\`\`\`
\`\`\` esql
ROW words="foo;bar;baz;qux;quux;corge"
| EVAL word = SPLIT(words, ";")
\`\`\`
@ -2551,7 +2551,7 @@ export const functions = {
Returns the square root of a number. The input can be any numeric value, the return value is always a double.
Square roots of negative numbers and infinities are null.
\`\`\`
\`\`\` esql
ROW d = 100.0
| EVAL s = SQRT(d)
\`\`\`
@ -2585,7 +2585,7 @@ export const functions = {
Returns whether the first geometry contains the second geometry.
This is the inverse of the \`ST_WITHIN\` function.
\`\`\`
\`\`\` esql
FROM airport_city_boundaries
| WHERE ST_CONTAINS(city_boundary, TO_GEOSHAPE("POLYGON((109.35 18.3, 109.45 18.3, 109.45 18.4, 109.35 18.4, 109.35 18.3))"))
| KEEP abbrev, airport, region, city, city_location
@ -2622,7 +2622,7 @@ export const functions = {
This is the inverse of the \`ST_INTERSECTS\` function.
In mathematical terms: ST_Disjoint(A, B) A B =
\`\`\`
\`\`\` esql
FROM airport_city_boundaries
| WHERE ST_DISJOINT(city_boundary, TO_GEOSHAPE("POLYGON((-10 -60, 120 -60, 120 60, -10 60, -10 -60))"))
| KEEP abbrev, airport, region, city, city_location
@ -2659,7 +2659,7 @@ export const functions = {
For cartesian geometries, this is the pythagorean distance in the same units as the original coordinates.
For geographic geometries, this is the circular distance along the great circle in meters.
\`\`\`
\`\`\` esql
FROM airports
| WHERE abbrev == "CPH"
| EVAL distance = ST_DISTANCE(location, city_location)
@ -2695,7 +2695,7 @@ export const functions = {
### ST_ENVELOPE
Determines the minimum bounding box of the supplied geometry.
\`\`\`
\`\`\` esql
FROM airport_city_boundaries
| WHERE abbrev == "CPH"
| EVAL envelope = ST_ENVELOPE(city_boundary)
@ -2735,7 +2735,7 @@ export const functions = {
This is the inverse of the \`ST_DISJOINT\` function.
In mathematical terms: ST_Intersects(A, B) A B
\`\`\`
\`\`\` esql
FROM airports
| WHERE ST_INTERSECTS(location, TO_GEOSHAPE("POLYGON((42 14, 43 14, 43 15, 42 15, 42 14))"))
\`\`\`
@ -2770,7 +2770,7 @@ export const functions = {
Returns whether the first geometry is within the second geometry.
This is the inverse of the \`ST_CONTAINS\` function.
\`\`\`
\`\`\` esql
FROM airport_city_boundaries
| WHERE ST_WITHIN(city_boundary, TO_GEOSHAPE("POLYGON((109.1 18.15, 109.6 18.15, 109.6 18.65, 109.1 18.65, 109.1 18.15))"))
| KEEP abbrev, airport, region, city, city_location
@ -2804,7 +2804,7 @@ export const functions = {
Extracts the \`x\` coordinate from the supplied point.
If the points is of type \`geo_point\` this is equivalent to extracting the \`longitude\` value.
\`\`\`
\`\`\` esql
ROW point = TO_GEOPOINT("POINT(42.97109629958868 14.7552534006536)")
| EVAL x = ST_X(point), y = ST_Y(point)
\`\`\`
@ -2838,7 +2838,7 @@ export const functions = {
Extracts the maximum value of the \`x\` coordinates from the supplied geometry.
If the geometry is of type \`geo_point\` or \`geo_shape\` this is equivalent to extracting the maximum \`longitude\` value.
\`\`\`
\`\`\` esql
FROM airport_city_boundaries
| WHERE abbrev == "CPH"
| EVAL envelope = ST_ENVELOPE(city_boundary)
@ -2876,7 +2876,7 @@ export const functions = {
Extracts the minimum value of the \`x\` coordinates from the supplied geometry.
If the geometry is of type \`geo_point\` or \`geo_shape\` this is equivalent to extracting the minimum \`longitude\` value.
\`\`\`
\`\`\` esql
FROM airport_city_boundaries
| WHERE abbrev == "CPH"
| EVAL envelope = ST_ENVELOPE(city_boundary)
@ -2912,7 +2912,7 @@ export const functions = {
Extracts the \`y\` coordinate from the supplied point.
If the points is of type \`geo_point\` this is equivalent to extracting the \`latitude\` value.
\`\`\`
\`\`\` esql
ROW point = TO_GEOPOINT("POINT(42.97109629958868 14.7552534006536)")
| EVAL x = ST_X(point), y = ST_Y(point)
\`\`\`
@ -2946,7 +2946,7 @@ export const functions = {
Extracts the maximum value of the \`y\` coordinates from the supplied geometry.
If the geometry is of type \`geo_point\` or \`geo_shape\` this is equivalent to extracting the maximum \`latitude\` value.
\`\`\`
\`\`\` esql
FROM airport_city_boundaries
| WHERE abbrev == "CPH"
| EVAL envelope = ST_ENVELOPE(city_boundary)
@ -2984,7 +2984,7 @@ export const functions = {
Extracts the minimum value of the \`y\` coordinates from the supplied geometry.
If the geometry is of type \`geo_point\` or \`geo_shape\` this is equivalent to extracting the minimum \`latitude\` value.
\`\`\`
\`\`\` esql
FROM airport_city_boundaries
| WHERE abbrev == "CPH"
| EVAL envelope = ST_ENVELOPE(city_boundary)
@ -3021,7 +3021,7 @@ export const functions = {
### STARTS_WITH
Returns a boolean that indicates whether a keyword string starts with another string.
\`\`\`
\`\`\` esql
FROM employees
| KEEP last_name
| EVAL ln_S = STARTS_WITH(last_name, "B")
@ -3056,7 +3056,7 @@ export const functions = {
### SUBSTRING
Returns a substring of a string, specified by a start position and an optional length.
\`\`\`
\`\`\` esql
FROM employees
| KEEP last_name
| EVAL ln_sub = SUBSTRING(last_name, 1, 3)
@ -3089,7 +3089,7 @@ export const functions = {
### TAN
Returns the tangent of an angle.
\`\`\`
\`\`\` esql
ROW a=1.8
| EVAL tan=TAN(a)
\`\`\`
@ -3120,7 +3120,7 @@ export const functions = {
### TANH
Returns the hyperbolic tangent of a number.
\`\`\`
\`\`\` esql
ROW a=1.8
| EVAL tanh=TANH(a)
\`\`\`
@ -3151,7 +3151,7 @@ export const functions = {
### TAU
Returns the [ratio](https://tauday.com/tau-manifesto) of a circles circumference to its radius.
\`\`\`
\`\`\` esql
ROW TAU()
\`\`\`
`,
@ -3213,7 +3213,7 @@ export const functions = {
### TO_BASE64
Encode a string to a base64 string.
\`\`\`
\`\`\` esql
row a = "elastic"
| eval e = to_base64(a)
\`\`\`
@ -3250,7 +3250,7 @@ export const functions = {
For anything else, including the empty string, the function will return \`false\`.
The numerical value of \`0\` will be converted to \`false\`, anything else will be converted to \`true\`.
\`\`\`
\`\`\` esql
ROW str = ["true", "TRuE", "false", "", "yes", "1"]
| EVAL bool = TO_BOOLEAN(str)
\`\`\`
@ -3285,7 +3285,7 @@ export const functions = {
Converts an input value to a \`cartesian_point\` value.
A string will only be successfully converted if it respects WKT Point format.
\`\`\`
\`\`\` esql
ROW wkt = ["POINT(4297.11 -1475.53)", "POINT(7580.93 2272.77)"]
| MV_EXPAND wkt
| EVAL pt = TO_CARTESIANPOINT(wkt)
@ -3321,7 +3321,7 @@ export const functions = {
Converts an input value to a \`cartesian_shape\` value.
A string will only be successfully converted if it respects WKT format.
\`\`\`
\`\`\` esql
ROW wkt = ["POINT(4297.11 -1475.53)", "POLYGON ((3339584.72 1118889.97, 4452779.63 4865942.27, 2226389.81 4865942.27, 1113194.90 2273030.92, 3339584.72 1118889.97))"]
| MV_EXPAND wkt
| EVAL geom = TO_CARTESIANSHAPE(wkt)
@ -3387,7 +3387,7 @@ export const functions = {
### TO_DATEPERIOD
Converts an input value into a \`date_period\` value.
\`\`\`
\`\`\` esql
row x = "2024-01-01"::datetime | eval y = x + "3 DAYS"::date_period, z = x - to_dateperiod("3 days");
\`\`\`
`,
@ -3422,7 +3422,7 @@ export const functions = {
A string will only be successfully converted if its respecting the format \`yyyy-MM-dd'T'HH:mm:ss.SSS'Z'\`.
To convert dates in other formats, use \`DATE_PARSE\`.
\`\`\`
\`\`\` esql
ROW string = ["1953-09-02T00:00:00.000Z", "1964-06-02T00:00:00.000Z", "1964-06-02 00:00:00"]
| EVAL datetime = TO_DATETIME(string)
\`\`\`
@ -3457,7 +3457,7 @@ export const functions = {
### TO_DEGREES
Converts a number in radians to degrees.
\`\`\`
\`\`\` esql
ROW rad = [1.57, 3.14, 4.71]
| EVAL deg = TO_DEGREES(rad)
\`\`\`
@ -3493,7 +3493,7 @@ export const functions = {
its value will be interpreted as milliseconds since the Unix epoch,
converted to double. Boolean \`true\` will be converted to double \`1.0\`, \`false\` to \`0.0\`.
\`\`\`
\`\`\` esql
ROW str1 = "5.20128E11", str2 = "foo"
| EVAL dbl = TO_DOUBLE("520128000000"), dbl1 = TO_DOUBLE(str1), dbl2 = TO_DOUBLE(str2)
\`\`\`
@ -3528,7 +3528,7 @@ export const functions = {
Converts an input value to a \`geo_point\` value.
A string will only be successfully converted if it respects WKT Point format.
\`\`\`
\`\`\` esql
ROW wkt = "POINT(42.97109630194 14.7552534413725)"
| EVAL pt = TO_GEOPOINT(wkt)
\`\`\`
@ -3563,7 +3563,7 @@ export const functions = {
Converts an input value to a \`geo_shape\` value.
A string will only be successfully converted if it respects WKT format.
\`\`\`
\`\`\` esql
ROW wkt = "POLYGON ((30 10, 40 40, 20 40, 10 20, 30 10))"
| EVAL geom = TO_GEOSHAPE(wkt)
\`\`\`
@ -3600,7 +3600,7 @@ export const functions = {
since the Unix epoch, converted to integer.
Boolean \`true\` will be converted to integer \`1\`, \`false\` to \`0\`.
\`\`\`
\`\`\` esql
ROW long = [5013792, 2147483647, 501379200000]
| EVAL int = TO_INTEGER(long)
\`\`\`
@ -3634,7 +3634,7 @@ export const functions = {
### TO_IP
Converts an input string to an IP value.
\`\`\`
\`\`\` esql
ROW str1 = "1.1.1.1", str2 = "foo"
| EVAL ip1 = TO_IP(str1), ip2 = TO_IP(str2)
| WHERE CIDR_MATCH(ip1, "1.0.0.0/8")
@ -3671,7 +3671,7 @@ export const functions = {
its value will be interpreted as milliseconds since the Unix epoch, converted to long.
Boolean \`true\` will be converted to long \`1\`, \`false\` to \`0\`.
\`\`\`
\`\`\` esql
ROW str1 = "2147483648", str2 = "2147483648.2", str3 = "foo"
| EVAL long1 = TO_LONG(str1), long2 = TO_LONG(str2), long3 = TO_LONG(str3)
\`\`\`
@ -3705,7 +3705,7 @@ export const functions = {
### TO_LOWER
Returns a new string representing the input string converted to lower case.
\`\`\`
\`\`\` esql
ROW message = "Some Text"
| EVAL message_lower = TO_LOWER(message)
\`\`\`
@ -3739,7 +3739,7 @@ export const functions = {
### TO_RADIANS
Converts a number in degrees to radians.
\`\`\`
\`\`\` esql
ROW deg = [90.0, 180.0, 270.0]
| EVAL rad = TO_RADIANS(deg)
\`\`\`
@ -3773,7 +3773,7 @@ export const functions = {
### TO_STRING
Converts an input value into a string.
\`\`\`
\`\`\` esql
ROW a=10
| EVAL j = TO_STRING(a)
\`\`\`
@ -3807,7 +3807,7 @@ export const functions = {
### TO_TIMEDURATION
Converts an input value into a \`time_duration\` value.
\`\`\`
\`\`\` esql
row x = "2024-01-01"::datetime | eval y = x + "3 hours"::time_duration, z = x - to_timeduration("3 hours");
\`\`\`
`,
@ -3842,7 +3842,7 @@ export const functions = {
its value will be interpreted as milliseconds since the Unix epoch, converted to unsigned long.
Boolean \`true\` will be converted to unsigned long \`1\`, \`false\` to \`0\`.
\`\`\`
\`\`\` esql
ROW str1 = "2147483648", str2 = "2147483648.2", str3 = "foo"
| EVAL long1 = TO_UNSIGNED_LONG(str1), long2 = TO_ULONG(str2), long3 = TO_UL(str3)
\`\`\`
@ -3876,7 +3876,7 @@ export const functions = {
### TO_UPPER
Returns a new string representing the input string converted to upper case.
\`\`\`
\`\`\` esql
ROW message = "Some Text"
| EVAL message_upper = TO_UPPER(message)
\`\`\`
@ -3910,7 +3910,7 @@ export const functions = {
### TO_VERSION
Converts an input string to a version value.
\`\`\`
\`\`\` esql
ROW v = TO_VERSION("1.2.3")
\`\`\`
`,
@ -3941,7 +3941,7 @@ export const functions = {
### TRIM
Removes leading and trailing whitespaces from a string.
\`\`\`
\`\`\` esql
ROW message = " some text ", color = " red "
| EVAL message = TRIM(message)
| EVAL color = TRIM(color)