Skip to content

ES|QL: Add TRANGE ES|QL function #136441

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

ES|QL: Add TRANGE ES|QL function #136441

wants to merge 5 commits into from
+1,280 −4

Conversation

leontyevdv
Copy link
Contributor

Add a new ES|QL function that filters @timestamp values for the given time range.

TRANGE(<start time>, <end time>)
TRANGE(<time interval>)

Filters @timestamp values for the given time range. The first version implicitly uses now() as end time, giving an interval for the last hour or day, while the second one can consume regular DateTime specs or negative intervals:

TRANGE(1h) is equivalent to @timestamp >= now() - 1 hour

TRANGE(-3h, -2h) is equivalent to @timestamp >= now() - 3 hour AND @timestamp < now() - 2h

TRANGE(2024-05-12T12:00:00, 2024-05-12T15:30:00) is equivalent to @timestamp >= DATE_PARSE(2024-05-12T12:00:00) AND @timestamp < DATE_PARSE(2024-05-12T15:30:00)

TRANGE(1715504400000, 1715517000000) is equivalent to the above, using ms since Epoch instead of text-formatted dates.

Closes #135599

@leontyevdv
ES|QL: Add TRANGE ES|QL function
b89f498 
Add a new ES|QL function that filters @timestamp values for the given
time range.

Closes elastic#135599
@leontyevdv leontyevdv requested a review from dnhatn October 11, 2025 00:02
@leontyevdv leontyevdv self-assigned this Oct 11, 2025
@leontyevdv leontyevdv added >enhancement Team:Analytics Meta label for analytical engine team (ESQL/Aggs/Geo) :StorageEngine/TSDB You know, for Metrics :Analytics/ES|QL AKA ESQL Team:StorageEngine :StorageEngine/ES|QL Timeseries / metrics / logsdb capabilities in ES|QL labels Oct 11, 2025
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-analytical-engine (Team:Analytics)

@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-storage-engine (Team:StorageEngine)

@elasticsearchmachine
Copy link
Collaborator

Hi @leontyevdv, I've created a changelog YAML for you.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 11, 2025
edited
Loading

🔍 Preview links for changed docs

@github-actions GitHub Actions
Copy link
Contributor

ℹ️ Important: Docs version tagging

👋 Thanks for updating the docs! Just a friendly reminder that our docs are now cumulative. This means all 9.x versions are documented on the same page and published off of the main branch, instead of creating separate pages for each minor version.

We use applies_to tags to mark version-specific features and changes.

Expand for a quick overview

When to use applies_to tags:

✅ At the page level to indicate which products/deployments the content applies to (mandatory)
✅ When features change state (e.g. preview, ga) in a specific version
✅ When availability differs across deployments and environments

What NOT to do:

❌ Don't remove or replace information that applies to an older version
❌ Don't add new information that applies to a specific version without an applies_to tag
❌ Don't forget that applies_to tags can be used at the page, section, and inline level

🤔 Need help?

@leontyevdv leontyevdv requested a review from a team October 11, 2025 00:10
@leontyevdv
ES|QL: Add TRANGE ES|QL function
063f72b 
Add a new ES|QL function that filters @timestamp values for the given
time range.

Closes elastic#135599
@dnhatn
Copy link
Member

dnhatn commented Oct 12, 2025

Thank you, Dima! Is there a reason we don't translate TRANGE to GreaterThanEquals() or BinaryLogicOperation(GreaterThanEquals, LessThanOrEquals)?

@leontyevdv
Copy link
Contributor Author

Thank you, Dima! Is there a reason we don't translate TRANGE to GreaterThanEquals() or BinaryLogicOperation(GreaterThanEquals, LessThanOrEquals)?

Hi @dnhatn ! Thank you for the review! Initially, I implemented TRANGE as a surrogate and struggled with the tests for quite a while. The issue was with the assertion ("Duplicate name ids are not allowed in layouts"): see Layout. Then, inspired by the StartsWith function, I rewrote it using TranslationAware.SingleValueTranslationAware directly.

I have the surrogate version in my stash. We can take a look at it together. Wdyt?

@leontyevdv
ES|QL: Add TRANGE ES|QL function
e42b1ca 
Fix tests.

Closes elastic#135599
@leontyevdv
Merge branch 'main' into feature/esql-trange-function
f4c694f 
# Conflicts:
#	x-pack/plugin/esql/qa/testFixtures/src/main/resources/k8s-timeseries-rate.csv-spec
#	x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/action/EsqlCapabilities.java
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dnhatn dnhatn Awaiting requested review from dnhatn

At least 1 approving review is required to merge this pull request.

Assignees

@leontyevdv leontyevdv

Labels

:Analytics/ES|QL AKA ESQL >enhancement :StorageEngine/ES|QL Timeseries / metrics / logsdb capabilities in ES|QL :StorageEngine/TSDB You know, for Metrics Team:Analytics Meta label for analytical engine team (ESQL/Aggs/Geo) Team:StorageEngine v9.3.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

ES|QL: Add TRANGE function

3 participants

@leontyevdv @elasticsearchmachine @dnhatn