diff --git a/api_docs/kbn_elastic_assistant_common.devdocs.json b/api_docs/kbn_elastic_assistant_common.devdocs.json index 1975106aea7fb..769fca821f432 100644 --- a/api_docs/kbn_elastic_assistant_common.devdocs.json +++ b/api_docs/kbn_elastic_assistant_common.devdocs.json @@ -3413,7 +3413,7 @@ "label": "ReadKnowledgeBaseResponse", "description": [], "signature": [ - "{ elser_exists?: boolean | undefined; esql_exists?: boolean | undefined; index_exists?: boolean | undefined; is_setup_available?: boolean | undefined; is_setup_in_progress?: boolean | undefined; pipeline_exists?: boolean | undefined; }" + "{ elser_exists?: boolean | undefined; index_exists?: boolean | undefined; is_setup_available?: boolean | undefined; is_setup_in_progress?: boolean | undefined; pipeline_exists?: boolean | undefined; security_labs_exists?: boolean | undefined; }" ], "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/crud_kb_route.gen.ts", "deprecated": false, @@ -5692,7 +5692,7 @@ "label": "ReadKnowledgeBaseResponse", "description": [], "signature": [ - "Zod.ZodObject<{ elser_exists: Zod.ZodOptional; esql_exists: Zod.ZodOptional; index_exists: Zod.ZodOptional; is_setup_available: Zod.ZodOptional; is_setup_in_progress: Zod.ZodOptional; pipeline_exists: Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { elser_exists?: boolean | undefined; esql_exists?: boolean | undefined; index_exists?: boolean | undefined; is_setup_available?: boolean | undefined; is_setup_in_progress?: boolean | undefined; pipeline_exists?: boolean | undefined; }, { elser_exists?: boolean | undefined; esql_exists?: boolean | undefined; index_exists?: boolean | undefined; is_setup_available?: boolean | undefined; is_setup_in_progress?: boolean | undefined; pipeline_exists?: boolean | undefined; }>" + "Zod.ZodObject<{ elser_exists: Zod.ZodOptional; index_exists: Zod.ZodOptional; is_setup_available: Zod.ZodOptional; is_setup_in_progress: Zod.ZodOptional; pipeline_exists: Zod.ZodOptional; security_labs_exists: Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { elser_exists?: boolean | undefined; esql_exists?: boolean | undefined; index_exists?: boolean | undefined; is_setup_available?: boolean | undefined; is_setup_in_progress?: boolean | undefined; pipeline_exists?: boolean | undefined; security_labs_exists?: boolean | undefined; }, { elser_exists?: boolean | undefined; esql_exists?: boolean | undefined; index_exists?: boolean | undefined; is_setup_available?: boolean | undefined; is_setup_in_progress?: boolean | undefined; pipeline_exists?: boolean | undefined; security_labs_exists?: boolean | undefined; }>" ], "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/crud_kb_route.gen.ts", "deprecated": false, diff --git a/api_docs/security_solution.devdocs.json b/api_docs/security_solution.devdocs.json index 7364ea24cc677..abda59e44f66d 100644 --- a/api_docs/security_solution.devdocs.json +++ b/api_docs/security_solution.devdocs.json @@ -485,7 +485,7 @@ "\nExperimental flag needed to enable the link" ], "signature": [ - "\"assistantKnowledgeBaseByDefault\" | \"assistantModelEvaluation\" | \"excludePoliciesInFilterEnabled\" | \"kubernetesEnabled\" | \"donutChartEmbeddablesEnabled\" | \"previewTelemetryUrlEnabled\" | \"extendedRuleExecutionLoggingEnabled\" | \"socTrendsEnabled\" | \"responseActionUploadEnabled\" | \"automatedProcessActionsEnabled\" | \"responseActionsSentinelOneV1Enabled\" | \"responseActionsSentinelOneV2Enabled\" | \"responseActionsSentinelOneGetFileEnabled\" | \"responseActionsSentinelOneKillProcessEnabled\" | \"responseActionsSentinelOneProcessesEnabled\" | \"responseActionsCrowdstrikeManualHostIsolationEnabled\" | \"securitySolutionNotesEnabled\" | \"entityAlertPreviewDisabled\" | \"newUserDetailsFlyoutManagedUser\" | \"riskScoringPersistence\" | \"riskScoringRoutesEnabled\" | \"esqlRulesDisabled\" | \"protectionUpdatesEnabled\" | \"disableTimelineSaveTour\" | \"riskEnginePrivilegesRouteEnabled\" | \"sentinelOneDataInAnalyzerEnabled\" | \"sentinelOneManualHostActionsEnabled\" | \"crowdstrikeDataInAnalyzerEnabled\" | \"jamfDataInAnalyzerEnabled\" | \"timelineEsqlTabDisabled\" | \"unifiedComponentsInTimelineDisabled\" | \"analyzerDatePickersAndSourcererDisabled\" | \"prebuiltRulesCustomizationEnabled\" | \"malwareOnWriteScanOptionAvailable\" | \"unifiedManifestEnabled\" | \"valueListItemsModalEnabled\" | \"manualRuleRunEnabled\" | \"filterProcessDescendantsForEventFiltersEnabled\" | \"dataIngestionHubEnabled\" | undefined" + "\"assistantKnowledgeBaseByDefault\" | \"assistantModelEvaluation\" | \"excludePoliciesInFilterEnabled\" | \"kubernetesEnabled\" | \"donutChartEmbeddablesEnabled\" | \"previewTelemetryUrlEnabled\" | \"extendedRuleExecutionLoggingEnabled\" | \"socTrendsEnabled\" | \"responseActionUploadEnabled\" | \"automatedProcessActionsEnabled\" | \"responseActionsSentinelOneV1Enabled\" | \"responseActionsSentinelOneV2Enabled\" | \"responseActionsSentinelOneGetFileEnabled\" | \"responseActionsSentinelOneKillProcessEnabled\" | \"responseActionsSentinelOneProcessesEnabled\" | \"responseActionsCrowdstrikeManualHostIsolationEnabled\" | \"endpointManagementSpaceAwarenessEnabled\" | \"securitySolutionNotesEnabled\" | \"entityAlertPreviewDisabled\" | \"newUserDetailsFlyoutManagedUser\" | \"riskScoringPersistence\" | \"riskScoringRoutesEnabled\" | \"esqlRulesDisabled\" | \"loggingRequestsEnabled\" | \"protectionUpdatesEnabled\" | \"disableTimelineSaveTour\" | \"riskEnginePrivilegesRouteEnabled\" | \"sentinelOneDataInAnalyzerEnabled\" | \"sentinelOneManualHostActionsEnabled\" | \"crowdstrikeDataInAnalyzerEnabled\" | \"responseActionsTelemetryEnabled\" | \"jamfDataInAnalyzerEnabled\" | \"timelineEsqlTabDisabled\" | \"unifiedComponentsInTimelineDisabled\" | \"analyzerDatePickersAndSourcererDisabled\" | \"prebuiltRulesCustomizationEnabled\" | \"malwareOnWriteScanOptionAvailable\" | \"unifiedManifestEnabled\" | \"valueListItemsModalEnabled\" | \"manualRuleRunEnabled\" | \"filterProcessDescendantsForEventFiltersEnabled\" | \"dataIngestionHubEnabled\" | \"entityStoreEnabled\" | undefined" ], "path": "x-pack/plugins/security_solution/public/common/links/types.ts", "deprecated": false, @@ -565,7 +565,7 @@ "\nExperimental flag needed to disable the link. Opposite of experimentalKey" ], "signature": [ - "\"assistantKnowledgeBaseByDefault\" | \"assistantModelEvaluation\" | \"excludePoliciesInFilterEnabled\" | \"kubernetesEnabled\" | \"donutChartEmbeddablesEnabled\" | \"previewTelemetryUrlEnabled\" | \"extendedRuleExecutionLoggingEnabled\" | \"socTrendsEnabled\" | \"responseActionUploadEnabled\" | \"automatedProcessActionsEnabled\" | \"responseActionsSentinelOneV1Enabled\" | \"responseActionsSentinelOneV2Enabled\" | \"responseActionsSentinelOneGetFileEnabled\" | \"responseActionsSentinelOneKillProcessEnabled\" | \"responseActionsSentinelOneProcessesEnabled\" | \"responseActionsCrowdstrikeManualHostIsolationEnabled\" | \"securitySolutionNotesEnabled\" | \"entityAlertPreviewDisabled\" | \"newUserDetailsFlyoutManagedUser\" | \"riskScoringPersistence\" | \"riskScoringRoutesEnabled\" | \"esqlRulesDisabled\" | \"protectionUpdatesEnabled\" | \"disableTimelineSaveTour\" | \"riskEnginePrivilegesRouteEnabled\" | \"sentinelOneDataInAnalyzerEnabled\" | \"sentinelOneManualHostActionsEnabled\" | \"crowdstrikeDataInAnalyzerEnabled\" | \"jamfDataInAnalyzerEnabled\" | \"timelineEsqlTabDisabled\" | \"unifiedComponentsInTimelineDisabled\" | \"analyzerDatePickersAndSourcererDisabled\" | \"prebuiltRulesCustomizationEnabled\" | \"malwareOnWriteScanOptionAvailable\" | \"unifiedManifestEnabled\" | \"valueListItemsModalEnabled\" | \"manualRuleRunEnabled\" | \"filterProcessDescendantsForEventFiltersEnabled\" | \"dataIngestionHubEnabled\" | undefined" + "\"assistantKnowledgeBaseByDefault\" | \"assistantModelEvaluation\" | \"excludePoliciesInFilterEnabled\" | \"kubernetesEnabled\" | \"donutChartEmbeddablesEnabled\" | \"previewTelemetryUrlEnabled\" | \"extendedRuleExecutionLoggingEnabled\" | \"socTrendsEnabled\" | \"responseActionUploadEnabled\" | \"automatedProcessActionsEnabled\" | \"responseActionsSentinelOneV1Enabled\" | \"responseActionsSentinelOneV2Enabled\" | \"responseActionsSentinelOneGetFileEnabled\" | \"responseActionsSentinelOneKillProcessEnabled\" | \"responseActionsSentinelOneProcessesEnabled\" | \"responseActionsCrowdstrikeManualHostIsolationEnabled\" | \"endpointManagementSpaceAwarenessEnabled\" | \"securitySolutionNotesEnabled\" | \"entityAlertPreviewDisabled\" | \"newUserDetailsFlyoutManagedUser\" | \"riskScoringPersistence\" | \"riskScoringRoutesEnabled\" | \"esqlRulesDisabled\" | \"loggingRequestsEnabled\" | \"protectionUpdatesEnabled\" | \"disableTimelineSaveTour\" | \"riskEnginePrivilegesRouteEnabled\" | \"sentinelOneDataInAnalyzerEnabled\" | \"sentinelOneManualHostActionsEnabled\" | \"crowdstrikeDataInAnalyzerEnabled\" | \"responseActionsTelemetryEnabled\" | \"jamfDataInAnalyzerEnabled\" | \"timelineEsqlTabDisabled\" | \"unifiedComponentsInTimelineDisabled\" | \"analyzerDatePickersAndSourcererDisabled\" | \"prebuiltRulesCustomizationEnabled\" | \"malwareOnWriteScanOptionAvailable\" | \"unifiedManifestEnabled\" | \"valueListItemsModalEnabled\" | \"manualRuleRunEnabled\" | \"filterProcessDescendantsForEventFiltersEnabled\" | \"dataIngestionHubEnabled\" | \"entityStoreEnabled\" | undefined" ], "path": "x-pack/plugins/security_solution/public/common/links/types.ts", "deprecated": false, @@ -1931,7 +1931,7 @@ "label": "experimentalFeatures", "description": [], "signature": [ - "{ readonly excludePoliciesInFilterEnabled: boolean; readonly kubernetesEnabled: boolean; readonly donutChartEmbeddablesEnabled: boolean; readonly previewTelemetryUrlEnabled: boolean; readonly extendedRuleExecutionLoggingEnabled: boolean; readonly socTrendsEnabled: boolean; readonly responseActionUploadEnabled: boolean; readonly automatedProcessActionsEnabled: boolean; readonly responseActionsSentinelOneV1Enabled: boolean; readonly responseActionsSentinelOneV2Enabled: boolean; readonly responseActionsSentinelOneGetFileEnabled: boolean; readonly responseActionsSentinelOneKillProcessEnabled: boolean; readonly responseActionsSentinelOneProcessesEnabled: boolean; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: boolean; readonly securitySolutionNotesEnabled: boolean; readonly entityAlertPreviewDisabled: boolean; readonly assistantModelEvaluation: boolean; readonly assistantKnowledgeBaseByDefault: boolean; readonly newUserDetailsFlyoutManagedUser: boolean; readonly riskScoringPersistence: boolean; readonly riskScoringRoutesEnabled: boolean; readonly esqlRulesDisabled: boolean; readonly protectionUpdatesEnabled: boolean; readonly disableTimelineSaveTour: boolean; readonly riskEnginePrivilegesRouteEnabled: boolean; readonly sentinelOneDataInAnalyzerEnabled: boolean; readonly sentinelOneManualHostActionsEnabled: boolean; readonly crowdstrikeDataInAnalyzerEnabled: boolean; readonly jamfDataInAnalyzerEnabled: boolean; readonly timelineEsqlTabDisabled: boolean; readonly unifiedComponentsInTimelineDisabled: boolean; readonly analyzerDatePickersAndSourcererDisabled: boolean; readonly prebuiltRulesCustomizationEnabled: boolean; readonly malwareOnWriteScanOptionAvailable: boolean; readonly unifiedManifestEnabled: boolean; readonly valueListItemsModalEnabled: boolean; readonly manualRuleRunEnabled: boolean; readonly filterProcessDescendantsForEventFiltersEnabled: boolean; readonly dataIngestionHubEnabled: boolean; }" + "{ readonly excludePoliciesInFilterEnabled: boolean; readonly kubernetesEnabled: boolean; readonly donutChartEmbeddablesEnabled: boolean; readonly previewTelemetryUrlEnabled: boolean; readonly extendedRuleExecutionLoggingEnabled: boolean; readonly socTrendsEnabled: boolean; readonly responseActionUploadEnabled: boolean; readonly automatedProcessActionsEnabled: boolean; readonly responseActionsSentinelOneV1Enabled: boolean; readonly responseActionsSentinelOneV2Enabled: boolean; readonly responseActionsSentinelOneGetFileEnabled: boolean; readonly responseActionsSentinelOneKillProcessEnabled: boolean; readonly responseActionsSentinelOneProcessesEnabled: boolean; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: boolean; readonly endpointManagementSpaceAwarenessEnabled: boolean; readonly securitySolutionNotesEnabled: boolean; readonly entityAlertPreviewDisabled: boolean; readonly assistantModelEvaluation: boolean; readonly assistantKnowledgeBaseByDefault: boolean; readonly newUserDetailsFlyoutManagedUser: boolean; readonly riskScoringPersistence: boolean; readonly riskScoringRoutesEnabled: boolean; readonly esqlRulesDisabled: boolean; readonly loggingRequestsEnabled: boolean; readonly protectionUpdatesEnabled: boolean; readonly disableTimelineSaveTour: boolean; readonly riskEnginePrivilegesRouteEnabled: boolean; readonly sentinelOneDataInAnalyzerEnabled: boolean; readonly sentinelOneManualHostActionsEnabled: boolean; readonly crowdstrikeDataInAnalyzerEnabled: boolean; readonly responseActionsTelemetryEnabled: boolean; readonly jamfDataInAnalyzerEnabled: boolean; readonly timelineEsqlTabDisabled: boolean; readonly unifiedComponentsInTimelineDisabled: boolean; readonly analyzerDatePickersAndSourcererDisabled: boolean; readonly prebuiltRulesCustomizationEnabled: boolean; readonly malwareOnWriteScanOptionAvailable: boolean; readonly unifiedManifestEnabled: boolean; readonly valueListItemsModalEnabled: boolean; readonly manualRuleRunEnabled: boolean; readonly filterProcessDescendantsForEventFiltersEnabled: boolean; readonly dataIngestionHubEnabled: boolean; readonly entityStoreEnabled: boolean; }" ], "path": "x-pack/plugins/security_solution/public/types.ts", "deprecated": false, @@ -3082,7 +3082,7 @@ "\nThe security solution generic experimental features" ], "signature": [ - "{ readonly excludePoliciesInFilterEnabled: boolean; readonly kubernetesEnabled: boolean; readonly donutChartEmbeddablesEnabled: boolean; readonly previewTelemetryUrlEnabled: boolean; readonly extendedRuleExecutionLoggingEnabled: boolean; readonly socTrendsEnabled: boolean; readonly responseActionUploadEnabled: boolean; readonly automatedProcessActionsEnabled: boolean; readonly responseActionsSentinelOneV1Enabled: boolean; readonly responseActionsSentinelOneV2Enabled: boolean; readonly responseActionsSentinelOneGetFileEnabled: boolean; readonly responseActionsSentinelOneKillProcessEnabled: boolean; readonly responseActionsSentinelOneProcessesEnabled: boolean; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: boolean; readonly securitySolutionNotesEnabled: boolean; readonly entityAlertPreviewDisabled: boolean; readonly assistantModelEvaluation: boolean; readonly assistantKnowledgeBaseByDefault: boolean; readonly newUserDetailsFlyoutManagedUser: boolean; readonly riskScoringPersistence: boolean; readonly riskScoringRoutesEnabled: boolean; readonly esqlRulesDisabled: boolean; readonly protectionUpdatesEnabled: boolean; readonly disableTimelineSaveTour: boolean; readonly riskEnginePrivilegesRouteEnabled: boolean; readonly sentinelOneDataInAnalyzerEnabled: boolean; readonly sentinelOneManualHostActionsEnabled: boolean; readonly crowdstrikeDataInAnalyzerEnabled: boolean; readonly jamfDataInAnalyzerEnabled: boolean; readonly timelineEsqlTabDisabled: boolean; readonly unifiedComponentsInTimelineDisabled: boolean; readonly analyzerDatePickersAndSourcererDisabled: boolean; readonly prebuiltRulesCustomizationEnabled: boolean; readonly malwareOnWriteScanOptionAvailable: boolean; readonly unifiedManifestEnabled: boolean; readonly valueListItemsModalEnabled: boolean; readonly manualRuleRunEnabled: boolean; readonly filterProcessDescendantsForEventFiltersEnabled: boolean; readonly dataIngestionHubEnabled: boolean; }" + "{ readonly excludePoliciesInFilterEnabled: boolean; readonly kubernetesEnabled: boolean; readonly donutChartEmbeddablesEnabled: boolean; readonly previewTelemetryUrlEnabled: boolean; readonly extendedRuleExecutionLoggingEnabled: boolean; readonly socTrendsEnabled: boolean; readonly responseActionUploadEnabled: boolean; readonly automatedProcessActionsEnabled: boolean; readonly responseActionsSentinelOneV1Enabled: boolean; readonly responseActionsSentinelOneV2Enabled: boolean; readonly responseActionsSentinelOneGetFileEnabled: boolean; readonly responseActionsSentinelOneKillProcessEnabled: boolean; readonly responseActionsSentinelOneProcessesEnabled: boolean; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: boolean; readonly endpointManagementSpaceAwarenessEnabled: boolean; readonly securitySolutionNotesEnabled: boolean; readonly entityAlertPreviewDisabled: boolean; readonly assistantModelEvaluation: boolean; readonly assistantKnowledgeBaseByDefault: boolean; readonly newUserDetailsFlyoutManagedUser: boolean; readonly riskScoringPersistence: boolean; readonly riskScoringRoutesEnabled: boolean; readonly esqlRulesDisabled: boolean; readonly loggingRequestsEnabled: boolean; readonly protectionUpdatesEnabled: boolean; readonly disableTimelineSaveTour: boolean; readonly riskEnginePrivilegesRouteEnabled: boolean; readonly sentinelOneDataInAnalyzerEnabled: boolean; readonly sentinelOneManualHostActionsEnabled: boolean; readonly crowdstrikeDataInAnalyzerEnabled: boolean; readonly responseActionsTelemetryEnabled: boolean; readonly jamfDataInAnalyzerEnabled: boolean; readonly timelineEsqlTabDisabled: boolean; readonly unifiedComponentsInTimelineDisabled: boolean; readonly analyzerDatePickersAndSourcererDisabled: boolean; readonly prebuiltRulesCustomizationEnabled: boolean; readonly malwareOnWriteScanOptionAvailable: boolean; readonly unifiedManifestEnabled: boolean; readonly valueListItemsModalEnabled: boolean; readonly manualRuleRunEnabled: boolean; readonly filterProcessDescendantsForEventFiltersEnabled: boolean; readonly dataIngestionHubEnabled: boolean; readonly entityStoreEnabled: boolean; }" ], "path": "x-pack/plugins/security_solution/server/plugin_contract.ts", "deprecated": false, @@ -3258,7 +3258,7 @@ "label": "ExperimentalFeatures", "description": [], "signature": [ - "{ readonly excludePoliciesInFilterEnabled: boolean; readonly kubernetesEnabled: boolean; readonly donutChartEmbeddablesEnabled: boolean; readonly previewTelemetryUrlEnabled: boolean; readonly extendedRuleExecutionLoggingEnabled: boolean; readonly socTrendsEnabled: boolean; readonly responseActionUploadEnabled: boolean; readonly automatedProcessActionsEnabled: boolean; readonly responseActionsSentinelOneV1Enabled: boolean; readonly responseActionsSentinelOneV2Enabled: boolean; readonly responseActionsSentinelOneGetFileEnabled: boolean; readonly responseActionsSentinelOneKillProcessEnabled: boolean; readonly responseActionsSentinelOneProcessesEnabled: boolean; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: boolean; readonly securitySolutionNotesEnabled: boolean; readonly entityAlertPreviewDisabled: boolean; readonly assistantModelEvaluation: boolean; readonly assistantKnowledgeBaseByDefault: boolean; readonly newUserDetailsFlyoutManagedUser: boolean; readonly riskScoringPersistence: boolean; readonly riskScoringRoutesEnabled: boolean; readonly esqlRulesDisabled: boolean; readonly protectionUpdatesEnabled: boolean; readonly disableTimelineSaveTour: boolean; readonly riskEnginePrivilegesRouteEnabled: boolean; readonly sentinelOneDataInAnalyzerEnabled: boolean; readonly sentinelOneManualHostActionsEnabled: boolean; readonly crowdstrikeDataInAnalyzerEnabled: boolean; readonly jamfDataInAnalyzerEnabled: boolean; readonly timelineEsqlTabDisabled: boolean; readonly unifiedComponentsInTimelineDisabled: boolean; readonly analyzerDatePickersAndSourcererDisabled: boolean; readonly prebuiltRulesCustomizationEnabled: boolean; readonly malwareOnWriteScanOptionAvailable: boolean; readonly unifiedManifestEnabled: boolean; readonly valueListItemsModalEnabled: boolean; readonly manualRuleRunEnabled: boolean; readonly filterProcessDescendantsForEventFiltersEnabled: boolean; readonly dataIngestionHubEnabled: boolean; }" + "{ readonly excludePoliciesInFilterEnabled: boolean; readonly kubernetesEnabled: boolean; readonly donutChartEmbeddablesEnabled: boolean; readonly previewTelemetryUrlEnabled: boolean; readonly extendedRuleExecutionLoggingEnabled: boolean; readonly socTrendsEnabled: boolean; readonly responseActionUploadEnabled: boolean; readonly automatedProcessActionsEnabled: boolean; readonly responseActionsSentinelOneV1Enabled: boolean; readonly responseActionsSentinelOneV2Enabled: boolean; readonly responseActionsSentinelOneGetFileEnabled: boolean; readonly responseActionsSentinelOneKillProcessEnabled: boolean; readonly responseActionsSentinelOneProcessesEnabled: boolean; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: boolean; readonly endpointManagementSpaceAwarenessEnabled: boolean; readonly securitySolutionNotesEnabled: boolean; readonly entityAlertPreviewDisabled: boolean; readonly assistantModelEvaluation: boolean; readonly assistantKnowledgeBaseByDefault: boolean; readonly newUserDetailsFlyoutManagedUser: boolean; readonly riskScoringPersistence: boolean; readonly riskScoringRoutesEnabled: boolean; readonly esqlRulesDisabled: boolean; readonly loggingRequestsEnabled: boolean; readonly protectionUpdatesEnabled: boolean; readonly disableTimelineSaveTour: boolean; readonly riskEnginePrivilegesRouteEnabled: boolean; readonly sentinelOneDataInAnalyzerEnabled: boolean; readonly sentinelOneManualHostActionsEnabled: boolean; readonly crowdstrikeDataInAnalyzerEnabled: boolean; readonly responseActionsTelemetryEnabled: boolean; readonly jamfDataInAnalyzerEnabled: boolean; readonly timelineEsqlTabDisabled: boolean; readonly unifiedComponentsInTimelineDisabled: boolean; readonly analyzerDatePickersAndSourcererDisabled: boolean; readonly prebuiltRulesCustomizationEnabled: boolean; readonly malwareOnWriteScanOptionAvailable: boolean; readonly unifiedManifestEnabled: boolean; readonly valueListItemsModalEnabled: boolean; readonly manualRuleRunEnabled: boolean; readonly filterProcessDescendantsForEventFiltersEnabled: boolean; readonly dataIngestionHubEnabled: boolean; readonly entityStoreEnabled: boolean; }" ], "path": "x-pack/plugins/security_solution/common/experimental_features.ts", "deprecated": false, @@ -3324,7 +3324,7 @@ "\nA list of allowed values that can be used in `xpack.securitySolution.enableExperimental`.\nThis object is then used to validate and parse the value entered." ], "signature": [ - "{ readonly excludePoliciesInFilterEnabled: false; readonly kubernetesEnabled: true; readonly donutChartEmbeddablesEnabled: false; readonly previewTelemetryUrlEnabled: false; readonly extendedRuleExecutionLoggingEnabled: false; readonly socTrendsEnabled: false; readonly responseActionUploadEnabled: true; readonly automatedProcessActionsEnabled: true; readonly responseActionsSentinelOneV1Enabled: true; readonly responseActionsSentinelOneV2Enabled: true; readonly responseActionsSentinelOneGetFileEnabled: true; readonly responseActionsSentinelOneKillProcessEnabled: true; readonly responseActionsSentinelOneProcessesEnabled: true; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: true; readonly securitySolutionNotesEnabled: false; readonly entityAlertPreviewDisabled: false; readonly assistantModelEvaluation: false; readonly assistantKnowledgeBaseByDefault: false; readonly newUserDetailsFlyoutManagedUser: false; readonly riskScoringPersistence: true; readonly riskScoringRoutesEnabled: true; readonly esqlRulesDisabled: false; readonly protectionUpdatesEnabled: true; readonly disableTimelineSaveTour: false; readonly riskEnginePrivilegesRouteEnabled: true; readonly sentinelOneDataInAnalyzerEnabled: true; readonly sentinelOneManualHostActionsEnabled: true; readonly crowdstrikeDataInAnalyzerEnabled: true; readonly jamfDataInAnalyzerEnabled: true; readonly timelineEsqlTabDisabled: false; readonly unifiedComponentsInTimelineDisabled: false; readonly analyzerDatePickersAndSourcererDisabled: false; readonly prebuiltRulesCustomizationEnabled: false; readonly malwareOnWriteScanOptionAvailable: true; readonly unifiedManifestEnabled: true; readonly valueListItemsModalEnabled: true; readonly manualRuleRunEnabled: false; readonly filterProcessDescendantsForEventFiltersEnabled: true; readonly dataIngestionHubEnabled: false; }" + "{ readonly excludePoliciesInFilterEnabled: false; readonly kubernetesEnabled: true; readonly donutChartEmbeddablesEnabled: false; readonly previewTelemetryUrlEnabled: false; readonly extendedRuleExecutionLoggingEnabled: false; readonly socTrendsEnabled: false; readonly responseActionUploadEnabled: true; readonly automatedProcessActionsEnabled: true; readonly responseActionsSentinelOneV1Enabled: true; readonly responseActionsSentinelOneV2Enabled: true; readonly responseActionsSentinelOneGetFileEnabled: true; readonly responseActionsSentinelOneKillProcessEnabled: true; readonly responseActionsSentinelOneProcessesEnabled: true; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: true; readonly endpointManagementSpaceAwarenessEnabled: false; readonly securitySolutionNotesEnabled: false; readonly entityAlertPreviewDisabled: false; readonly assistantModelEvaluation: false; readonly assistantKnowledgeBaseByDefault: false; readonly newUserDetailsFlyoutManagedUser: false; readonly riskScoringPersistence: true; readonly riskScoringRoutesEnabled: true; readonly esqlRulesDisabled: false; readonly loggingRequestsEnabled: false; readonly protectionUpdatesEnabled: true; readonly disableTimelineSaveTour: false; readonly riskEnginePrivilegesRouteEnabled: true; readonly sentinelOneDataInAnalyzerEnabled: true; readonly sentinelOneManualHostActionsEnabled: true; readonly crowdstrikeDataInAnalyzerEnabled: true; readonly responseActionsTelemetryEnabled: false; readonly jamfDataInAnalyzerEnabled: true; readonly timelineEsqlTabDisabled: false; readonly unifiedComponentsInTimelineDisabled: false; readonly analyzerDatePickersAndSourcererDisabled: false; readonly prebuiltRulesCustomizationEnabled: false; readonly malwareOnWriteScanOptionAvailable: true; readonly unifiedManifestEnabled: true; readonly valueListItemsModalEnabled: true; readonly manualRuleRunEnabled: false; readonly filterProcessDescendantsForEventFiltersEnabled: true; readonly dataIngestionHubEnabled: false; readonly entityStoreEnabled: false; }" ], "path": "x-pack/plugins/security_solution/common/experimental_features.ts", "deprecated": false, diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/crud_kb_route.gen.ts b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/crud_kb_route.gen.ts index 4eb41f0c1f136..fd599f5798cdc 100644 --- a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/crud_kb_route.gen.ts +++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/crud_kb_route.gen.ts @@ -76,7 +76,6 @@ export type ReadKnowledgeBaseRequestParamsInput = z.input; export const ReadKnowledgeBaseResponse = z.object({ elser_exists: z.boolean().optional(), - esql_exists: z.boolean().optional(), index_exists: z.boolean().optional(), is_setup_available: z.boolean().optional(), is_setup_in_progress: z.boolean().optional(), diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/crud_kb_route.schema.yaml b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/crud_kb_route.schema.yaml index 07d271e860756..a61e98602ab40 100644 --- a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/crud_kb_route.schema.yaml +++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/crud_kb_route.schema.yaml @@ -68,8 +68,6 @@ paths: properties: elser_exists: type: boolean - esql_exists: - type: boolean index_exists: type: boolean is_setup_available: diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/api/knowledge_base/use_knowledge_base_status.test.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/api/knowledge_base/use_knowledge_base_status.test.tsx index aaad50afacd91..80ce3d27d8dcb 100644 --- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/api/knowledge_base/use_knowledge_base_status.test.tsx +++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/api/knowledge_base/use_knowledge_base_status.test.tsx @@ -32,7 +32,6 @@ jest.mock('@tanstack/react-query', () => ({ const statusResponse = { elser_exists: true, - esql_exists: true, index_exists: true, pipeline_exists: true, }; diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/api/knowledge_base/use_knowledge_base_status.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/api/knowledge_base/use_knowledge_base_status.tsx index 7f248e1c4c260..ba6317329d350 100644 --- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/api/knowledge_base/use_knowledge_base_status.tsx +++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/api/knowledge_base/use_knowledge_base_status.tsx @@ -78,21 +78,3 @@ export const useInvalidateKnowledgeBaseStatus = () => { }); }, [queryClient]); }; - -/** - * Helper for determining if Knowledge Base setup is complete. - * - * Note: Consider moving to API - * - * @param kbStatus ReadKnowledgeBaseResponse - */ -export const isKnowledgeBaseSetup = (kbStatus: ReadKnowledgeBaseResponse | undefined): boolean => { - return ( - (kbStatus?.elser_exists && - kbStatus?.esql_exists && - kbStatus?.security_labs_exists && - kbStatus?.index_exists && - kbStatus?.pipeline_exists) ?? - false - ); -}; diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/chat_send/use_chat_send.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/chat_send/use_chat_send.tsx index 0fabba65110b4..4ea376518b5a7 100644 --- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/chat_send/use_chat_send.tsx +++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/chat_send/use_chat_send.tsx @@ -10,7 +10,6 @@ import { HttpSetup } from '@kbn/core-http-browser'; import { i18n } from '@kbn/i18n'; import { Replacements } from '@kbn/elastic-assistant-common'; import { useKnowledgeBaseStatus } from '../api/knowledge_base/use_knowledge_base_status'; -import { ESQL_RESOURCE } from '../../knowledge_base/setup_knowledge_base_button'; import { DataStreamApis } from '../use_data_stream_apis'; import { NEW_CHAT } from '../conversations/conversation_sidepanel/translations'; import type { ClientMessage } from '../../assistant_context/types'; @@ -58,12 +57,11 @@ export const useChatSend = ({ const { isLoading, sendMessage, abortStream } = useSendMessage(); const { clearConversation, removeLastMessage } = useConversation(); - const { data: kbStatus } = useKnowledgeBaseStatus({ http, resource: ESQL_RESOURCE }); + const { data: kbStatus } = useKnowledgeBaseStatus({ http }); const isSetupComplete = kbStatus?.elser_exists && kbStatus?.index_exists && kbStatus?.pipeline_exists && - kbStatus?.esql_exists && kbStatus?.security_labs_exists; // Handles sending latest user prompt to API diff --git a/x-pack/packages/kbn-elastic-assistant/impl/knowledge_base/const.ts b/x-pack/packages/kbn-elastic-assistant/impl/knowledge_base/const.ts deleted file mode 100644 index 3cfd0cf3b4205..0000000000000 --- a/x-pack/packages/kbn-elastic-assistant/impl/knowledge_base/const.ts +++ /dev/null @@ -1,9 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ -export const ESQL_RESOURCE = 'esql'; -export const KNOWLEDGE_BASE_INDEX_PATTERN_OLD = '.kibana-elastic-ai-assistant-kb'; -export const KNOWLEDGE_BASE_INDEX_PATTERN = '.kibana-elastic-ai-assistant-knowledge-base-(SPACE)'; diff --git a/x-pack/packages/kbn-elastic-assistant/impl/knowledge_base/knowledge_base_settings.test.tsx b/x-pack/packages/kbn-elastic-assistant/impl/knowledge_base/knowledge_base_settings.test.tsx index 67b48ac9354d7..3d18885902326 100644 --- a/x-pack/packages/kbn-elastic-assistant/impl/knowledge_base/knowledge_base_settings.test.tsx +++ b/x-pack/packages/kbn-elastic-assistant/impl/knowledge_base/knowledge_base_settings.test.tsx @@ -69,7 +69,6 @@ jest.mock('../assistant/api/knowledge_base/use_knowledge_base_status', () => ({ return { data: { elser_exists: true, - esql_exists: true, index_exists: true, pipeline_exists: true, }, @@ -83,22 +82,11 @@ describe('Knowledge base settings', () => { beforeEach(() => { jest.clearAllMocks(); }); - it('Shows correct description when esql is installed', () => { - const { getByTestId, queryByTestId } = render( - - - - ); - - expect(getByTestId('esql-installed')).toBeInTheDocument(); - expect(queryByTestId('install-esql')).not.toBeInTheDocument(); - }); it('On enable knowledge base, call setup knowledge base setup', () => { (useKnowledgeBaseStatus as jest.Mock).mockImplementation(() => { return { data: { elser_exists: true, - esql_exists: false, index_exists: false, pipeline_exists: false, is_setup_available: true, @@ -115,14 +103,13 @@ describe('Knowledge base settings', () => { expect(queryByTestId('kb-installed')).not.toBeInTheDocument(); expect(getByTestId('install-kb')).toBeInTheDocument(); fireEvent.click(getByTestId('setupKnowledgeBaseButton')); - expect(mockSetup).toHaveBeenCalledWith('esql'); + expect(mockSetup).toHaveBeenCalled(); }); it('If elser does not exist, do not offer knowledge base', () => { (useKnowledgeBaseStatus as jest.Mock).mockImplementation(() => { return { data: { elser_exists: false, - esql_exists: false, index_exists: false, pipeline_exists: false, }, diff --git a/x-pack/packages/kbn-elastic-assistant/impl/knowledge_base/knowledge_base_settings.tsx b/x-pack/packages/kbn-elastic-assistant/impl/knowledge_base/knowledge_base_settings.tsx index 28ce86a3595a0..aa873decdcd87 100644 --- a/x-pack/packages/kbn-elastic-assistant/impl/knowledge_base/knowledge_base_settings.tsx +++ b/x-pack/packages/kbn-elastic-assistant/impl/knowledge_base/knowledge_base_settings.tsx @@ -31,7 +31,6 @@ import { useKnowledgeBaseStatus } from '../assistant/api/knowledge_base/use_know import { useSetupKnowledgeBase } from '../assistant/api/knowledge_base/use_setup_knowledge_base'; import { SETUP_KNOWLEDGE_BASE_BUTTON_TOOLTIP } from './translations'; -const ESQL_RESOURCE = 'esql'; const KNOWLEDGE_BASE_INDEX_PATTERN = '.kibana-elastic-ai-assistant-knowledge-base-(SPACE)'; interface Props { @@ -45,20 +44,14 @@ interface Props { export const KnowledgeBaseSettings: React.FC = React.memo( ({ knowledgeBase, setUpdatedKnowledgeBaseSettings }) => { const { http, toasts } = useAssistantContext(); - const { - data: kbStatus, - isLoading, - isFetching, - } = useKnowledgeBaseStatus({ http, resource: ESQL_RESOURCE }); + const { data: kbStatus, isLoading, isFetching } = useKnowledgeBaseStatus({ http }); const { mutate: setupKB, isLoading: isSettingUpKB } = useSetupKnowledgeBase({ http, toasts }); // Resource enabled state const isElserEnabled = kbStatus?.elser_exists ?? false; - const isESQLEnabled = kbStatus?.esql_exists ?? false; const isSecurityLabsEnabled = kbStatus?.security_labs_exists ?? false; const isKnowledgeBaseSetup = (isElserEnabled && - isESQLEnabled && isSecurityLabsEnabled && kbStatus?.index_exists && kbStatus?.pipeline_exists) ?? @@ -72,12 +65,11 @@ export const KnowledgeBaseSettings: React.FC = React.memo( // Calculated health state for EuiHealth component const elserHealth = isElserEnabled ? 'success' : 'subdued'; const knowledgeBaseHealth = isKnowledgeBaseSetup ? 'success' : 'subdued'; - const esqlHealth = isESQLEnabled ? 'success' : 'subdued'; ////////////////////////////////////////////////////////////////////////////////////////// // Main `Knowledge Base` setup button const onSetupKnowledgeBaseButtonClick = useCallback(() => { - setupKB(ESQL_RESOURCE); + setupKB(); }, [setupKB]); const toolTipContent = !isSetupAvailable ? SETUP_KNOWLEDGE_BASE_BUTTON_TOOLTIP : undefined; @@ -119,16 +111,6 @@ export const KnowledgeBaseSettings: React.FC = React.memo( ); }, [isKnowledgeBaseSetup]); - ////////////////////////////////////////////////////////////////////////////////////////// - // ESQL Resource - const esqlDescription = useMemo(() => { - return isESQLEnabled ? ( - {i18n.ESQL_DESCRIPTION_INSTALLED} - ) : ( - {i18n.ESQL_DESCRIPTION} - ); - }, [isESQLEnabled]); - return ( <> @@ -208,20 +190,6 @@ export const KnowledgeBaseSettings: React.FC = React.memo( - - - {i18n.ESQL_LABEL} - - {esqlDescription} - - - diff --git a/x-pack/packages/kbn-elastic-assistant/impl/knowledge_base/setup_knowledge_base_button.tsx b/x-pack/packages/kbn-elastic-assistant/impl/knowledge_base/setup_knowledge_base_button.tsx index 533f3fe35922c..d697fc7120d01 100644 --- a/x-pack/packages/kbn-elastic-assistant/impl/knowledge_base/setup_knowledge_base_button.tsx +++ b/x-pack/packages/kbn-elastic-assistant/impl/knowledge_base/setup_knowledge_base_button.tsx @@ -13,8 +13,6 @@ import { useAssistantContext } from '../..'; import { useSetupKnowledgeBase } from '../assistant/api/knowledge_base/use_setup_knowledge_base'; import { useKnowledgeBaseStatus } from '../assistant/api/knowledge_base/use_knowledge_base_status'; -export const ESQL_RESOURCE = 'esql'; - interface Props { display?: 'mini'; } @@ -26,7 +24,7 @@ interface Props { export const SetupKnowledgeBaseButton: React.FC = React.memo(({ display }: Props) => { const { http, toasts } = useAssistantContext(); - const { data: kbStatus } = useKnowledgeBaseStatus({ http, resource: ESQL_RESOURCE }); + const { data: kbStatus } = useKnowledgeBaseStatus({ http }); const { mutate: setupKB, isLoading: isSettingUpKB } = useSetupKnowledgeBase({ http, toasts }); const isSetupInProgress = kbStatus?.is_setup_in_progress || isSettingUpKB; @@ -34,11 +32,10 @@ export const SetupKnowledgeBaseButton: React.FC = React.memo(({ display } kbStatus?.elser_exists && kbStatus?.index_exists && kbStatus?.pipeline_exists && - kbStatus?.esql_exists && kbStatus?.security_labs_exists; const onInstallKnowledgeBase = useCallback(() => { - setupKB(ESQL_RESOURCE); + setupKB(); }, [setupKB]); if (isSetupComplete) { diff --git a/x-pack/plugins/elastic_assistant/server/__mocks__/docs_from_directory_loader.ts b/x-pack/plugins/elastic_assistant/server/__mocks__/docs_from_directory_loader.ts index 152d8c83987a3..e8cdf4b20dbde 100644 --- a/x-pack/plugins/elastic_assistant/server/__mocks__/docs_from_directory_loader.ts +++ b/x-pack/plugins/elastic_assistant/server/__mocks__/docs_from_directory_loader.ts @@ -8,43 +8,7 @@ import { Document } from 'langchain/document'; /** - * Mock LangChain `Document`s from `knowledge_base/esql/documentation`, loaded from a LangChain `DirectoryLoader` - */ -export const mockEsqlDocsFromDirectoryLoader: Document[] = [ - { - pageContent: - '[[esql-agg-avg]]\n=== `AVG`\nThe average of a numeric field.\n\n[source.merge.styled,esql]\n----\ninclude::{esql-specs}/stats.csv-spec[tag=avg]\n----\n[%header.monospaced.styled,format=dsv,separator=|]\n|===\ninclude::{esql-specs}/stats.csv-spec[tag=avg-result]\n|===\n\nThe result is always a `double` not matter the input type.\n', - metadata: { - source: - '/Users/andrew.goldstein/Projects/forks/andrew-goldstein/kibana/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/aggregation_functions/avg.asciidoc', - }, - }, -]; - -/** - * Mock LangChain `Document`s from `knowledge_base/esql/language_definition`, loaded from a LangChain `DirectoryLoader` - */ -export const mockEsqlLanguageDocsFromDirectoryLoader: Document[] = [ - { - pageContent: - "lexer grammar EsqlBaseLexer;\n\nDISSECT : 'dissect' -> pushMode(EXPRESSION);\nDROP : 'drop' -> pushMode(SOURCE_IDENTIFIERS);\nENRICH : 'enrich' -> pushMode(SOURCE_IDENTIFIERS);\nEVAL : 'eval' -> pushMode(EXPRESSION);\nEXPLAIN : 'explain' -> pushMode(EXPLAIN_MODE);\nFROM : 'from' -> pushMode(SOURCE_IDENTIFIERS);\nGROK : 'grok' -> pushMode(EXPRESSION);\nINLINESTATS : 'inlinestats' -> pushMode(EXPRESSION);\nKEEP : 'keep' -> pushMode(SOURCE_IDENTIFIERS);\nLIMIT : 'limit' -> pushMode(EXPRESSION);\nMV_EXPAND : 'mv_expand' -> pushMode(SOURCE_IDENTIFIERS);\nPROJECT : 'project' -> pushMode(SOURCE_IDENTIFIERS);\nRENAME : 'rename' -> pushMode(SOURCE_IDENTIFIERS);\nROW : 'row' -> pushMode(EXPRESSION);\nSHOW : 'show' -> pushMode(EXPRESSION);\nSORT : 'sort' -> pushMode(EXPRESSION);\nSTATS : 'stats' -> pushMode(EXPRESSION);\nWHERE : 'where' -> pushMode(EXPRESSION);\nUNKNOWN_CMD : ~[ \\r\\n\\t[\\]/]+ -> pushMode(EXPRESSION);\n\nLINE_COMMENT\n : '//' ~[\\r\\n]* '\\r'? '\\n'? -> channel(HIDDEN)\n ;\n\nMULTILINE_COMMENT\n : '/*' (MULTILINE_COMMENT|.)*? '*/' -> channel(HIDDEN)\n ;\n\nWS\n : [ \\r\\n\\t]+ -> channel(HIDDEN)\n ;\n\n\nmode EXPLAIN_MODE;\nEXPLAIN_OPENING_BRACKET : '[' -> type(OPENING_BRACKET), pushMode(DEFAULT_MODE);\nEXPLAIN_PIPE : '|' -> type(PIPE), popMode;\nEXPLAIN_WS : WS -> channel(HIDDEN);\nEXPLAIN_LINE_COMMENT : LINE_COMMENT -> channel(HIDDEN);\nEXPLAIN_MULTILINE_COMMENT : MULTILINE_COMMENT -> channel(HIDDEN);\n\nmode EXPRESSION;\n\nPIPE : '|' -> popMode;\n\nfragment DIGIT\n : [0-9]\n ;\n\nfragment LETTER\n : [A-Za-z]\n ;\n\nfragment ESCAPE_SEQUENCE\n : '\\\\' [tnr\"\\\\]\n ;\n\nfragment UNESCAPED_CHARS\n : ~[\\r\\n\"\\\\]\n ;\n\nfragment EXPONENT\n : [Ee] [+-]? DIGIT+\n ;\n\nSTRING\n : '\"' (ESCAPE_SEQUENCE | UNESCAPED_CHARS)* '\"'\n | '\"\"\"' (~[\\r\\n])*? '\"\"\"' '\"'? '\"'?\n ;\n\nINTEGER_LITERAL\n : DIGIT+\n ;\n\nDECIMAL_LITERAL\n : DIGIT+ DOT DIGIT*\n | DOT DIGIT+\n | DIGIT+ (DOT DIGIT*)? EXPONENT\n | DOT DIGIT+ EXPONENT\n ;\n\nBY : 'by';\n\nAND : 'and';\nASC : 'asc';\nASSIGN : '=';\nCOMMA : ',';\nDESC : 'desc';\nDOT : '.';\nFALSE : 'false';\nFIRST : 'first';\nLAST : 'last';\nLP : '(';\nIN: 'in';\nIS: 'is';\nLIKE: 'like';\nNOT : 'not';\nNULL : 'null';\nNULLS : 'nulls';\nOR : 'or';\nPARAM: '?';\nRLIKE: 'rlike';\nRP : ')';\nTRUE : 'true';\nINFO : 'info';\nFUNCTIONS : 'functions';\n\nEQ : '==';\nNEQ : '!=';\nLT : '<';\nLTE : '<=';\nGT : '>';\nGTE : '>=';\n\nPLUS : '+';\nMINUS : '-';\nASTERISK : '*';\nSLASH : '/';\nPERCENT : '%';\n\n// Brackets are funny. We can happen upon a CLOSING_BRACKET in two ways - one\n// way is to start in an explain command which then shifts us to expression\n// mode. Thus, the two popModes on CLOSING_BRACKET. The other way could as\n// the start of a multivalued field constant. To line up with the double pop\n// the explain mode needs, we double push when we see that.\nOPENING_BRACKET : '[' -> pushMode(EXPRESSION), pushMode(EXPRESSION);\nCLOSING_BRACKET : ']' -> popMode, popMode;\n\n\nUNQUOTED_IDENTIFIER\n : LETTER (LETTER | DIGIT | '_')*\n // only allow @ at beginning of identifier to keep the option to allow @ as infix operator in the future\n // also, single `_` and `@` characters are not valid identifiers\n | ('_' | '@') (LETTER | DIGIT | '_')+\n ;\n\nQUOTED_IDENTIFIER\n : '`' ( ~'`' | '``' )* '`'\n ;\n\nEXPR_LINE_COMMENT\n : LINE_COMMENT -> channel(HIDDEN)\n ;\n\nEXPR_MULTILINE_COMMENT\n : MULTILINE_COMMENT -> channel(HIDDEN)\n ;\n\nEXPR_WS\n : WS -> channel(HIDDEN)\n ;\n\n\n\nmode SOURCE_IDENTIFIERS;\n\nSRC_PIPE : '|' -> type(PIPE), popMode;\nSRC_OPENING_BRACKET : '[' -> type(OPENING_BRACKET), pushMode(SOURCE_IDENTIFIERS), pushMode(SOURCE_IDENTIFIERS);\nSRC_CLOSING_BRACKET : ']' -> popMode, popMode, type(CLOSING_BRACKET);\nSRC_COMMA : ',' -> type(COMMA);\nSRC_ASSIGN : '=' -> type(ASSIGN);\nAS : 'as';\nMETADATA: 'metadata';\nON : 'on';\nWITH : 'with';\n\nSRC_UNQUOTED_IDENTIFIER\n : SRC_UNQUOTED_IDENTIFIER_PART+\n ;\n\nfragment SRC_UNQUOTED_IDENTIFIER_PART\n : ~[=`|,[\\]/ \\t\\r\\n]+\n | '/' ~[*/] // allow single / but not followed by another / or * which would start a comment\n ;\n\nSRC_QUOTED_IDENTIFIER\n : QUOTED_IDENTIFIER\n ;\n\nSRC_LINE_COMMENT\n : LINE_COMMENT -> channel(HIDDEN)\n ;\n\nSRC_MULTILINE_COMMENT\n : MULTILINE_COMMENT -> channel(HIDDEN)\n ;\n\nSRC_WS\n : WS -> channel(HIDDEN)\n ;\n", - metadata: { - source: - '/Users/andrew.goldstein/Projects/forks/andrew-goldstein/kibana/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/language_definition/esql_base_lexer.g4', - }, - }, - { - pageContent: - "DISSECT=1\nDROP=2\nENRICH=3\nEVAL=4\nEXPLAIN=5\nFROM=6\nGROK=7\nINLINESTATS=8\nKEEP=9\nLIMIT=10\nMV_EXPAND=11\nPROJECT=12\nRENAME=13\nROW=14\nSHOW=15\nSORT=16\nSTATS=17\nWHERE=18\nUNKNOWN_CMD=19\nLINE_COMMENT=20\nMULTILINE_COMMENT=21\nWS=22\nEXPLAIN_WS=23\nEXPLAIN_LINE_COMMENT=24\nEXPLAIN_MULTILINE_COMMENT=25\nPIPE=26\nSTRING=27\nINTEGER_LITERAL=28\nDECIMAL_LITERAL=29\nBY=30\nAND=31\nASC=32\nASSIGN=33\nCOMMA=34\nDESC=35\nDOT=36\nFALSE=37\nFIRST=38\nLAST=39\nLP=40\nIN=41\nIS=42\nLIKE=43\nNOT=44\nNULL=45\nNULLS=46\nOR=47\nPARAM=48\nRLIKE=49\nRP=50\nTRUE=51\nINFO=52\nFUNCTIONS=53\nEQ=54\nNEQ=55\nLT=56\nLTE=57\nGT=58\nGTE=59\nPLUS=60\nMINUS=61\nASTERISK=62\nSLASH=63\nPERCENT=64\nOPENING_BRACKET=65\nCLOSING_BRACKET=66\nUNQUOTED_IDENTIFIER=67\nQUOTED_IDENTIFIER=68\nEXPR_LINE_COMMENT=69\nEXPR_MULTILINE_COMMENT=70\nEXPR_WS=71\nAS=72\nMETADATA=73\nON=74\nWITH=75\nSRC_UNQUOTED_IDENTIFIER=76\nSRC_QUOTED_IDENTIFIER=77\nSRC_LINE_COMMENT=78\nSRC_MULTILINE_COMMENT=79\nSRC_WS=80\nEXPLAIN_PIPE=81\n'dissect'=1\n'drop'=2\n'enrich'=3\n'eval'=4\n'explain'=5\n'from'=6\n'grok'=7\n'inlinestats'=8\n'keep'=9\n'limit'=10\n'mv_expand'=11\n'project'=12\n'rename'=13\n'row'=14\n'show'=15\n'sort'=16\n'stats'=17\n'where'=18\n'by'=30\n'and'=31\n'asc'=32\n'desc'=35\n'.'=36\n'false'=37\n'first'=38\n'last'=39\n'('=40\n'in'=41\n'is'=42\n'like'=43\n'not'=44\n'null'=45\n'nulls'=46\n'or'=47\n'?'=48\n'rlike'=49\n')'=50\n'true'=51\n'info'=52\n'functions'=53\n'=='=54\n'!='=55\n'<'=56\n'<='=57\n'>'=58\n'>='=59\n'+'=60\n'-'=61\n'*'=62\n'/'=63\n'%'=64\n']'=66\n'as'=72\n'metadata'=73\n'on'=74\n'with'=75\n", - metadata: { - source: - '/Users/andrew.goldstein/Projects/forks/andrew-goldstein/kibana/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/language_definition/esql_base_lexer.tokens', - }, - }, -]; - -/** - * Mock LangChain `Document`s from `knowledge_base/esql/example_queries`, loaded from a LangChain `DirectoryLoader` + * Mock LangChain `Document`s loaded from a LangChain `DirectoryLoader` */ export const mockExampleQueryDocsFromDirectoryLoader: Document[] = [ { diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/index.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/index.ts index 8d8bf069d779e..1906f59ab4b32 100644 --- a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/index.ts +++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/index.ts @@ -26,7 +26,6 @@ import { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/typesWith import { StructuredTool } from '@langchain/core/tools'; import { ElasticsearchClient } from '@kbn/core/server'; import { AIAssistantDataClient, AIAssistantDataClientParams } from '..'; -import { loadESQL } from '../../lib/langchain/content_loaders/esql_loader'; import { AssistantToolParams, GetElser } from '../../types'; import { createKnowledgeBaseEntry, @@ -201,17 +200,14 @@ export class AIAssistantKnowledgeBaseDataClient extends AIAssistantDataClient { * * @param options * @param options.soClient SavedObjectsClientContract for installing ELSER so that ML SO's are in sync - * @param options.installEsqlDocs Whether to install ESQL documents as part of setup (e.g. not needed in test env) * * @returns Promise */ public setupKnowledgeBase = async ({ soClient, - installEsqlDocs = true, installSecurityLabsDocs = true, }: { soClient: SavedObjectsClientContract; - installEsqlDocs?: boolean; installSecurityLabsDocs?: boolean; }): Promise => { if (this.options.getIsKBSetupInProgress()) { @@ -255,15 +251,6 @@ export class AIAssistantKnowledgeBaseDataClient extends AIAssistantDataClient { } this.options.logger.debug(`Checking if Knowledge Base docs have been loaded...`); - if (installEsqlDocs) { - const kbDocsLoaded = await this.isESQLDocsLoaded(); - if (!kbDocsLoaded) { - this.options.logger.debug(`Loading KB docs...`); - await loadESQL(this, this.options.logger); - } else { - this.options.logger.debug(`Knowledge Base docs already loaded!`); - } - } if (installSecurityLabsDocs) { const labsDocsLoaded = await this.isSecurityLabsDocsLoaded(); diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_commands.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_commands.asciidoc deleted file mode 100644 index 8b0e99344add1..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_commands.asciidoc +++ /dev/null @@ -1,63 +0,0 @@ -[[esql-commands]] -=== {esql} commands - -++++ -Commands -++++ - -// tag::source_commands[] -==== Source commands - -An {esql} source command produces a table, typically with data from {es}. An {esql} query must start with a source command. - -image::images/esql/source-command.svg[A source command producing a table from {es},align="center"] - -{esql} supports these source commands: - -* <> -* <> -* <> - -// end::source_command[] - -// tag::proc_commands[] -==== Processing commands - -{esql} processing commands change an input table by adding, removing, or changing -rows and columns. - -image::images/esql/processing-command.svg[A processing command changing an input table,align="center"] - -{esql} supports these processing commands: - -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> - -// end::proc_command[] - -include::source-commands/from.asciidoc[] -include::source-commands/row.asciidoc[] -include::source-commands/show.asciidoc[] - -include::processing-commands/dissect.asciidoc[] -include::processing-commands/drop.asciidoc[] -include::processing-commands/enrich.asciidoc[] -include::processing-commands/eval.asciidoc[] -include::processing-commands/grok.asciidoc[] -include::processing-commands/keep.asciidoc[] -include::processing-commands/limit.asciidoc[] -include::processing-commands/mv_expand.asciidoc[] -include::processing-commands/rename.asciidoc[] -include::processing-commands/sort.asciidoc[] -include::processing-commands/stats.asciidoc[] -include::processing-commands/where.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_enrich_data.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_enrich_data.asciidoc deleted file mode 100644 index 9708728e6b305..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_enrich_data.asciidoc +++ /dev/null @@ -1,126 +0,0 @@ -[[esql-enrich-data]] -=== Enrich data - -++++ -Enrich data -++++ - -You can use {esql}'s <> processing command to enrich a table with -data from indices in {es}. - -For example, you can use `ENRICH` to: - -* Identify web services or vendors based on known IP addresses -* Add product information to retail orders based on product IDs -* Supplement contact information based on an email address - -[[esql-how-enrich-works]] -==== How the `ENRICH` command works - -The `ENRICH` command adds new columns to a table, with data from {es} indices. -It requires a few special components: - -image::images/esql/esql-enrich.png[align="center"] - -[[esql-enrich-policy]] -Enrich policy:: -+ --- -A set of configuration options used to add the right enrich data to the input -table. - -An enrich policy contains: - -include::../ingest/enrich.asciidoc[tag=enrich-policy-fields] - -After <>, it must be -<> before it can be used. Executing an -enrich policy uses data from the policy's source indices to create a streamlined -system index called the _enrich index_. The `ENRICH` command uses this index to -match and enrich an input table. --- - -[[esql-source-index]] -Source index:: -An index which stores enrich data that the `ENRICH` command can add to input -tables. You can create and manage these indices just like a regular {es} index. -You can use multiple source indices in an enrich policy. You also can use the -same source index in multiple enrich policies. - -[[esql-enrich-index]] -Enrich index:: -+ --- -A special system index tied to a specific enrich policy. - -Directly matching rows from input tables to documents in source indices could be -slow and resource intensive. To speed things up, the `ENRICH` command uses an -enrich index. - -include::../ingest/enrich.asciidoc[tag=enrich-index] --- - -[[esql-set-up-enrich-policy]] -==== Set up an enrich policy - -To start using `ENRICH`, follow these steps: - -. Check the <>. -. <>. -. <>. -. <>. -. <> - -Once you have enrich policies set up, you can <> and <>. - -[IMPORTANT] -==== -The `ENRICH` command performs several operations and may impact the speed of -your query. -==== - -[[esql-enrich-prereqs]] -==== Prerequisites - -include::{es-repo-dir}/ingest/apis/enrich/put-enrich-policy.asciidoc[tag=enrich-policy-api-prereqs] - -[[esql-create-enrich-source-index]] -==== Add enrich data - -include::../ingest/enrich.asciidoc[tag=create-enrich-source-index] - -[[esql-create-enrich-policy]] -==== Create an enrich policy - -include::../ingest/enrich.asciidoc[tag=create-enrich-policy] - -[[esql-execute-enrich-policy]] -==== Execute the enrich policy - -include::../ingest/enrich.asciidoc[tag=execute-enrich-policy1] - -image::images/esql/esql-enrich-policy.png[align="center"] - -include::../ingest/enrich.asciidoc[tag=execute-enrich-policy2] - -[[esql-use-enrich]] -==== Use the enrich policy - -After the policy has been executed, you can use the <> to enrich your data. - -image::images/esql/esql-enrich-command.png[align="center",width=50%] - -include::processing-commands/enrich.asciidoc[tag=examples] - -[[esql-update-enrich-data]] -==== Update an enrich index - -include::{es-repo-dir}/ingest/apis/enrich/execute-enrich-policy.asciidoc[tag=update-enrich-index] - -[[esql-update-enrich-policies]] -==== Update an enrich policy - -include::../ingest/enrich.asciidoc[tag=update-enrich-policy] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_functions.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_functions.asciidoc deleted file mode 100644 index b921719fc097b..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_functions.asciidoc +++ /dev/null @@ -1,140 +0,0 @@ -[[esql-functions]] -== {esql} functions - -++++ -Functions -++++ - -<>, <> and <> support -these functions: - -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> - -include::functions/abs.asciidoc[] -include::functions/acos.asciidoc[] -include::functions/asin.asciidoc[] -include::functions/atan.asciidoc[] -include::functions/atan2.asciidoc[] -include::functions/auto_bucket.asciidoc[] -include::functions/case.asciidoc[] -include::functions/ceil.asciidoc[] -include::functions/cidr_match.asciidoc[] -include::functions/coalesce.asciidoc[] -include::functions/concat.asciidoc[] -include::functions/cos.asciidoc[] -include::functions/cosh.asciidoc[] -include::functions/date_extract.asciidoc[] -include::functions/date_format.asciidoc[] -include::functions/date_parse.asciidoc[] -include::functions/date_trunc.asciidoc[] -include::functions/e.asciidoc[] -include::functions/ends_with.asciidoc[] -include::functions/floor.asciidoc[] -include::functions/greatest.asciidoc[] -include::functions/is_finite.asciidoc[] -include::functions/is_infinite.asciidoc[] -include::functions/is_nan.asciidoc[] -include::functions/least.asciidoc[] -include::functions/left.asciidoc[] -include::functions/length.asciidoc[] -include::functions/log10.asciidoc[] -include::functions/ltrim.asciidoc[] -include::functions/mv_avg.asciidoc[] -include::functions/mv_concat.asciidoc[] -include::functions/mv_count.asciidoc[] -include::functions/mv_dedupe.asciidoc[] -include::functions/mv_max.asciidoc[] -include::functions/mv_median.asciidoc[] -include::functions/mv_min.asciidoc[] -include::functions/mv_sum.asciidoc[] -include::functions/now.asciidoc[] -include::functions/pi.asciidoc[] -include::functions/pow.asciidoc[] -include::functions/replace.asciidoc[] -include::functions/right.asciidoc[] -include::functions/round.asciidoc[] -include::functions/rtrim.asciidoc[] -include::functions/sin.asciidoc[] -include::functions/sinh.asciidoc[] -include::functions/split.asciidoc[] -include::functions/sqrt.asciidoc[] -include::functions/starts_with.asciidoc[] -include::functions/substring.asciidoc[] -include::functions/tan.asciidoc[] -include::functions/tanh.asciidoc[] -include::functions/tau.asciidoc[] -include::functions/to_boolean.asciidoc[] -include::functions/to_datetime.asciidoc[] -include::functions/to_degrees.asciidoc[] -include::functions/to_double.asciidoc[] -include::functions/to_integer.asciidoc[] -include::functions/to_ip.asciidoc[] -include::functions/to_long.asciidoc[] -include::functions/to_radians.asciidoc[] -include::functions/to_string.asciidoc[] -include::functions/to_unsigned_long.asciidoc[] -include::functions/to_version.asciidoc[] -include::functions/trim.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_functions_operators.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_functions_operators.asciidoc deleted file mode 100644 index 375bb4ee9dd00..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_functions_operators.asciidoc +++ /dev/null @@ -1,43 +0,0 @@ -[[esql-functions-operators]] -=== {esql} functions and operators - -++++ -Functions and operators -++++ - -{esql} provides a comprehensive set of functions and operators for working with data. -The functions are divided into the following categories: - -[[esql-functions]] -<>:: -include::functions/aggregation-functions.asciidoc[tag=agg_list] - -<>:: -include::functions/math-functions.asciidoc[tag=math_list] - -<>:: -include::functions/string-functions.asciidoc[tag=string_list] - -<>:: -include::functions/date-time-functions.asciidoc[tag=date_list] - -<>:: -include::functions/type-conversion-functions.asciidoc[tag=type_list] - -<>:: -include::functions/conditional-functions-and-expressions.asciidoc[tag=cond_list] - -<>:: -include::functions/mv-functions.asciidoc[tag=mv_list] - -<>:: -include::functions/operators.asciidoc[tag=op_list] - -include::functions/aggregation-functions.asciidoc[] -include::functions/math-functions.asciidoc[] -include::functions/string-functions.asciidoc[] -include::functions/date-time-functions.asciidoc[] -include::functions/type-conversion-functions.asciidoc[] -include::functions/conditional-functions-and-expressions.asciidoc[] -include::functions/mv-functions.asciidoc[] -include::functions/operators.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_get_started.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_get_started.asciidoc deleted file mode 100644 index 1f3cdf85c173e..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_get_started.asciidoc +++ /dev/null @@ -1,8 +0,0 @@ -[[esql-getting-started]] -== Getting started with {esql} - -++++ -Getting started -++++ - -coming::[8.11] \ No newline at end of file diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_kibana.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_kibana.asciidoc deleted file mode 100644 index 534cba22ed1a1..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_kibana.asciidoc +++ /dev/null @@ -1,15 +0,0 @@ -[[esql-kibana]] -== Using {esql} in {kib} - -++++ -Kibana -++++ - - -Use {esql} in Discover to explore a data set. From the data view dropdown, -select *Try {esql}* to get started. - -NOTE: {esql} queries in Discover and Lens are subject to the time range selected -with the time filter. - - diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_language.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_language.asciidoc deleted file mode 100644 index 2becd04cec948..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_language.asciidoc +++ /dev/null @@ -1,23 +0,0 @@ -[[esql-language]] -== Working with the {esql} language - -++++ -Working with the {esql} language -++++ - -Detailed information about the {esql} language: - -* <> -* <> -* <> -* <> -* <> -* <> - -include::esql-syntax.asciidoc[] -include::esql-commands.asciidoc[] -include::esql-functions-operators.asciidoc[] -include::multivalued-fields.asciidoc[] -include::metadata-fields.asciidoc[] -include::esql-enrich-data.asciidoc[] - diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_limitations.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_limitations.asciidoc deleted file mode 100644 index f39ff73744276..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_limitations.asciidoc +++ /dev/null @@ -1,32 +0,0 @@ -[[esql-limitations]] -== {esql} limitations - -++++ -Limitations -++++ - -[discrete] -[[esql-supported-types]] -=== Supported types - -* {esql} currently supports the following <>: - -** `alias` -** `boolean` -** `date` -** `double` (`float`, `half_float`, `scaled_float` are represented as `double`) -** `ip` -** `keyword` family including `keyword`, `constant_keyword`, and `wildcard` -** `int` (`short` and `byte` are represented as `int`) -** `long` -** `null` -** `text` -** `unsigned_long` -** `version` - -[discrete] -[[esql-max-rows]] -=== 10,000 row maximum - -A single query will not return more than 10,000 rows, regardless of the -`LIMIT` command's value. \ No newline at end of file diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_query_api.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_query_api.asciidoc deleted file mode 100644 index 437871d31a88f..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_query_api.asciidoc +++ /dev/null @@ -1,97 +0,0 @@ -[[esql-query-api]] -== {esql} query API -++++ -{esql} query API -++++ - -Returns search results for an <> query. - -[source,console] ----- -POST /_query -{ - "query": """ - FROM library - | EVAL year = DATE_TRUNC(1 YEARS, release_date) - | STATS MAX(page_count) BY year - | SORT year - | LIMIT 5 - """ -} ----- -// TEST[setup:library] - -[discrete] -[[esql-query-api-request]] -=== {api-request-title} - -`POST _query` - -[discrete] -[[esql-query-api-prereqs]] -=== {api-prereq-title} - -* If the {es} {security-features} are enabled, you must have the `read` -<> for the data stream, index, -or alias you search. - -[discrete] -[[esql-query-api-query-params]] -=== {api-query-parms-title} - -`delimiter`:: -(Optional, string) Separator for CSV results. Defaults to `,`. The API only -supports this parameter for CSV responses. - -`format`:: -(Optional, string) Format for the response. For valid values, refer to -<>. -+ -You can also specify a format using the `Accept` HTTP header. If you specify -both this parameter and the `Accept` HTTP header, this parameter takes -precedence. - -[discrete] -[role="child_attributes"] -[[esql-query-api-request-body]] -=== {api-request-body-title} - -`columnar`:: -(Optional, Boolean) If `true`, returns results in a columnar format. Defaults to -`false`. The API only supports this parameter for CBOR, JSON, SMILE, and YAML -responses. See <>. - -`params`:: -(Optional, array) Values for parameters in the `query`. For syntax, refer to -<>. - -`query`:: -(Required, object) {esql} query to run. For syntax, refer to <>. - -[[esql-search-api-time-zone]] -`time_zone`:: -(Optional, string) ISO-8601 time zone ID for the search. Several {esql} -date/time functions use this time zone. Defaults to `Z` (UTC). - -[discrete] -[role="child_attributes"] -[[esql-query-api-response-body]] -=== {api-response-body-title} - -`columns`:: -(array of objects) -Column headings for the search results. Each object is a column. -+ -.Properties of `columns` objects -[%collapsible%open] -==== -`name`:: -(string) Name of the column. - -`type`:: -(string) Data type for the column. -==== - -`rows`:: -(array of arrays) -Values for the search results. diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_rest.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_rest.asciidoc deleted file mode 100644 index 55c9946ad08b4..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_rest.asciidoc +++ /dev/null @@ -1,249 +0,0 @@ -[[esql-rest]] -== {esql} REST API - -++++ -REST API -++++ - -[discrete] -[[esql-rest-overview]] -=== Overview - -The <> accepts an {esql} query string in the -`query` parameter, runs it, and returns the results. For example: - -[source,console] ----- -POST /_query?format=txt -{ - "query": "FROM library | KEEP author, name, page_count, release_date | SORT page_count DESC | LIMIT 5" -} ----- -// TEST[setup:library] - -Which returns: - -[source,text] ----- - author | name | page_count | release_date ------------------+--------------------+---------------+------------------------ -Peter F. Hamilton|Pandora's Star |768 |2004-03-02T00:00:00.000Z -Vernor Vinge |A Fire Upon the Deep|613 |1992-06-01T00:00:00.000Z -Frank Herbert |Dune |604 |1965-06-01T00:00:00.000Z -Alastair Reynolds|Revelation Space |585 |2000-03-15T00:00:00.000Z -James S.A. Corey |Leviathan Wakes |561 |2011-06-02T00:00:00.000Z ----- -// TESTRESPONSE[s/\|/\\|/ s/\+/\\+/] -// TESTRESPONSE[non_json] - -[discrete] -[[esql-kibana-console]] -=== Kibana Console - -If you are using {kibana-ref}/console-kibana.html[Kibana Console] (which is -highly recommended), take advantage of the triple quotes `"""` when creating the -query. This not only automatically escapes double quotes (`"`) inside the query -string but also supports multi-line requests: - -// tag::esql-query-api[] -[source,console] ----- -POST /_query?format=txt -{ - "query": """ - FROM library - | KEEP author, name, page_count, release_date - | SORT page_count DESC - | LIMIT 5 - """ -} ----- -// TEST[setup:library] - -[discrete] -[[esql-rest-format]] -=== Response formats - -{esql} can return the data in the following human readable and binary formats. -You can set the format by specifying the `format` parameter in the URL or by -setting the `Accept` or `Content-Type` HTTP header. - -NOTE: The URL parameter takes precedence over the HTTP headers. If neither is -specified then the response is returned in the same format as the request. - -[cols="m,4m,8"] - -|=== -s|`format` -s|HTTP header -s|Description - -3+h| Human readable - -|csv -|text/csv -|{wikipedia}/Comma-separated_values[Comma-separated values] - -|json -|application/json -|https://www.json.org/[JSON] (JavaScript Object Notation) human-readable format - -|tsv -|text/tab-separated-values -|{wikipedia}/Tab-separated_values[Tab-separated values] - -|txt -|text/plain -|CLI-like representation - -|yaml -|application/yaml -|{wikipedia}/YAML[YAML] (YAML Ain't Markup Language) human-readable format - -3+h| Binary - -|cbor -|application/cbor -|https://cbor.io/[Concise Binary Object Representation] - -|smile -|application/smile -|{wikipedia}/Smile_(data_interchange_format)[Smile] binary data format similar -to CBOR - -|=== - -The `csv` format accepts a formatting URL query attribute, `delimiter`, which -indicates which character should be used to separate the CSV values. It defaults -to comma (`,`) and cannot take any of the following values: double quote (`"`), -carriage-return (`\r`) and new-line (`\n`). The tab (`\t`) can also not be used. -Use the `tsv` format instead. - -[discrete] -[[esql-rest-filtering]] -=== Filtering using {es} Query DSL - -Specify a Query DSL query in the `filter` parameter to filter the set of -documents that an {esql} query runs on. - -[source,console] ----- -POST /_query?format=txt -{ - "query": """ - FROM library - | KEEP author, name, page_count, release_date - | SORT page_count DESC - | LIMIT 5 - """, - "filter": { - "range": { - "page_count": { - "gte": 100, - "lte": 200 - } - } - } -} ----- -// TEST[setup:library] - -Which returns: - -[source,text] --------------------------------------------------- - author | name | page_count | release_date ----------------+------------------------------------+---------------+------------------------ -Douglas Adams |The Hitchhiker's Guide to the Galaxy|180 |1979-10-12T00:00:00.000Z --------------------------------------------------- -// TESTRESPONSE[s/\|/\\|/ s/\+/\\+/] -// TESTRESPONSE[non_json] - -[discrete] -[[esql-rest-columnar]] -=== Columnar results - -By default, {esql} returns results as rows. For example, `FROM` returns each -individual document as one row. For the `json`, `yaml`, `cbor` and `smile` -<>, {esql} can return the results in a columnar -fashion where one row represents all the values of a certain column in the -results. - -[source,console] ----- -POST /_query?format=json -{ - "query": """ - FROM library - | KEEP author, name, page_count, release_date - | SORT page_count DESC - | LIMIT 5 - """, - "columnar": true -} ----- -// TEST[setup:library] - -Which returns: - -[source,console-result] ----- -{ - "columns": [ - {"name": "author", "type": "text"}, - {"name": "name", "type": "text"}, - {"name": "page_count", "type": "integer"}, - {"name": "release_date", "type": "date"} - ], - "values": [ - ["Peter F. Hamilton", "Vernor Vinge", "Frank Herbert", "Alastair Reynolds", "James S.A. Corey"], - ["Pandora's Star", "A Fire Upon the Deep", "Dune", "Revelation Space", "Leviathan Wakes"], - [768, 613, 604, 585, 561], - ["2004-03-02T00:00:00.000Z", "1992-06-01T00:00:00.000Z", "1965-06-01T00:00:00.000Z", "2000-03-15T00:00:00.000Z", "2011-06-02T00:00:00.000Z"] - ] -} ----- - -[discrete] -[[esql-rest-params]] -=== Passing parameters to a query - -Values, for example for a condition, can be passed to a query "inline", by -integrating the value in the query string itself: - -[source,console] ----- -POST /_query -{ - "query": """ - FROM library - | EVAL year = DATE_EXTRACT("year", release_date) - | WHERE page_count > 300 AND author == "Frank Herbert" - | STATS count = COUNT(*) by year - | WHERE count > 0 - | LIMIT 5 - """ -} ----- -// TEST[setup:library] - -To avoid any attempts of hacking or code injection, extract the values in a -separate list of parameters. Use question mark placeholders (`?`) in the query -string for each of the parameters: - -[source,console] ----- -POST /_query -{ - "query": """ - FROM library - | EVAL year = DATE_EXTRACT("year", release_date) - | WHERE page_count > ? AND author == ? - | STATS count = COUNT(*) by year - | WHERE count > ? - | LIMIT 5 - """, - "params": [300, "Frank Herbert", 0] -} ----- -// TEST[setup:library] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_syntax.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_syntax.asciidoc deleted file mode 100644 index 725b1d3ff1e03..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/esql_syntax.asciidoc +++ /dev/null @@ -1,90 +0,0 @@ -[[esql-syntax]] -=== {esql} syntax reference - -++++ -Syntax reference -++++ - -[discrete] -[[esql-basic-syntax]] -=== Basic syntax - -An {esql} query is composed of a <> followed -by an optional series of <>, -separated by a pipe character: `|`. For example: - -[source,esql] ----- -source-command -| processing-command1 -| processing-command2 ----- - -The result of a query is the table produced by the final processing command. - -For an overview of all supported commands, functions, and operators, refer to <> and <>. - -[NOTE] -==== -For readability, this documentation puts each processing command on a new -line. However, you can write an {esql} query as a single line. The following -query is identical to the previous one: - -[source,esql] ----- -source-command | processing-command1 | processing-command2 ----- -==== - -[discrete] -[[esql-comments]] -==== Comments -{esql} uses C++ style comments: - -* double slash `//` for single line comments -* `/*` and `*/` for block comments - -[source,esql] ----- -// Query the employees index -FROM employees -| WHERE height > 2 ----- - -[source,esql] ----- -FROM /* Query the employees index */ employees -| WHERE height > 2 ----- - -[source,esql] ----- -FROM employees -/* Query the - * employees - * index */ -| WHERE height > 2 ----- - -[discrete] -[[esql-timespan-literals]] -==== Timespan literals - -Datetime intervals and timespans can be expressed using timespan literals. -Timespan literals are a combination of a number and a qualifier. These -qualifiers are supported: - -* `millisecond`/`milliseconds` -* `second`/`seconds` -* `minute`/`minutes` -* `hour`/`hours` -* `day`/`days` -* `week`/`weeks` -* `month`/`months` -* `year`/`years` - -Timespan literals are not whitespace sensitive. These expressions are all valid: - -* `1day` -* `1 day` -* `1 day` diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/abs.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/abs.asciidoc deleted file mode 100644 index 3adb7dff07043..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/abs.asciidoc +++ /dev/null @@ -1,18 +0,0 @@ -[discrete] -[[esql-abs]] -=== `ABS` -[.text-center] -image::esql/functions/signature/abs.svg[Embedded,opts=inline] - -Returns the absolute value. - -[source,esql] ----- -FROM employees -| KEEP first_name, last_name, height -| EVAL abs_height = ABS(0.0 - height) ----- - -Supported types: - -include::types/abs.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/acos.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/acos.asciidoc deleted file mode 100644 index e4d04bd169c78..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/acos.asciidoc +++ /dev/null @@ -1,33 +0,0 @@ -[discrete] -[[esql-acos]] -=== `ACOS` - -*Syntax* - -[.text-center] -image::esql/functions/signature/acos.svg[Embedded,opts=inline] - -*Parameters* - -`n`:: -Numeric expression. If `null`, the function returns `null`. - -*Description* - -Returns the {wikipedia}/Inverse_trigonometric_functions[arccosine] of `n` as an -angle, expressed in radians. - -*Supported types* - -include::types/acos.asciidoc[] - -*Example* - -[source.merge.styled,esql] ----- -include::{esql-specs}/floats.csv-spec[tag=acos] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/floats.csv-spec[tag=acos-result] -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/aggregation_functions.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/aggregation_functions.asciidoc deleted file mode 100644 index bd501ea49f158..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/aggregation_functions.asciidoc +++ /dev/null @@ -1,30 +0,0 @@ -[[esql-agg-functions]] -==== {esql} aggregate functions - -++++ -Aggregate functions -++++ - -The <> function supports these aggregate functions: - -// tag::agg_list[] -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -// end::agg_list[] - -include::avg.asciidoc[] -include::count.asciidoc[] -include::count-distinct.asciidoc[] -include::max.asciidoc[] -include::median.asciidoc[] -include::median-absolute-deviation.asciidoc[] -include::min.asciidoc[] -include::percentile.asciidoc[] -include::sum.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/asin.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/asin.asciidoc deleted file mode 100644 index f03b5276b7dd6..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/asin.asciidoc +++ /dev/null @@ -1,20 +0,0 @@ -[discrete] -[[esql-asin]] -=== `ASIN` -[.text-center] -image::esql/functions/signature/asin.svg[Embedded,opts=inline] - -Inverse https://en.wikipedia.org/wiki/Inverse_trigonometric_functions[sine] trigonometric function. - -[source.merge.styled,esql] ----- -include::{esql-specs}/floats.csv-spec[tag=asin] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/floats.csv-spec[tag=asin-result] -|=== - -Supported types: - -include::types/asin.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/atan.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/atan.asciidoc deleted file mode 100644 index 3813e096aeba1..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/atan.asciidoc +++ /dev/null @@ -1,20 +0,0 @@ -[discrete] -[[esql-atan]] -=== `ATAN` -[.text-center] -image::esql/functions/signature/atan.svg[Embedded,opts=inline] - -Inverse https://en.wikipedia.org/wiki/Inverse_trigonometric_functions[tangent] trigonometric function. - -[source.merge.styled,esql] ----- -include::{esql-specs}/floats.csv-spec[tag=atan] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/floats.csv-spec[tag=atan-result] -|=== - -Supported types: - -include::types/atan.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/atan2.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/atan2.asciidoc deleted file mode 100644 index e78a219333344..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/atan2.asciidoc +++ /dev/null @@ -1,21 +0,0 @@ -[discrete] -[[esql-atan2]] -=== `ATAN2` -[.text-center] -image::esql/functions/signature/atan2.svg[Embedded,opts=inline] - -The https://en.wikipedia.org/wiki/Atan2[angle] between the positive x-axis and the -ray from the origin to the point (x , y) in the Cartesian plane. - -[source.merge.styled,esql] ----- -include::{esql-specs}/floats.csv-spec[tag=atan2] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/floats.csv-spec[tag=atan2-result] -|=== - -Supported types: - -include::types/atan2.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/auto_bucket.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/auto_bucket.asciidoc deleted file mode 100644 index 47e453f382229..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/auto_bucket.asciidoc +++ /dev/null @@ -1,72 +0,0 @@ -[discrete] -[[esql-auto_bucket]] -=== `AUTO_BUCKET` -Creates human-friendly buckets and returns a `datetime` value for each row that -corresponds to the resulting bucket the row falls into. Combine `AUTO_BUCKET` -with <> to create a date histogram. - -You provide a target number of buckets, a start date, and an end date, and it -picks an appropriate bucket size to generate the target number of buckets or -fewer. For example, this asks for at most 20 buckets over a whole year, which -picks monthly buckets: - -[source.merge.styled,esql] ----- -include::{esql-specs}/date.csv-spec[tag=auto_bucket_month] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/date.csv-spec[tag=auto_bucket_month-result] -|=== - -The goal isn't to provide *exactly* the target number of buckets, it's to pick a -range that people are comfortable with that provides at most the target number of -buckets. - -If you ask for more buckets then `AUTO_BUCKET` can pick a smaller range. For example, -asking for at most 100 buckets in a year will get you week long buckets: - -[source.merge.styled,esql] ----- -include::{esql-specs}/date.csv-spec[tag=auto_bucket_week] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/date.csv-spec[tag=auto_bucket_week-result] -|=== - -`AUTO_BUCKET` does not filter any rows. It only uses the provided time range to -pick a good bucket size. For rows with a date outside of the range, it returns a -`datetime` that corresponds to a bucket outside the range. Combine `AUTO_BUCKET` -with <> to filter rows. - -A more complete example might look like: - -[source.merge.styled,esql] ----- -include::{esql-specs}/date.csv-spec[tag=auto_bucket_in_agg] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/date.csv-spec[tag=auto_bucket_in_agg-result] -|=== - -NOTE: `AUTO_BUCKET` does not create buckets that don't match any documents. That's -why the example above is missing `1985-03-01` and other dates. - -==== Numeric fields - -`auto_bucket` can also operate on numeric fields like this: -[source.merge.styled,esql] ----- -include::{esql-specs}/ints.csv-spec[tag=auto_bucket] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/ints.csv-spec[tag=auto_bucket-result] -|=== - -Unlike the example above where you are intentionally filtering on a date range, -you rarely want to filter on a numeric range. So you have find the `min` and `max` -separately. We don't yet have an easy way to do that automatically. Improvements -coming! diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/avg.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/avg.asciidoc deleted file mode 100644 index 972d30545ceb4..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/avg.asciidoc +++ /dev/null @@ -1,15 +0,0 @@ -[discrete] -[[esql-agg-avg]] -=== `AVG` -The average of a numeric field. - -[source.merge.styled,esql] ----- -include::{esql-specs}/stats.csv-spec[tag=avg] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/stats.csv-spec[tag=avg-result] -|=== - -The result is always a `double` not matter the input type. diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/binary.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/binary.asciidoc deleted file mode 100644 index ba93f57af7ad6..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/binary.asciidoc +++ /dev/null @@ -1,12 +0,0 @@ -[discrete] -[[esql-binary-operators]] -=== Binary operators - -These binary comparison operators are supported: - -* equality: `==` -* inequality: `!=` -* less than: `<` -* less than or equal: `<=` -* larger than: `>` -* larger than or equal: `>=` \ No newline at end of file diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/case.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/case.asciidoc deleted file mode 100644 index b243adf875cb4..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/case.asciidoc +++ /dev/null @@ -1,42 +0,0 @@ -[discrete] -[[esql-case]] -=== `CASE` - -*Syntax* - -[source,txt] ----- -CASE(condition1, value1[, ..., conditionN, valueN][, default_value]) ----- - -*Parameters* - -`conditionX`:: -A condition. - -`valueX`:: -The value that's returned when the corresponding condition is the first to -evaluate to `true`. - -`default_value`:: -The default value that's is returned when no condition matches. - -*Description* - -Accepts pairs of conditions and values. The function returns the value that -belongs to the first condition that evaluates to `true`. - -If the number of arguments is odd, the last argument is the default value which -is returned when no condition matches. - -*Example* - -[source,esql] -[source.merge.styled,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=case] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/docs.csv-spec[tag=case-result] -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/ceil.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/ceil.asciidoc deleted file mode 100644 index f977e544e6c3f..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/ceil.asciidoc +++ /dev/null @@ -1,24 +0,0 @@ -[discrete] -[[esql-ceil]] -=== `CEIL` -[.text-center] -image::esql/functions/signature/ceil.svg[Embedded,opts=inline] - -Round a number up to the nearest integer. - -[source.merge.styled,esql] ----- -include::{esql-specs}/math.csv-spec[tag=ceil] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/math.csv-spec[tag=ceil-result] -|=== - -NOTE: This is a noop for `long` (including unsigned) and `integer`. - For `double` this picks the the closest `double` value to the integer ala - {javadoc}/java.base/java/lang/Math.html#ceil(double)[Math.ceil]. - -Supported types: - -include::types/ceil.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/cidr_match.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/cidr_match.asciidoc deleted file mode 100644 index 5072a6eef7fd5..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/cidr_match.asciidoc +++ /dev/null @@ -1,16 +0,0 @@ -[discrete] -[[esql-cidr_match]] -=== `CIDR_MATCH` - -Returns `true` if the provided IP is contained in one of the provided CIDR -blocks. - -`CIDR_MATCH` accepts two or more arguments. The first argument is the IP -address of type `ip` (both IPv4 and IPv6 are supported). Subsequent arguments -are the CIDR blocks to test the IP against. - -[source,esql] ----- -FROM hosts -| WHERE CIDR_MATCH(ip, "127.0.0.2/32", "127.0.0.3/32") ----- diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/coalesce.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/coalesce.asciidoc deleted file mode 100644 index 550780eaa070d..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/coalesce.asciidoc +++ /dev/null @@ -1,14 +0,0 @@ -[discrete] -[[esql-coalesce]] -=== `COALESCE` - -Returns the first non-null value. - -[source.merge.styled,esql] ----- -include::{esql-specs}/null.csv-spec[tag=coalesce] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/null.csv-spec[tag=coalesce-result] -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/concat.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/concat.asciidoc deleted file mode 100644 index 4864f5623a170..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/concat.asciidoc +++ /dev/null @@ -1,11 +0,0 @@ -[discrete] -[[esql-concat]] -=== `CONCAT` -Concatenates two or more strings. - -[source,esql] ----- -FROM employees -| KEEP first_name, last_name, height -| EVAL fullname = CONCAT(first_name, " ", last_name) ----- diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/conditional_functions_and_expressions.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/conditional_functions_and_expressions.asciidoc deleted file mode 100644 index d835a14856c03..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/conditional_functions_and_expressions.asciidoc +++ /dev/null @@ -1,21 +0,0 @@ -[[esql-conditional-functions-and-expressions]] -==== {esql} conditional functions and expressions - -++++ -Conditional functions and expressions -++++ - -Conditional functions return one of their arguments by evaluating in an if-else -manner. {esql} supports these conditional functions: - -// tag::cond_list[] -* <> -* <> -* <> -* <> -// end::cond_list[] - -include::case.asciidoc[] -include::coalesce.asciidoc[] -include::greatest.asciidoc[] -include::least.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/cos.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/cos.asciidoc deleted file mode 100644 index 5dcbb7bea37f4..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/cos.asciidoc +++ /dev/null @@ -1,20 +0,0 @@ -[discrete] -[[esql-cos]] -=== `COS` -[.text-center] -image::esql/functions/signature/cos.svg[Embedded,opts=inline] - -https://en.wikipedia.org/wiki/Sine_and_cosine[Cosine] trigonometric function. - -[source.merge.styled,esql] ----- -include::{esql-specs}/floats.csv-spec[tag=cos] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/floats.csv-spec[tag=cos-result] -|=== - -Supported types: - -include::types/cos.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/cosh.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/cosh.asciidoc deleted file mode 100644 index 7bf0840958655..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/cosh.asciidoc +++ /dev/null @@ -1,20 +0,0 @@ -[discrete] -[[esql-cosh]] -=== `COSH` -[.text-center] -image::esql/functions/signature/cosh.svg[Embedded,opts=inline] - -https://en.wikipedia.org/wiki/Hyperbolic_functions[Cosine] hyperbolic function. - -[source.merge.styled,esql] ----- -include::{esql-specs}/floats.csv-spec[tag=cosh] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/floats.csv-spec[tag=cosh-result] -|=== - -Supported types: - -include::types/cosh.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/count.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/count.asciidoc deleted file mode 100644 index a148df07edb4d..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/count.asciidoc +++ /dev/null @@ -1,27 +0,0 @@ -[discrete] -[[esql-agg-count]] -=== `COUNT` -Counts field values. - -[source.merge.styled,esql] ----- -include::{esql-specs}/stats.csv-spec[tag=count] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/stats.csv-spec[tag=count-result] -|=== - -Can take any field type as input and the result is always a `long` not matter -the input type. - -To count the number of rows, use `COUNT(*)`: - -[source.merge.styled,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=countAll] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/docs.csv-spec[tag=countAll-result] -|=== \ No newline at end of file diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/count_distinct.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/count_distinct.asciidoc deleted file mode 100644 index b5b1659140f63..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/count_distinct.asciidoc +++ /dev/null @@ -1,46 +0,0 @@ -[discrete] -[[esql-agg-count-distinct]] -=== `COUNT_DISTINCT` -The approximate number of distinct values. - -[source.merge.styled,esql] ----- -include::{esql-specs}/stats_count_distinct.csv-spec[tag=count-distinct] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/stats_count_distinct.csv-spec[tag=count-distinct-result] -|=== - -Can take any field type as input and the result is always a `long` not matter -the input type. - -[discrete] -==== Counts are approximate - -Computing exact counts requires loading values into a set and returning its -size. This doesn't scale when working on high-cardinality sets and/or large -values as the required memory usage and the need to communicate those -per-shard sets between nodes would utilize too many resources of the cluster. - -This `COUNT_DISTINCT` function is based on the -https://static.googleusercontent.com/media/research.google.com/fr//pubs/archive/40671.pdf[HyperLogLog++] -algorithm, which counts based on the hashes of the values with some interesting -properties: - -include::../../aggregations/metrics/cardinality-aggregation.asciidoc[tag=explanation] - -[discrete] -==== Precision is configurable - -The `COUNT_DISTINCT` function takes an optional second parameter to configure the -precision discussed previously. - -[source.merge.styled,esql] ----- -include::{esql-specs}/stats_count_distinct.csv-spec[tag=count-distinct-precision] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/stats_count_distinct.csv-spec[tag=count-distinct-precision-result] -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/date_extract.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/date_extract.asciidoc deleted file mode 100644 index 89ef1cf261094..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/date_extract.asciidoc +++ /dev/null @@ -1,15 +0,0 @@ -[discrete] -[[esql-date_extract]] -=== `DATE_EXTRACT` -Extracts parts of a date, like year, month, day, hour. -The supported field types are those provided by https://docs.oracle.com/javase/8/docs/api/java/time/temporal/ChronoField.html[java.time.temporal.ChronoField]. - -[source.merge.styled,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=dateExtract] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/docs.csv-spec[tag=dateExtract-result] -|=== - diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/date_format.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/date_format.asciidoc deleted file mode 100644 index 5a87f31412cc8..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/date_format.asciidoc +++ /dev/null @@ -1,12 +0,0 @@ -[discrete] -[[esql-date_format]] -=== `DATE_FORMAT` -Returns a string representation of a date in the provided format. If no format -is specified, the `yyyy-MM-dd'T'HH:mm:ss.SSSZ` format is used. - -[source,esql] ----- -FROM employees -| KEEP first_name, last_name, hire_date -| EVAL hired = DATE_FORMAT("YYYY-MM-dd", hire_date) ----- diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/date_parse.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/date_parse.asciidoc deleted file mode 100644 index c74656ff1dbd7..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/date_parse.asciidoc +++ /dev/null @@ -1,37 +0,0 @@ -[discrete] -[[esql-date_parse]] -=== `DATE_PARSE` - -*Syntax* - -[source,txt] ----- -DATE_PARSE([format,] date_string) ----- - -*Parameters* - -`format`:: -The date format. Refer to the -https://docs.oracle.com/en/java/javase/14/docs/api/java.base/java/time/format/DateTimeFormatter.html[`DateTimeFormatter` -documentation] for the syntax. If `null`, the function returns `null`. - -`date_string`:: -Date expression as a string. If `null` or an empty string, the function returns -`null`. - -*Description* - -Returns a date by parsing the second argument using the format specified in the -first argument. - -*Example* - -[source.merge.styled,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=dateParse] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/docs.csv-spec[tag=dateParse-result] -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/date_time_functions.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/date_time_functions.asciidoc deleted file mode 100644 index 8ff7b1e974eeb..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/date_time_functions.asciidoc +++ /dev/null @@ -1,24 +0,0 @@ -[[esql-date-time-functions]] -==== {esql} date-time functions - -++++ -Date-time functions -++++ - -{esql} supports these date-time functions: - -// tag::date_list[] -* <> -* <> -* <> -* <> -* <> -* <> -// end::date_list[] - -include::auto_bucket.asciidoc[] -include::date_extract.asciidoc[] -include::date_format.asciidoc[] -include::date_parse.asciidoc[] -include::date_trunc.asciidoc[] -include::now.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/date_trunc.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/date_trunc.asciidoc deleted file mode 100644 index cacfefe73d0fd..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/date_trunc.asciidoc +++ /dev/null @@ -1,13 +0,0 @@ -[discrete] -[[esql-date_trunc]] -=== `DATE_TRUNC` -Rounds down a date to the closest interval. Intervals can be expressed using the -<>. - -[source,esql] ----- -FROM employees -| EVAL year_hired = DATE_TRUNC(1 year, hire_date) -| STATS count(emp_no) BY year_hired -| SORT year_hired ----- diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/e.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/e.asciidoc deleted file mode 100644 index 56bf97fd01740..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/e.asciidoc +++ /dev/null @@ -1,16 +0,0 @@ -[discrete] -[[esql-e]] -=== `E` -[.text-center] -image::esql/functions/signature/e.svg[Embedded,opts=inline] - -{wikipedia}/E_(mathematical_constant)[Euler's number]. - -[source.merge.styled,esql] ----- -include::{esql-specs}/math.csv-spec[tag=e] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/math.csv-spec[tag=e-result] -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/ends_with.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/ends_with.asciidoc deleted file mode 100644 index fd2d99931163a..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/ends_with.asciidoc +++ /dev/null @@ -1,21 +0,0 @@ -[discrete] -[[esql-ends_with]] -=== `ENDS_WITH` -[.text-center] -image::esql/functions/signature/ends_with.svg[Embedded,opts=inline] - -Returns a boolean that indicates whether a keyword string ends with another -string: - -[source.merge.styled,esql] ----- -include::{esql-specs}/string.csv-spec[tag=endsWith] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/string.csv-spec[tag=endsWith-result] -|=== - -Supported types: - -include::types/ends_with.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/floor.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/floor.asciidoc deleted file mode 100644 index 109033bb18827..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/floor.asciidoc +++ /dev/null @@ -1,24 +0,0 @@ -[discrete] -[[esql-floor]] -=== `FLOOR` -[.text-center] -image::esql/functions/signature/floor.svg[Embedded,opts=inline] - -Round a number down to the nearest integer. - -[source.merge.styled,esql] ----- -include::{esql-specs}/math.csv-spec[tag=floor] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/math.csv-spec[tag=floor-result] -|=== - -NOTE: This is a noop for `long` (including unsigned) and `integer`. - For `double` this picks the the closest `double` value to the integer ala - {javadoc}/java.base/java/lang/Math.html#floor(double)[Math.floor]. - -Supported types: - -include::types/floor.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/greatest.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/greatest.asciidoc deleted file mode 100644 index 24dd08de2819c..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/greatest.asciidoc +++ /dev/null @@ -1,25 +0,0 @@ -[discrete] -[[esql-greatest]] -=== `GREATEST` -[.text-center] -image::esql/functions/signature/greatest.svg[Embedded,opts=inline] - -Returns the maximum value from many columns. This is similar to <> -except it's intended to run on multiple columns at once. - -[source.merge.styled,esql] ----- -include::{esql-specs}/math.csv-spec[tag=greatest] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/math.csv-spec[tag=greatest-result] -|=== - -NOTE: When run on `keyword` or `text` fields, this'll return the last string - in alphabetical order. When run on `boolean` columns this will return - `true` if any values are `true`. - -Supported types: - -include::types/greatest.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/in.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/in.asciidoc deleted file mode 100644 index be5688250ecc7..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/in.asciidoc +++ /dev/null @@ -1,11 +0,0 @@ -[discrete] -[[esql-in-operator]] -=== `IN` - -The `IN` operator allows testing whether a field or expression equals -an element in a list of literals, fields or expressions: - -[source,esql] ----- -include::{esql-specs}/row.csv-spec[tag=in-with-expressions] ----- \ No newline at end of file diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/is_finite.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/is_finite.asciidoc deleted file mode 100644 index f7b7ad73a3952..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/is_finite.asciidoc +++ /dev/null @@ -1,10 +0,0 @@ -[discrete] -[[esql-is_finite]] -=== `IS_FINITE` -Returns a boolean that indicates whether its input is a finite number. - -[source,esql] ----- -ROW d = 1.0 -| EVAL s = IS_FINITE(d/0) ----- diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/is_infinite.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/is_infinite.asciidoc deleted file mode 100644 index 56158a786c020..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/is_infinite.asciidoc +++ /dev/null @@ -1,10 +0,0 @@ -[discrete] -[[esql-is_infinite]] -=== `IS_INFINITE` -Returns a boolean that indicates whether its input is infinite. - -[source,esql] ----- -ROW d = 1.0 -| EVAL s = IS_INFINITE(d/0) ----- diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/is_nan.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/is_nan.asciidoc deleted file mode 100644 index 25b50a9e96bba..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/is_nan.asciidoc +++ /dev/null @@ -1,10 +0,0 @@ -[discrete] -[[esql-is_nan]] -=== `IS_NAN` -Returns a boolean that indicates whether its input is not a number. - -[source,esql] ----- -ROW d = 1.0 -| EVAL s = IS_NAN(d) ----- diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/least.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/least.asciidoc deleted file mode 100644 index 62d7406199cd4..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/least.asciidoc +++ /dev/null @@ -1,25 +0,0 @@ -[discrete] -[[esql-least]] -=== `LEAST` -[.text-center] -image::esql/functions/signature/least.svg[Embedded,opts=inline] - -Returns the minimum value from many columns. This is similar to <> -except it's intended to run on multiple columns at once. - -[source.merge.styled,esql] ----- -include::{esql-specs}/math.csv-spec[tag=least] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/math.csv-spec[tag=least-result] -|=== - -NOTE: When run on `keyword` or `text` fields, this'll return the first string - in alphabetical order. When run on `boolean` columns this will return - `false` if any values are `false`. - -Supported types: - -include::types/least.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/left.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/left.asciidoc deleted file mode 100644 index 67e739377aa46..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/left.asciidoc +++ /dev/null @@ -1,20 +0,0 @@ -[discrete] -[[esql-left]] -=== `LEFT` -[.text-center] -image::esql/functions/signature/left.svg[Embedded,opts=inline] - -Return the substring that extracts 'length' chars from the 'string' starting from the left. - -[source.merge.styled,esql] ----- -include::{esql-specs}/string.csv-spec[tag=left] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/string.csv-spec[tag=left-result] -|=== - -Supported types: - -include::types/left.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/length.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/length.asciidoc deleted file mode 100644 index 12e1bed3d0a66..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/length.asciidoc +++ /dev/null @@ -1,11 +0,0 @@ -[discrete] -[[esql-length]] -=== `LENGTH` -Returns the character length of a string. - -[source,esql] ----- -FROM employees -| KEEP first_name, last_name, height -| EVAL fn_length = LENGTH(first_name) ----- diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/like.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/like.asciidoc deleted file mode 100644 index 9d06a3d051b93..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/like.asciidoc +++ /dev/null @@ -1,20 +0,0 @@ -[discrete] -[[esql-like-operator]] -=== `LIKE` - -Use `LIKE` to filter data based on string patterns using wildcards. `LIKE` -usually acts on a field placed on the left-hand side of the operator, but it can -also act on a constant (literal) expression. The right-hand side of the operator -represents the pattern. - -The following wildcard characters are supported: - -* `*` matches zero or more characters. -* `?` matches one character. - -[source,esql] ----- -FROM employees -| WHERE first_name LIKE "?b*" -| KEEP first_name, last_name ----- diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/log10.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/log10.asciidoc deleted file mode 100644 index 219519ca2a0d7..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/log10.asciidoc +++ /dev/null @@ -1,23 +0,0 @@ -[discrete] -[[esql-log10]] -=== `LOG10` -[.text-center] -image::esql/functions/signature/log10.svg[Embedded,opts=inline] - -Returns the log base 10. The input can be any numeric value, the return value -is always a double. - -Logs of negative numbers are NaN. Logs of infinites are infinite, as is the log of 0. - -[source.merge.styled,esql] ----- -include::{esql-specs}/math.csv-spec[tag=log10] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/math.csv-spec[tag=log10-result] -|=== - -Supported types: - -include::types/log10.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/logical.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/logical.asciidoc deleted file mode 100644 index 674ad67f99cde..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/logical.asciidoc +++ /dev/null @@ -1,9 +0,0 @@ -[discrete] -[[esql-logical-operators]] -=== Logical operators - -The following logical operators are supported: - -* `AND` -* `OR` -* `NOT` diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/ltrim.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/ltrim.asciidoc deleted file mode 100644 index 6e6d30a73b865..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/ltrim.asciidoc +++ /dev/null @@ -1,13 +0,0 @@ -[discrete] -[[esql-ltrim]] -=== `LTRIM` -Removes leading whitespaces from strings. - -[source.merge.styled,esql] ----- -include::{esql-specs}/string.csv-spec[tag=ltrim] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/string.csv-spec[tag=ltrim-result] -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/math_functions.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/math_functions.asciidoc deleted file mode 100644 index 21131ae9074d7..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/math_functions.asciidoc +++ /dev/null @@ -1,52 +0,0 @@ -[[esql-math-functions]] -==== {esql} mathematical functions - -++++ -Mathematical functions -++++ - -{esql} supports these mathematical functions: - -// tag::math_list[] -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -// end::math_list[] - -include::abs.asciidoc[] -include::acos.asciidoc[] -include::asin.asciidoc[] -include::atan.asciidoc[] -include::atan2.asciidoc[] -include::ceil.asciidoc[] -include::cos.asciidoc[] -include::cosh.asciidoc[] -include::e.asciidoc[] -include::floor.asciidoc[] -include::log10.asciidoc[] -include::pi.asciidoc[] -include::pow.asciidoc[] -include::round.asciidoc[] -include::sin.asciidoc[] -include::sinh.asciidoc[] -include::sqrt.asciidoc[] -include::tan.asciidoc[] -include::tanh.asciidoc[] -include::tau.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/max.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/max.asciidoc deleted file mode 100644 index 53997e501b37f..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/max.asciidoc +++ /dev/null @@ -1,13 +0,0 @@ -[discrete] -[[esql-agg-max]] -=== `MAX` -The maximum value of a numeric field. - -[source.merge.styled,esql] ----- -include::{esql-specs}/stats.csv-spec[tag=max] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/stats.csv-spec[tag=max-result] -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/median.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/median.asciidoc deleted file mode 100644 index 5a0d0c049602e..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/median.asciidoc +++ /dev/null @@ -1,22 +0,0 @@ -[discrete] -[[esql-agg-median]] -=== `MEDIAN` -The value that is greater than half of all values and less than half of -all values, also known as the 50% <>. - -[source.merge.styled,esql] ----- -include::{esql-specs}/stats_percentile.csv-spec[tag=median] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/stats_percentile.csv-spec[tag=median-result] -|=== - -NOTE: Like <>, `MEDIAN` is <>. - -[WARNING] -==== -`MEDIAN` is also {wikipedia}/Nondeterministic_algorithm[non-deterministic]. -This means you can get slightly different results using the same data. -==== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/median_absolute_deviation.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/median_absolute_deviation.asciidoc deleted file mode 100644 index fe0923da1fb88..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/median_absolute_deviation.asciidoc +++ /dev/null @@ -1,29 +0,0 @@ -[discrete] -[[esql-agg-median-absolute-deviation]] -=== `MEDIAN_ABSOLUTE_DEVIATION` -The median absolute deviation, a measure of variability. It is a robust -statistic, meaning that it is useful for describing data that may have outliers, -or may not be normally distributed. For such data it can be more descriptive than -standard deviation. - -It is calculated as the median of each data point’s deviation from the median of -the entire sample. That is, for a random variable `X`, the median absolute deviation -is `median(|median(X) - Xi|)`. - -[source.merge.styled,esql] ----- -include::{esql-specs}/stats_percentile.csv-spec[tag=median-absolute-deviation] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/stats_percentile.csv-spec[tag=median-absolute-deviation-result] -|=== - -NOTE: Like <>, `MEDIAN_ABSOLUTE_DEVIATION` is - <>. - -[WARNING] -==== -`MEDIAN_ABSOLUTE_DEVIATION` is also {wikipedia}/Nondeterministic_algorithm[non-deterministic]. -This means you can get slightly different results using the same data. -==== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/min.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/min.asciidoc deleted file mode 100644 index a143cca69c01a..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/min.asciidoc +++ /dev/null @@ -1,13 +0,0 @@ -[discrete] -[[esql-agg-min]] -=== `MIN` -The minimum value of a numeric field. - -[source.merge.styled,esql] ----- -include::{esql-specs}/stats.csv-spec[tag=min] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/stats.csv-spec[tag=min-result] -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/mv_avg.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/mv_avg.asciidoc deleted file mode 100644 index ad5f672205516..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/mv_avg.asciidoc +++ /dev/null @@ -1,17 +0,0 @@ -[discrete] -[[esql-mv_avg]] -=== `MV_AVG` -Converts a multivalued field into a single valued field containing the average -of all of the values. For example: - -[source.merge.styled,esql] ----- -include::{esql-specs}/math.csv-spec[tag=mv_avg] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/math.csv-spec[tag=mv_avg-result] -|=== - - -NOTE: The output type is always a `double` and the input type can be any number. diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/mv_concat.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/mv_concat.asciidoc deleted file mode 100644 index d4be458455131..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/mv_concat.asciidoc +++ /dev/null @@ -1,26 +0,0 @@ -[discrete] -[[esql-mv_concat]] -=== `MV_CONCAT` -Converts a multivalued string field into a single valued field containing the -concatenation of all values separated by a delimiter: - -[source.merge.styled,esql] ----- -include::{esql-specs}/string.csv-spec[tag=mv_concat] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/string.csv-spec[tag=mv_concat-result] -|=== - -If you want to concat non-string fields call <> on them first: - -[source.merge.styled,esql] ----- -include::{esql-specs}/string.csv-spec[tag=mv_concat-to_string] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/string.csv-spec[tag=mv_concat-to_string-result] -|=== - diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/mv_count.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/mv_count.asciidoc deleted file mode 100644 index 5bcda53ca5a9b..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/mv_count.asciidoc +++ /dev/null @@ -1,16 +0,0 @@ -[discrete] -[[esql-mv_count]] -=== `MV_COUNT` -Converts a multivalued field into a single valued field containing a count of the number -of values: - -[source.merge.styled,esql] ----- -include::{esql-specs}/string.csv-spec[tag=mv_count] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/string.csv-spec[tag=mv_count-result] -|=== - -NOTE: This function accepts all types and always returns an `integer`. diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/mv_dedupe.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/mv_dedupe.asciidoc deleted file mode 100644 index c6af3f2d1aa3f..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/mv_dedupe.asciidoc +++ /dev/null @@ -1,15 +0,0 @@ -[discrete] -[[esql-mv_dedupe]] -=== `MV_DEDUPE` -Removes duplicates from a multivalued field. For example: - -[source.merge.styled,esql] ----- -include::{esql-specs}/string.csv-spec[tag=mv_dedupe] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/string.csv-spec[tag=mv_dedupe-result] -|=== - -NOTE: `MV_DEDUPE` may, but won't always, sort the values in the field. diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/mv_functions.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/mv_functions.asciidoc deleted file mode 100644 index 83dbaaadc5c06..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/mv_functions.asciidoc +++ /dev/null @@ -1,28 +0,0 @@ -[[esql-mv-functions]] -==== {esql} multivalue functions - -++++ -Multivalue functions -++++ - -{esql} supports these multivalue functions: - -// tag::mv_list[] -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -// end::mv_list[] - -include::mv_avg.asciidoc[] -include::mv_concat.asciidoc[] -include::mv_count.asciidoc[] -include::mv_dedupe.asciidoc[] -include::mv_max.asciidoc[] -include::mv_median.asciidoc[] -include::mv_min.asciidoc[] -include::mv_sum.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/mv_max.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/mv_max.asciidoc deleted file mode 100644 index e8ef951f168f5..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/mv_max.asciidoc +++ /dev/null @@ -1,25 +0,0 @@ -[discrete] -[[esql-mv_max]] -=== `MV_MAX` -Converts a multivalued field into a single valued field containing the maximum value. For example: - -[source.merge.styled,esql] ----- -include::{esql-specs}/math.csv-spec[tag=mv_max] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/math.csv-spec[tag=mv_max-result] -|=== - -It can be used by any field type, including `keyword` fields. In that case picks the -last string, comparing their utf-8 representation byte by byte: - -[source.merge.styled,esql] ----- -include::{esql-specs}/string.csv-spec[tag=mv_max] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/string.csv-spec[tag=mv_max-result] -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/mv_median.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/mv_median.asciidoc deleted file mode 100644 index c84cf7a895da5..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/mv_median.asciidoc +++ /dev/null @@ -1,27 +0,0 @@ -[discrete] -[[esql-mv_median]] -=== `MV_MEDIAN` -Converts a multivalued field into a single valued field containing the median value. For example: - -[source.merge.styled,esql] ----- -include::{esql-specs}/math.csv-spec[tag=mv_median] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/math.csv-spec[tag=mv_median-result] -|=== - -It can be used by any numeric field type and returns a value of the same type. If the -row has an even number of values for a column the result will be the average of the -middle two entries. If the field is not floating point then the average rounds *down*: - -[source.merge.styled,esql] ----- -include::{esql-specs}/math.csv-spec[tag=mv_median_round_down] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/math.csv-spec[tag=mv_median_round_down-result] -|=== - diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/mv_min.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/mv_min.asciidoc deleted file mode 100644 index 235e5c3c2bb5e..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/mv_min.asciidoc +++ /dev/null @@ -1,25 +0,0 @@ -[discrete] -[[esql-mv_min]] -=== `MV_MIN` -Converts a multivalued field into a single valued field containing the minimum value. For example: - -[source.merge.styled,esql] ----- -include::{esql-specs}/math.csv-spec[tag=mv_min] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/math.csv-spec[tag=mv_min-result] -|=== - -It can be used by any field type, including `keyword` fields. In that case picks the -first string, comparing their utf-8 representation byte by byte: - -[source.merge.styled,esql] ----- -include::{esql-specs}/string.csv-spec[tag=mv_min] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/string.csv-spec[tag=mv_min-result] -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/mv_sum.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/mv_sum.asciidoc deleted file mode 100644 index 646af03305954..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/mv_sum.asciidoc +++ /dev/null @@ -1,16 +0,0 @@ -[discrete] -[[esql-mv_sum]] -=== `MV_SUM` -Converts a multivalued field into a single valued field containing the sum -of all of the values. For example: - -[source.merge.styled,esql] ----- -include::{esql-specs}/math.csv-spec[tag=mv_sum] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/math.csv-spec[tag=mv_sum-result] -|=== - -NOTE: The input type can be any number and the output type is the same as the input type. diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/now.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/now.asciidoc deleted file mode 100644 index 5d33449a1e906..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/now.asciidoc +++ /dev/null @@ -1,9 +0,0 @@ -[discrete] -[[esql-now]] -=== `NOW` -Returns current date and time. - -[source,esql] ----- -ROW current_date = NOW() ----- diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/operators.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/operators.asciidoc deleted file mode 100644 index c236413b5dd7e..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/operators.asciidoc +++ /dev/null @@ -1,36 +0,0 @@ -[[esql-operators]] -==== {esql} operators - -++++ -Operators -++++ - -Boolean operators for comparing against one or multiple expressions. - -// tag::op_list[] -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -// end::op_list[] - -include::binary.asciidoc[] -include::logical.asciidoc[] -include::predicates.asciidoc[] -include::cidr_match.asciidoc[] -include::ends_with.asciidoc[] -include::in.asciidoc[] -include::is_finite.asciidoc[] -include::is_infinite.asciidoc[] -include::is_nan.asciidoc[] -include::like.asciidoc[] -include::rlike.asciidoc[] -include::starts_with.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/percentile.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/percentile.asciidoc deleted file mode 100644 index 917a4a81e7b4f..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/percentile.asciidoc +++ /dev/null @@ -1,30 +0,0 @@ -[discrete] -[[esql-agg-percentile]] -=== `PERCENTILE` -The value at which a certain percentage of observed values occur. For example, -the 95th percentile is the value which is greater than 95% of the observed values and -the 50th percentile is the <>. - -[source.merge.styled,esql] ----- -include::{esql-specs}/stats_percentile.csv-spec[tag=percentile] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/stats_percentile.csv-spec[tag=percentile-result] -|=== - -[discrete] -[[esql-agg-percentile-approximate]] -==== `PERCENTILE` is (usually) approximate - -include::../../aggregations/metrics/percentile-aggregation.asciidoc[tag=approximate] - -[WARNING] -==== -`PERCENTILE` is also {wikipedia}/Nondeterministic_algorithm[non-deterministic]. -This means you can get slightly different results using the same data. -==== - - - diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/pi.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/pi.asciidoc deleted file mode 100644 index cd630aaabadcd..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/pi.asciidoc +++ /dev/null @@ -1,16 +0,0 @@ -[discrete] -[[esql-pi]] -=== `PI` -[.text-center] -image::esql/functions/signature/pi.svg[Embedded,opts=inline] - -The {wikipedia}/Pi[ratio] of a circle's circumference to its diameter. - -[source.merge.styled,esql] ----- -include::{esql-specs}/math.csv-spec[tag=pi] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/math.csv-spec[tag=pi-result] -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/pow.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/pow.asciidoc deleted file mode 100644 index 9f7805bfd3eae..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/pow.asciidoc +++ /dev/null @@ -1,96 +0,0 @@ -[discrete] -[[esql-pow]] -=== `POW` -[.text-center] -image::esql/functions/signature/pow.svg[Embedded,opts=inline] - -Returns the value of a base (first argument) raised to the power of an exponent (second argument). -Both arguments must be numeric. - -[source.merge.styled,esql] ----- -include::{esql-specs}/math.csv-spec[tag=powDI] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/math.csv-spec[tag=powDI-result] -|=== - -[discrete] -==== Type rules - -The type of the returned value is determined by the types of the base and exponent. -The following rules are applied to determine the result type: - -* If either of the base or exponent are of a floating point type, the result will be a double -* Otherwise, if either the base or the exponent are 64-bit (long or unsigned long), the result will be a long -* Otherwise, the result will be a 32-bit integer (this covers all other numeric types, including int, short and byte) - -For example, using simple integers as arguments will lead to an integer result: - -[source.merge.styled,esql] ----- -include::{esql-specs}/math.csv-spec[tag=powII] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/math.csv-spec[tag=powII-result] -|=== - -NOTE: The actual power function is performed using double precision values for all cases. -This means that for very large non-floating point values there is a small chance that the -operation can lead to slightly different answers than expected. -However, a more likely outcome of very large non-floating point values is numerical overflow. - -[discrete] -==== Arithmetic errors - -Arithmetic errors and numeric overflow do not result in an error. Instead, the result will be `null` -and a warning for the `ArithmeticException` added. -For example: - -[source.merge.styled,esql] ----- -include::{esql-specs}/math.csv-spec[tag=powULOverrun] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/math.csv-spec[tag=powULOverrun-warning] -|=== -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/math.csv-spec[tag=powULOverrun-result] -|=== - -If it is desired to protect against numerical overruns, use `TO_DOUBLE` on either of the arguments: - -[source.merge.styled,esql] ----- -include::{esql-specs}/math.csv-spec[tag=pow2d] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/math.csv-spec[tag=pow2d-result] -|=== - -[discrete] -==== Fractional exponents - -The exponent can be a fraction, which is similar to performing a root. -For example, the exponent of `0.5` will give the square root of the base: - -[source.merge.styled,esql] ----- -include::{esql-specs}/math.csv-spec[tag=powID-sqrt] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/math.csv-spec[tag=powID-sqrt-result] -|=== - -[discrete] -==== Table of supported input and output types - -For clarity, the following table describes the output result type for all combinations of numeric input types: - -include::types/pow.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/predicates.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/predicates.asciidoc deleted file mode 100644 index 9a3ea89e9aa73..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/predicates.asciidoc +++ /dev/null @@ -1,23 +0,0 @@ -[discrete] -[[esql-predicates]] -=== `IS NULL` and `IS NOT NULL` predicates - -For NULL comparison, use the `IS NULL` and `IS NOT NULL` predicates: - -[source.merge.styled,esql] ----- -include::{esql-specs}/null.csv-spec[tag=is-null] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/null.csv-spec[tag=is-null-result] -|=== - -[source.merge.styled,esql] ----- -include::{esql-specs}/null.csv-spec[tag=is-not-null] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/null.csv-spec[tag=is-not-null-result] -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/replace.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/replace.asciidoc deleted file mode 100644 index 9bc0f85fdddce..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/replace.asciidoc +++ /dev/null @@ -1,17 +0,0 @@ -[discrete] -[[esql-replace]] -=== `REPLACE` -The function substitutes in the string (1st argument) any match of the regular expression (2nd argument) with the replacement string (3rd argument). - -If any of the arguments are `NULL`, the result is `NULL`. - -. This example replaces an occurrence of the word "World" with the word "Universe": - -[source.merge.styled,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=replaceString] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/docs.csv-spec[tag=replaceString-result] -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/right.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/right.asciidoc deleted file mode 100644 index a0f18192d410d..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/right.asciidoc +++ /dev/null @@ -1,20 +0,0 @@ -[discrete] -[[esql-right]] -=== `RIGHT` -[.text-center] -image::esql/functions/signature/right.svg[Embedded,opts=inline] - -Return the substring that extracts 'length' chars from the 'string' starting from the right. - -[source.merge.styled,esql] ----- -include::{esql-specs}/string.csv-spec[tag=right] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/string.csv-spec[tag=right-result] -|=== - -Supported types: - -include::types/right.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/rlike.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/rlike.asciidoc deleted file mode 100644 index 0fd8d8ab319da..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/rlike.asciidoc +++ /dev/null @@ -1,15 +0,0 @@ -[discete] -[[esql-rlike-operator]] -==== `RLIKE` - -Use `RLIKE` to filter data based on string patterns using using -<>. `RLIKE` usually acts on a field placed on -the left-hand side of the operator, but it can also act on a constant (literal) -expression. The right-hand side of the operator represents the pattern. - -[source,esql] ----- -FROM employees -| WHERE first_name RLIKE ".leja.*" -| KEEP first_name, last_name ----- \ No newline at end of file diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/round.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/round.asciidoc deleted file mode 100644 index 4ec71cf682d0f..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/round.asciidoc +++ /dev/null @@ -1,15 +0,0 @@ -[discrete] -[[esql-round]] -=== `ROUND` -Rounds a number to the closest number with the specified number of digits. -Defaults to 0 digits if no number of digits is provided. If the specified number -of digits is negative, rounds to the number of digits left of the decimal point. - -[source.merge.styled,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=round] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/docs.csv-spec[tag=round-result] -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/rtrim.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/rtrim.asciidoc deleted file mode 100644 index 3224331e9ed6a..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/rtrim.asciidoc +++ /dev/null @@ -1,13 +0,0 @@ -[discrete] -[[esql-rtrim]] -=== `RTRIM` -Removes trailing whitespaces from strings. - -[source.merge.styled,esql] ----- -include::{esql-specs}/string.csv-spec[tag=rtrim] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/string.csv-spec[tag=rtrim-result] -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/sin.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/sin.asciidoc deleted file mode 100644 index 5fa33a315392d..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/sin.asciidoc +++ /dev/null @@ -1,20 +0,0 @@ -[discrete] -[[esql-sin]] -=== `SIN` -[.text-center] -image::esql/functions/signature/sin.svg[Embedded,opts=inline] - -https://en.wikipedia.org/wiki/Sine_and_cosine[Sine] trigonometric function. - -[source.merge.styled,esql] ----- -include::{esql-specs}/floats.csv-spec[tag=sin] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/floats.csv-spec[tag=sin-result] -|=== - -Supported types: - -include::types/sin.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/sinh.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/sinh.asciidoc deleted file mode 100644 index 11d1ea29bffef..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/sinh.asciidoc +++ /dev/null @@ -1,20 +0,0 @@ -[discrete] -[[esql-sinh]] -=== `SINH` -[.text-center] -image::esql/functions/signature/sinh.svg[Embedded,opts=inline] - -https://en.wikipedia.org/wiki/Hyperbolic_functions[Sine] hyperbolic function. - -[source.merge.styled,esql] ----- -include::{esql-specs}/floats.csv-spec[tag=sinh] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/floats.csv-spec[tag=sinh-result] -|=== - -Supported types: - -include::types/sinh.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/split.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/split.asciidoc deleted file mode 100644 index a6f8869bf89ca..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/split.asciidoc +++ /dev/null @@ -1,18 +0,0 @@ -[discrete] -[[esql-split]] -=== `SPLIT` -Split a single valued string into multiple strings. For example: - -[source,esql] ----- -include::{esql-specs}/string.csv-spec[tag=split] ----- - -Which splits `"foo;bar;baz;qux;quux;corge"` on `;` and returns an array: - -[%header,format=dsv,separator=|] -|=== -include::{esql-specs}/string.csv-spec[tag=split-result] -|=== - -WARNING: Only single byte delimiters are currently supported. diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/sqrt.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/sqrt.asciidoc deleted file mode 100644 index 02f7060089971..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/sqrt.asciidoc +++ /dev/null @@ -1,23 +0,0 @@ -[discrete] -[[esql-sqrt]] -=== `SQRT` -[.text-center] -image::esql/functions/signature/sqrt.svg[Embedded,opts=inline] - -Returns the square root of a number. The input can be any numeric value, the return value -is always a double. - -Square roots of negative numbers are NaN. Square roots of infinites are infinite. - -[source.merge.styled,esql] ----- -include::{esql-specs}/math.csv-spec[tag=sqrt] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/math.csv-spec[tag=sqrt-result] -|=== - -Supported types: - -include::types/sqrt.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/starts_with.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/starts_with.asciidoc deleted file mode 100644 index 38cee79ea63f8..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/starts_with.asciidoc +++ /dev/null @@ -1,21 +0,0 @@ -[discrete] -[[esql-starts_with]] -=== `STARTS_WITH` -[.text-center] -image::esql/functions/signature/ends_with.svg[Embedded,opts=inline] - -Returns a boolean that indicates whether a keyword string starts with another -string: - -[source.merge.styled,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=startsWith] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/docs.csv-spec[tag=startsWith-result] -|=== - -Supported types: - -include::types/starts_with.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/string_functions.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/string_functions.asciidoc deleted file mode 100644 index b209244b93297..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/string_functions.asciidoc +++ /dev/null @@ -1,32 +0,0 @@ -[[esql-string-functions]] -==== {esql} string functions - -++++ -String functions -++++ - -{esql} supports these string functions: - -// tag::string_list[] -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -// end::string_list[] - -include::concat.asciidoc[] -include::left.asciidoc[] -include::length.asciidoc[] -include::ltrim.asciidoc[] -include::replace.asciidoc[] -include::right.asciidoc[] -include::rtrim.asciidoc[] -include::split.asciidoc[] -include::substring.asciidoc[] -include::trim.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/substring.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/substring.asciidoc deleted file mode 100644 index 8b8234de05bba..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/substring.asciidoc +++ /dev/null @@ -1,38 +0,0 @@ -[discrete] -[[esql-substring]] -=== `SUBSTRING` -Returns a substring of a string, specified by a start position and an optional -length. This example returns the first three characters of every last name: - -[source.merge.styled,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=substring] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/docs.csv-spec[tag=substring-result] -|=== - -A negative start position is interpreted as being relative to the end of the -string. This example returns the last three characters of of every last name: - -[source.merge.styled,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=substringEnd] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/docs.csv-spec[tag=substringEnd-result] -|=== - -If length is omitted, substring returns the remainder of the string. This -example returns all characters except for the first: - -[source.merge.styled,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=substringRemainder] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/docs.csv-spec[tag=substringRemainder-result] -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/sum.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/sum.asciidoc deleted file mode 100644 index abf790040114d..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/sum.asciidoc +++ /dev/null @@ -1,13 +0,0 @@ -[discrete] -[[esql-agg-sum]] -=== `SUM` -The sum of a numeric field. - -[source.merge.styled,esql] ----- -include::{esql-specs}/stats.csv-spec[tag=sum] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/stats.csv-spec[tag=sum-result] -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/tan.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/tan.asciidoc deleted file mode 100644 index 1c66562eada7a..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/tan.asciidoc +++ /dev/null @@ -1,20 +0,0 @@ -[discrete] -[[esql-tan]] -=== `TAN` -[.text-center] -image::esql/functions/signature/tan.svg[Embedded,opts=inline] - -https://en.wikipedia.org/wiki/Sine_and_cosine[Tangent] trigonometric function. - -[source.merge.styled,esql] ----- -include::{esql-specs}/floats.csv-spec[tag=tan] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/floats.csv-spec[tag=tan-result] -|=== - -Supported types: - -include::types/tan.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/tanh.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/tanh.asciidoc deleted file mode 100644 index 218a0155d861c..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/tanh.asciidoc +++ /dev/null @@ -1,20 +0,0 @@ -[discrete] -[[esql-tanh]] -=== `TANH` -[.text-center] -image::esql/functions/signature/tanh.svg[Embedded,opts=inline] - -https://en.wikipedia.org/wiki/Hyperbolic_functions[Tangent] hyperbolic function. - -[source.merge.styled,esql] ----- -include::{esql-specs}/floats.csv-spec[tag=tanh] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/floats.csv-spec[tag=tanh-result] -|=== - -Supported types: - -include::types/tanh.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/tau.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/tau.asciidoc deleted file mode 100644 index 61f352b0db8de..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/tau.asciidoc +++ /dev/null @@ -1,16 +0,0 @@ -[discrete] -[[esql-tau]] -=== `TAU` -[.text-center] -image::esql/functions/signature/tau.svg[Embedded,opts=inline] - -The https://tauday.com/tau-manifesto[ratio] of a circle's circumference to its radius. - -[source.merge.styled,esql] ----- -include::{esql-specs}/math.csv-spec[tag=tau] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/math.csv-spec[tag=tau-result] -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_boolean.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_boolean.asciidoc deleted file mode 100644 index 03f21a503218c..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_boolean.asciidoc +++ /dev/null @@ -1,25 +0,0 @@ -[discrete] -[[esql-to_boolean]] -=== `TO_BOOLEAN` -Converts an input value to a boolean value. - -The input can be a single- or multi-valued field or an expression. The input -type must be of a string or numeric type. - -A string value of *"true"* will be case-insensitive converted to the Boolean -*true*. For anything else, including the empty string, the function will -return *false*. For example: - -[source.merge.styled,esql] ----- -include::{esql-specs}/boolean.csv-spec[tag=to_boolean] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/boolean.csv-spec[tag=to_boolean-result] -|=== - -The numerical value of *0* will be converted to *false*, anything else will be -converted to *true*. - -Alias: TO_BOOL diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_datetime.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_datetime.asciidoc deleted file mode 100644 index 750c8025cb6c2..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_datetime.asciidoc +++ /dev/null @@ -1,47 +0,0 @@ -[discrete] -[[esql-to_datetime]] -=== `TO_DATETIME` -Converts an input value to a date value. - -The input can be a single- or multi-valued field or an expression. The input -type must be of a string or numeric type. - -A string will only be successfully converted if it's respecting the format -`yyyy-MM-dd'T'HH:mm:ss.SSS'Z'` (to convert dates in other formats, use <>). For example: - -[source.merge.styled,esql] ----- -include::{esql-specs}/date.csv-spec[tag=to_datetime-str] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/date.csv-spec[tag=to_datetime-str-result] -|=== - -Note that in this example, the last value in the source multi-valued -field has not been converted. The reason being that if the date format is not -respected, the conversion will result in a *null* value. When this happens a -_Warning_ header is added to the response. The header will provide information -on the source of the failure: - -`"Line 1:112: evaluation of [TO_DATETIME(string)] failed, treating result as null. Only first 20 failures recorded."` - -A following header will contain the failure reason and the offending value: - -`"java.lang.IllegalArgumentException: failed to parse date field [1964-06-02 00:00:00] with format [yyyy-MM-dd'T'HH:mm:ss.SSS'Z']"` - - -If the input parameter is of a numeric type, its value will be interpreted as -milliseconds since the https://en.wikipedia.org/wiki/Unix_time[Unix epoch]. -For example: - -[source.merge.styled,esql] ----- -include::{esql-specs}/date.csv-spec[tag=to_datetime-int] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/date.csv-spec[tag=to_datetime-int-result] -|=== - -Alias: TO_DT diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_degrees.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_degrees.asciidoc deleted file mode 100644 index 71b480253fe35..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_degrees.asciidoc +++ /dev/null @@ -1,19 +0,0 @@ -[discrete] -[[esql-to_degrees]] -=== `TO_DEGREES` -Converts a number in https://en.wikipedia.org/wiki/Radian[radians] -to https://en.wikipedia.org/wiki/Degree_(angle)[degrees]. - -The input can be a single- or multi-valued field or an expression. The input -type must be of a numeric type and result is always `double`. - -Example: - -[source.merge.styled,esql] ----- -include::{esql-specs}/floats.csv-spec[tag=to_degrees] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/floats.csv-spec[tag=to_degrees-result] -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_double.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_double.asciidoc deleted file mode 100644 index 27ad84e4c7762..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_double.asciidoc +++ /dev/null @@ -1,38 +0,0 @@ -[discrete] -[[esql-to_double]] -=== `TO_DOUBLE` -Converts an input value to a double value. - -The input can be a single- or multi-valued field or an expression. The input -type must be of a boolean, date, string or numeric type. - -Example: - -[source.merge.styled,esql] ----- -include::{esql-specs}/floats.csv-spec[tag=to_double-str] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/floats.csv-spec[tag=to_double-str-result] -|=== - -Note that in this example, the last conversion of the string isn't -possible. When this happens, the result is a *null* value. In this case a -_Warning_ header is added to the response. The header will provide information -on the source of the failure: - -`"Line 1:115: evaluation of [TO_DOUBLE(str2)] failed, treating result as null. Only first 20 failures recorded."` - -A following header will contain the failure reason and the offending value: - -`"java.lang.NumberFormatException: For input string: \"foo\""` - - -If the input parameter is of a date type, its value will be interpreted as -milliseconds since the https://en.wikipedia.org/wiki/Unix_time[Unix epoch], -converted to double. - -Boolean *true* will be converted to double *1.0*, *false* to *0.0*. - -Alias: TO_DBL diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_integer.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_integer.asciidoc deleted file mode 100644 index e185b87d6d95d..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_integer.asciidoc +++ /dev/null @@ -1,38 +0,0 @@ -[discrete] -[[esql-to_integer]] -=== `TO_INTEGER` -Converts an input value to an integer value. - -The input can be a single- or multi-valued field or an expression. The input -type must be of a boolean, date, string or numeric type. - -Example: - -[source.merge.styled,esql] ----- -include::{esql-specs}/ints.csv-spec[tag=to_int-long] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/ints.csv-spec[tag=to_int-long-result] -|=== - -Note that in this example, the last value of the multi-valued field cannot -be converted as an integer. When this happens, the result is a *null* value. -In this case a _Warning_ header is added to the response. The header will -provide information on the source of the failure: - -`"Line 1:61: evaluation of [TO_INTEGER(long)] failed, treating result as null. Only first 20 failures recorded."` - -A following header will contain the failure reason and the offending value: - -`"org.elasticsearch.xpack.ql.QlIllegalArgumentException: [501379200000] out of [integer] range"` - - -If the input parameter is of a date type, its value will be interpreted as -milliseconds since the https://en.wikipedia.org/wiki/Unix_time[Unix epoch], -converted to integer. - -Boolean *true* will be converted to integer *1*, *false* to *0*. - -Alias: TO_INT diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_ip.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_ip.asciidoc deleted file mode 100644 index dea147eba1a41..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_ip.asciidoc +++ /dev/null @@ -1,28 +0,0 @@ -[discrete] -[[esql-to_ip]] -=== `TO_IP` -Converts an input string to an IP value. - -The input can be a single- or multi-valued field or an expression. - -Example: - -[source.merge.styled,esql] ----- -include::{esql-specs}/ip.csv-spec[tag=to_ip] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/ip.csv-spec[tag=to_ip-result] -|=== - -Note that in the example above the last conversion of the string isn't -possible. When this happens, the result is a *null* value. In this case a -_Warning_ header is added to the response. The header will provide information -on the source of the failure: - -`"Line 1:68: evaluation of [TO_IP(str2)] failed, treating result as null. Only first 20 failures recorded."` - -A following header will contain the failure reason and the offending value: - -`"java.lang.IllegalArgumentException: 'foo' is not an IP string literal."` diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_long.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_long.asciidoc deleted file mode 100644 index 9501c28a31657..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_long.asciidoc +++ /dev/null @@ -1,36 +0,0 @@ -[discrete] -[[esql-to_long]] -=== `TO_LONG` -Converts an input value to a long value. - -The input can be a single- or multi-valued field or an expression. The input -type must be of a boolean, date, string or numeric type. - -Example: - -[source.merge.styled,esql] ----- -include::{esql-specs}/ints.csv-spec[tag=to_long-str] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/ints.csv-spec[tag=to_long-str-result] -|=== - -Note that in this example, the last conversion of the string isn't -possible. When this happens, the result is a *null* value. In this case a -_Warning_ header is added to the response. The header will provide information -on the source of the failure: - -`"Line 1:113: evaluation of [TO_LONG(str3)] failed, treating result as null. Only first 20 failures recorded."` - -A following header will contain the failure reason and the offending value: - -`"java.lang.NumberFormatException: For input string: \"foo\""` - - -If the input parameter is of a date type, its value will be interpreted as -milliseconds since the https://en.wikipedia.org/wiki/Unix_time[Unix epoch], -converted to long. - -Boolean *true* will be converted to long *1*, *false* to *0*. diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_radians.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_radians.asciidoc deleted file mode 100644 index 1f86f1fb983cc..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_radians.asciidoc +++ /dev/null @@ -1,19 +0,0 @@ -[discrete] -[[esql-to_radians]] -=== `TO_RADIANS` -Converts a number in https://en.wikipedia.org/wiki/Degree_(angle)[degrees] to -https://en.wikipedia.org/wiki/Radian[radians]. - -The input can be a single- or multi-valued field or an expression. The input -type must be of a numeric type and result is always `double`. - -Example: - -[source.merge.styled,esql] ----- -include::{esql-specs}/floats.csv-spec[tag=to_radians] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/floats.csv-spec[tag=to_radians-result] -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_string.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_string.asciidoc deleted file mode 100644 index d03b6511b8de5..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_string.asciidoc +++ /dev/null @@ -1,33 +0,0 @@ -[discrete] -[[esql-to_string]] -=== `TO_STRING` -[.text-center] -image::esql/functions/signature/to_string.svg[Embedded,opts=inline] - -Converts a field into a string. For example: - -[source.merge.styled,esql] ----- -include::{esql-specs}/string.csv-spec[tag=to_string] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/string.csv-spec[tag=to_string-result] -|=== - -It also works fine on multivalued fields: - -[source.merge.styled,esql] ----- -include::{esql-specs}/string.csv-spec[tag=to_string_multivalue] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/string.csv-spec[tag=to_string_multivalue-result] -|=== - -Alias: TO_STR - -Supported types: - -include::types/to_string.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_unsigned_long.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_unsigned_long.asciidoc deleted file mode 100644 index af3ff05bf055c..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_unsigned_long.asciidoc +++ /dev/null @@ -1,38 +0,0 @@ -[discrete] -[[esql-to_unsigned_long]] -=== `TO_UNSIGNED_LONG` -Converts an input value to an unsigned long value. - -The input can be a single- or multi-valued field or an expression. The input -type must be of a boolean, date, string or numeric type. - -Example: - -[source.merge.styled,esql] ----- -include::{esql-specs}/ints.csv-spec[tag=to_unsigned_long-str] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/ints.csv-spec[tag=to_unsigned_long-str-result] -|=== - -Note that in this example, the last conversion of the string isn't -possible. When this happens, the result is a *null* value. In this case a -_Warning_ header is added to the response. The header will provide information -on the source of the failure: - -`"Line 1:133: evaluation of [TO_UL(str3)] failed, treating result as null. Only first 20 failures recorded."` - -A following header will contain the failure reason and the offending value: - -`"java.lang.NumberFormatException: Character f is neither a decimal digit number, decimal point, nor \"e\" notation exponential mark."` - - -If the input parameter is of a date type, its value will be interpreted as -milliseconds since the https://en.wikipedia.org/wiki/Unix_time[Unix epoch], -converted to unsigned long. - -Boolean *true* will be converted to unsigned long *1*, *false* to *0*. - -Alias: TO_ULONG, TO_UL diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_version.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_version.asciidoc deleted file mode 100644 index 33419233c4788..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/to_version.asciidoc +++ /dev/null @@ -1,24 +0,0 @@ -[discrete] -[[esql-to_version]] -=== `TO_VERSION` -[.text-center] -image::esql/functions/signature/to_version.svg[Embedded,opts=inline] - -Converts an input string to a version value. For example: - -[source.merge.styled,esql] ----- -include::{esql-specs}/version.csv-spec[tag=to_version] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/version.csv-spec[tag=to_version-result] -|=== - -The input can be a single- or multi-valued field or an expression. - -Alias: TO_VER - -Supported types: - -include::types/to_version.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/trim.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/trim.asciidoc deleted file mode 100644 index 6ace6118dd757..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/trim.asciidoc +++ /dev/null @@ -1,20 +0,0 @@ -[discrete] -[[esql-trim]] -=== `TRIM` -[.text-center] -image::esql/functions/signature/trim.svg[Embedded,opts=inline] - -Removes leading and trailing whitespaces from strings. - -[source.merge.styled,esql] ----- -include::{esql-specs}/string.csv-spec[tag=trim] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/string.csv-spec[tag=trim-result] -|=== - -Supported types: - -include::types/trim.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/type_conversion_functions.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/type_conversion_functions.asciidoc deleted file mode 100644 index 640006c936526..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/type_conversion_functions.asciidoc +++ /dev/null @@ -1,34 +0,0 @@ -[[esql-type-conversion-functions]] -==== {esql} type conversion functions - -++++ -Type conversion functions -++++ - -{esql} supports these type conversion functions: - -// tag::type_list[] -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -// end::type_list[] - -include::to_boolean.asciidoc[] -include::to_datetime.asciidoc[] -include::to_degrees.asciidoc[] -include::to_double.asciidoc[] -include::to_integer.asciidoc[] -include::to_ip.asciidoc[] -include::to_long.asciidoc[] -include::to_radians.asciidoc[] -include::to_string.asciidoc[] -include::to_unsigned_long.asciidoc[] -include::to_version.asciidoc[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/abs.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/abs.asciidoc deleted file mode 100644 index 54341360fed3f..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/abs.asciidoc +++ /dev/null @@ -1,8 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -n | result -double | double -integer | integer -long | long -unsigned_long | unsigned_long -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/acos.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/acos.asciidoc deleted file mode 100644 index 1df8dd6526f18..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/acos.asciidoc +++ /dev/null @@ -1,8 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -n | result -double | double -integer | double -long | double -unsigned_long | double -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/asin.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/asin.asciidoc deleted file mode 100644 index 1df8dd6526f18..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/asin.asciidoc +++ /dev/null @@ -1,8 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -n | result -double | double -integer | double -long | double -unsigned_long | double -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/atan.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/atan.asciidoc deleted file mode 100644 index 1df8dd6526f18..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/atan.asciidoc +++ /dev/null @@ -1,8 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -n | result -double | double -integer | double -long | double -unsigned_long | double -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/atan2.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/atan2.asciidoc deleted file mode 100644 index 74fffe9056a16..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/atan2.asciidoc +++ /dev/null @@ -1,20 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -y | x | result -double | double | double -double | integer | double -double | long | double -double | unsigned_long | double -integer | double | double -integer | integer | double -integer | long | double -integer | unsigned_long | double -long | double | double -long | integer | double -long | long | double -long | unsigned_long | double -unsigned_long | double | double -unsigned_long | integer | double -unsigned_long | long | double -unsigned_long | unsigned_long | double -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/auto_bucket.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/auto_bucket.asciidoc deleted file mode 100644 index d2f134b99fbb0..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/auto_bucket.asciidoc +++ /dev/null @@ -1,5 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -arg1 | arg2 | arg3 | arg4 | result - -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/case.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/case.asciidoc deleted file mode 100644 index 7062d7000115a..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/case.asciidoc +++ /dev/null @@ -1,5 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -arg1 | arg2 | result - -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/ceil.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/ceil.asciidoc deleted file mode 100644 index 54341360fed3f..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/ceil.asciidoc +++ /dev/null @@ -1,8 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -n | result -double | double -integer | integer -long | long -unsigned_long | unsigned_long -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/coalesce.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/coalesce.asciidoc deleted file mode 100644 index e36316ab87bb5..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/coalesce.asciidoc +++ /dev/null @@ -1,9 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -arg1 | arg2 | result -boolean | boolean | boolean -integer | integer | integer -keyword | keyword | keyword -long | long | long -text | text | text -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/concat.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/concat.asciidoc deleted file mode 100644 index f422b45f0b34c..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/concat.asciidoc +++ /dev/null @@ -1,6 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -arg1 | arg2 | result -keyword | keyword | keyword -text | text | keyword -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/cos.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/cos.asciidoc deleted file mode 100644 index 1df8dd6526f18..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/cos.asciidoc +++ /dev/null @@ -1,8 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -n | result -double | double -integer | double -long | double -unsigned_long | double -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/cosh.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/cosh.asciidoc deleted file mode 100644 index 1df8dd6526f18..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/cosh.asciidoc +++ /dev/null @@ -1,8 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -n | result -double | double -integer | double -long | double -unsigned_long | double -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/date_extract.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/date_extract.asciidoc deleted file mode 100644 index 9963c85b2af85..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/date_extract.asciidoc +++ /dev/null @@ -1,5 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -arg1 | arg2 | result -keyword | datetime | long -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/date_parse.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/date_parse.asciidoc deleted file mode 100644 index f4922b9bf9c61..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/date_parse.asciidoc +++ /dev/null @@ -1,6 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -datePattern | dateString | result -keyword | keyword | datetime -keyword | text | datetime -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/e.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/e.asciidoc deleted file mode 100644 index 5854465d5fb49..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/e.asciidoc +++ /dev/null @@ -1,5 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -result - -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/ends_with.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/ends_with.asciidoc deleted file mode 100644 index 6c406b80c0cad..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/ends_with.asciidoc +++ /dev/null @@ -1,5 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -arg1 | arg2 | result -keyword | keyword | boolean -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/floor.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/floor.asciidoc deleted file mode 100644 index 54341360fed3f..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/floor.asciidoc +++ /dev/null @@ -1,8 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -n | result -double | double -integer | integer -long | long -unsigned_long | unsigned_long -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/greatest.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/greatest.asciidoc deleted file mode 100644 index 0e4ebb2d45a31..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/greatest.asciidoc +++ /dev/null @@ -1,12 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -first | rest | result -boolean | boolean | boolean -double | double | double -integer | integer | integer -ip | ip | ip -keyword | keyword | keyword -long | long | long -text | text | text -version | version | version -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/is_finite.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/is_finite.asciidoc deleted file mode 100644 index 0c555059004c1..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/is_finite.asciidoc +++ /dev/null @@ -1,5 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -arg1 | result -double | boolean -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/is_infinite.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/is_infinite.asciidoc deleted file mode 100644 index 0c555059004c1..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/is_infinite.asciidoc +++ /dev/null @@ -1,5 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -arg1 | result -double | boolean -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/least.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/least.asciidoc deleted file mode 100644 index 0e4ebb2d45a31..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/least.asciidoc +++ /dev/null @@ -1,12 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -first | rest | result -boolean | boolean | boolean -double | double | double -integer | integer | integer -ip | ip | ip -keyword | keyword | keyword -long | long | long -text | text | text -version | version | version -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/left.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/left.asciidoc deleted file mode 100644 index c30a055f3be49..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/left.asciidoc +++ /dev/null @@ -1,5 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -string | length | result -keyword | integer | keyword -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/length.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/length.asciidoc deleted file mode 100644 index 9af62defcb2a9..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/length.asciidoc +++ /dev/null @@ -1,5 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -arg1 | result -keyword | integer -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/log10.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/log10.asciidoc deleted file mode 100644 index 1df8dd6526f18..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/log10.asciidoc +++ /dev/null @@ -1,8 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -n | result -double | double -integer | double -long | double -unsigned_long | double -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/ltrim.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/ltrim.asciidoc deleted file mode 100644 index 11c02c8f0c3bb..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/ltrim.asciidoc +++ /dev/null @@ -1,6 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -arg1 | result -keyword | keyword -text | text -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/mv_avg.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/mv_avg.asciidoc deleted file mode 100644 index dd4f6b0725cc8..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/mv_avg.asciidoc +++ /dev/null @@ -1,8 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -arg1 | result -double | double -integer | double -long | double -unsigned_long | double -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/mv_concat.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/mv_concat.asciidoc deleted file mode 100644 index 2836799f335e8..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/mv_concat.asciidoc +++ /dev/null @@ -1,8 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -arg1 | arg2 | result -keyword | keyword | keyword -keyword | text | keyword -text | keyword | keyword -text | text | keyword -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/mv_count.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/mv_count.asciidoc deleted file mode 100644 index 2fcdfc65fa63b..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/mv_count.asciidoc +++ /dev/null @@ -1,10 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -arg1 | result -boolean | integer -double | integer -integer | integer -keyword | integer -long | integer -unsigned_long | integer -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/mv_dedupe.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/mv_dedupe.asciidoc deleted file mode 100644 index 4e12c68422662..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/mv_dedupe.asciidoc +++ /dev/null @@ -1,9 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -arg1 | result -boolean | boolean -double | double -integer | integer -keyword | keyword -long | long -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/mv_max.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/mv_max.asciidoc deleted file mode 100644 index 50740a71e4b49..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/mv_max.asciidoc +++ /dev/null @@ -1,10 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -arg1 | result -boolean | boolean -double | double -integer | integer -keyword | keyword -long | long -unsigned_long | unsigned_long -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/mv_median.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/mv_median.asciidoc deleted file mode 100644 index f1831429aa95c..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/mv_median.asciidoc +++ /dev/null @@ -1,8 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -arg1 | result -double | double -integer | integer -long | long -unsigned_long | unsigned_long -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/mv_min.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/mv_min.asciidoc deleted file mode 100644 index 50740a71e4b49..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/mv_min.asciidoc +++ /dev/null @@ -1,10 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -arg1 | result -boolean | boolean -double | double -integer | integer -keyword | keyword -long | long -unsigned_long | unsigned_long -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/mv_sum.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/mv_sum.asciidoc deleted file mode 100644 index 09cb78511d275..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/mv_sum.asciidoc +++ /dev/null @@ -1,5 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -arg1 | result -double | double -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/pi.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/pi.asciidoc deleted file mode 100644 index 5854465d5fb49..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/pi.asciidoc +++ /dev/null @@ -1,5 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -result - -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/pow.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/pow.asciidoc deleted file mode 100644 index 37bddc60c118f..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/pow.asciidoc +++ /dev/null @@ -1,10 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -base | exponent | result -double | double | double -double | integer | double -integer | double | double -integer | integer | integer -long | double | double -long | integer | long -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/replace.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/replace.asciidoc deleted file mode 100644 index 6824d1fd97128..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/replace.asciidoc +++ /dev/null @@ -1,12 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -arg1 | arg2 | arg3 | result -keyword | keyword | keyword | keyword -keyword | keyword | text | keyword -keyword | text | keyword | keyword -keyword | text | text | keyword -text | keyword | keyword | keyword -text | keyword | text | keyword -text | text | keyword | keyword -text | text | text | keyword -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/right.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/right.asciidoc deleted file mode 100644 index c30a055f3be49..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/right.asciidoc +++ /dev/null @@ -1,5 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -string | length | result -keyword | integer | keyword -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/round.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/round.asciidoc deleted file mode 100644 index 5ba9e2f776d75..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/round.asciidoc +++ /dev/null @@ -1,5 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -arg1 | arg2 | result -double | integer | double -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/rtrim.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/rtrim.asciidoc deleted file mode 100644 index 11c02c8f0c3bb..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/rtrim.asciidoc +++ /dev/null @@ -1,6 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -arg1 | result -keyword | keyword -text | text -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/sin.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/sin.asciidoc deleted file mode 100644 index 1df8dd6526f18..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/sin.asciidoc +++ /dev/null @@ -1,8 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -n | result -double | double -integer | double -long | double -unsigned_long | double -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/sinh.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/sinh.asciidoc deleted file mode 100644 index 1df8dd6526f18..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/sinh.asciidoc +++ /dev/null @@ -1,8 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -n | result -double | double -integer | double -long | double -unsigned_long | double -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/split.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/split.asciidoc deleted file mode 100644 index f1f744dbe4126..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/split.asciidoc +++ /dev/null @@ -1,5 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -arg1 | arg2 | result -keyword | keyword | keyword -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/sqrt.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/sqrt.asciidoc deleted file mode 100644 index 1df8dd6526f18..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/sqrt.asciidoc +++ /dev/null @@ -1,8 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -n | result -double | double -integer | double -long | double -unsigned_long | double -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/starts_with.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/starts_with.asciidoc deleted file mode 100644 index 6c406b80c0cad..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/starts_with.asciidoc +++ /dev/null @@ -1,5 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -arg1 | arg2 | result -keyword | keyword | boolean -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/substring.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/substring.asciidoc deleted file mode 100644 index 2aa96ceeb7e43..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/substring.asciidoc +++ /dev/null @@ -1,5 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -arg1 | arg2 | arg3 | result -keyword | integer | integer | keyword -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/tan.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/tan.asciidoc deleted file mode 100644 index 1df8dd6526f18..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/tan.asciidoc +++ /dev/null @@ -1,8 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -n | result -double | double -integer | double -long | double -unsigned_long | double -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/tanh.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/tanh.asciidoc deleted file mode 100644 index 1df8dd6526f18..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/tanh.asciidoc +++ /dev/null @@ -1,8 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -n | result -double | double -integer | double -long | double -unsigned_long | double -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/tau.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/tau.asciidoc deleted file mode 100644 index 5854465d5fb49..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/tau.asciidoc +++ /dev/null @@ -1,5 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -result - -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/to_ip.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/to_ip.asciidoc deleted file mode 100644 index a21bbf14d87ca..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/to_ip.asciidoc +++ /dev/null @@ -1,6 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -arg1 | result -ip | ip -keyword | ip -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/to_string.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/to_string.asciidoc deleted file mode 100644 index b8fcd4477aa70..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/to_string.asciidoc +++ /dev/null @@ -1,14 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -v | result -boolean | keyword -datetime | keyword -double | keyword -integer | keyword -ip | keyword -keyword | keyword -long | keyword -text | keyword -unsigned_long | keyword -version | keyword -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/to_version.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/to_version.asciidoc deleted file mode 100644 index ebb83f03a6fe6..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/to_version.asciidoc +++ /dev/null @@ -1,7 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -v | result -keyword | version -text | version -version | version -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/trim.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/trim.asciidoc deleted file mode 100644 index 11c02c8f0c3bb..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/functions/types/trim.asciidoc +++ /dev/null @@ -1,6 +0,0 @@ -[%header.monospaced.styled,format=dsv,separator=|] -|=== -arg1 | result -keyword | keyword -text | text -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/index.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/index.asciidoc deleted file mode 100644 index 09b74740a5b67..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/index.asciidoc +++ /dev/null @@ -1,71 +0,0 @@ -[[esql]] -= {esql} - -:esql-tests: {xes-repo-dir}/../../plugin/esql/qa -:esql-specs: {esql-tests}/testFixtures/src/main/resources - -[partintro] - -preview::[] - -The {es} Query Language ({esql}) provides a powerful way to filter, transform, and analyze data stored in {es}. -Users can author {esql} queries to find specific events, perform statistical analysis, and generate visualizations. -It supports a wide range of commands and functions that enable users to perform various data operations, -such as filtering, aggregation, time-series analysis, and more. - -The {es} Query Language ({esql}) makes use of "pipes" to manipulate and transform data in a step-by-step fashion. -This approach allows users to compose a series of operations, where the output of one operation becomes the input for the next, -enabling complex data transformations and analysis. - -A simple example of an {esql} query is shown below: -[source,esql] ----- -FROM employees -| EVAL age = DATE_DIFF(NOW(), birth_date, 'Y') -| STATS AVG(age) BY department -| SORT age DESC ----- - -Each {esql} query starts with a <>. A source command produces -a table, typically with data from {es}. - -image::images/esql/source-command.svg[A source command producing a table from {es},align="center"] - -A source command can be followed by one or more -<>. Processing commands change an -input table by adding, removing, or changing rows and columns. -Processing commands can perform filtering, projection, aggregation, and more. - -image::images/esql/processing-command.svg[A processing command changing an input table,align="center"] - -You can chain processing commands, separated by a pipe character: `|`. Each -processing command works on the output table of the previous command. - -image::images/esql/chaining-processing-commands.svg[Processing commands can be chained,align="center"] - -The result of a query is the table produced by the final processing command. - -[discrete] -=== The {esql} Compute Engine - -{esql} is more than a language. It represents a significant investment in new compute capabilities within {es}. -To achieve both the functional and performance requirements for {esql}, it was necessary to build an entirely new -compute architecture. {esql} search, aggregation, and transformation functions are directly executed within Elasticsearch -itself. Query expressions are not transpiled to Query DSL for execution. This approach allows {esql} to be extremely performant and versatile. - -The new {esql} execution engine was designed with performance in mind — it operates on blocks at a time instead of per row, targets vectorization and cache locality, and embraces specialization and multi-threading. It is a separate component from the existing Elasticsearch aggregation framework with different performance characteristics. - -include::esql-get-started.asciidoc[] - -include::esql-language.asciidoc[] - -include::esql-rest.asciidoc[] - -include::esql-kibana.asciidoc[] - -include::task-management.asciidoc[] - -include::esql-limitations.asciidoc[] - -:esql-tests!: -:esql-specs!: diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/metadata_fields.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/metadata_fields.asciidoc deleted file mode 100644 index c034d4d0dd2b3..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/metadata_fields.asciidoc +++ /dev/null @@ -1,55 +0,0 @@ -[[esql-metadata-fields]] -=== {esql} metadata fields - -++++ -Metadata fields -++++ - -{esql} can access <>. The currently -supported ones are: - - * <>: the index to which the document belongs. - The field is of the type <>. - - * <>: the source document's ID. The field is of the - type <>. - - * `_version`: the source document's version. The field is of the type - <>. - -To enable the access to these fields, the <> source command needs -to be provided with a dedicated directive: - -[source,esql] ----- -FROM index [METADATA _index, _id] ----- - -Metadata fields are only available if the source of the data is an index. -Consequently, `FROM` is the only source commands that supports the `METADATA` -directive. - -Once enabled, the fields are then available to subsequent processing commands, just -like the other index fields: - -[source.merge.styled,esql] ----- -include::{esql-specs}/metadata-ignoreCsvTests.csv-spec[tag=multipleIndices] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/metadata-ignoreCsvTests.csv-spec[tag=multipleIndices-result] -|=== - -Also, similar to the index fields, once an aggregation is performed, a -metadata field will no longer be accessible to subsequent commands, unless -used as grouping field: - -[source.merge.styled,esql] ----- -include::{esql-specs}/metadata-ignoreCsvTests.csv-spec[tag=metaIndexInAggs] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/metadata-ignoreCsvTests.csv-spec[tag=metaIndexInAggs-result] -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/multivalued_fields.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/multivalued_fields.asciidoc deleted file mode 100644 index 5e48eb4ef8af8..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/multivalued_fields.asciidoc +++ /dev/null @@ -1,240 +0,0 @@ -[[esql-multivalued-fields]] -=== {esql} multivalued fields - -++++ -Multivalued fields -++++ - -{esql} is fine reading from multivalued fields: - -[source,console,id=esql-multivalued-fields-reorders] ----- -POST /mv/_bulk?refresh -{ "index" : {} } -{ "a": 1, "b": [2, 1] } -{ "index" : {} } -{ "a": 2, "b": 3 } - -POST /_query -{ - "query": "FROM mv | LIMIT 2" -} ----- - -Multivalued fields come back as a JSON array: - -[source,console-result] ----- -{ - "columns": [ - { "name": "a", "type": "long"}, - { "name": "b", "type": "long"} - ], - "values": [ - [1, [1, 2]], - [2, 3] - ] -} ----- - -The relative order of values in a multivalued field is undefined. They'll frequently be in -ascending order but don't rely on that. - -[discrete] -[[esql-multivalued-fields-dups]] -==== Duplicate values - -Some field types, like <> remove duplicate values on write: - -[source,console,id=esql-multivalued-fields-kwdups] ----- -PUT /mv -{ - "mappings": { - "properties": { - "b": {"type": "keyword"} - } - } -} - -POST /mv/_bulk?refresh -{ "index" : {} } -{ "a": 1, "b": ["foo", "foo", "bar"] } -{ "index" : {} } -{ "a": 2, "b": ["bar", "bar"] } - -POST /_query -{ - "query": "FROM mv | LIMIT 2" -} ----- - -And {esql} sees that removal: - -[source,console-result] ----- -{ - "columns": [ - { "name": "a", "type": "long"}, - { "name": "b", "type": "keyword"} - ], - "values": [ - [1, ["bar", "foo"]], - [2, "bar"] - ] -} ----- - -But other types, like `long` don't remove duplicates. - -[source,console,id=esql-multivalued-fields-longdups] ----- -PUT /mv -{ - "mappings": { - "properties": { - "b": {"type": "long"} - } - } -} - -POST /mv/_bulk?refresh -{ "index" : {} } -{ "a": 1, "b": [2, 2, 1] } -{ "index" : {} } -{ "a": 2, "b": [1, 1] } - -POST /_query -{ - "query": "FROM mv | LIMIT 2" -} ----- - -And {esql} also sees that: - -[source,console-result] ----- -{ - "columns": [ - { "name": "a", "type": "long"}, - { "name": "b", "type": "long"} - ], - "values": [ - [1, [1, 2, 2]], - [2, [1, 1]] - ] -} ----- - -This is all at the storage layer. If you store duplicate `long`s and then -convert them to strings the duplicates will stay: - -[source,console,id=esql-multivalued-fields-longdups-tostring] ----- -PUT /mv -{ - "mappings": { - "properties": { - "b": {"type": "long"} - } - } -} - -POST /mv/_bulk?refresh -{ "index" : {} } -{ "a": 1, "b": [2, 2, 1] } -{ "index" : {} } -{ "a": 2, "b": [1, 1] } - -POST /_query -{ - "query": "FROM mv | EVAL b=TO_STRING(b) | LIMIT 2" -} ----- - -[source,console-result] ----- -{ - "columns": [ - { "name": "a", "type": "long"}, - { "name": "b", "type": "keyword"} - ], - "values": [ - [1, ["1", "2", "2"]], - [2, ["1", "1"]] - ] -} ----- - -[discrete] -[[esql-multivalued-fields-functions]] -==== Functions - -Unless otherwise documented functions will return `null` when applied to a multivalued -field. This behavior may change in a later version. - -[source,console,id=esql-multivalued-fields-mv-into-null] ----- -POST /mv/_bulk?refresh -{ "index" : {} } -{ "a": 1, "b": [2, 1] } -{ "index" : {} } -{ "a": 2, "b": 3 } - -POST /_query -{ - "query": "FROM mv | EVAL b + 2, a + b | LIMIT 4" -} ----- - -[source,console-result] ----- -{ - "columns": [ - { "name": "a", "type": "long"}, - { "name": "b", "type": "long"}, - { "name": "b+2", "type": "long"}, - { "name": "a+b", "type": "long"} - ], - "values": [ - [1, [1, 2], null, null], - [2, 3, 5, 5] - ] -} ----- - -Work around this limitation by converting the field to single value with one of: - -* <> -* <> -* <> -* <> -* <> -* <> -* <> - -[source,console,esql-multivalued-fields-mv-into-null] ----- -POST /_query -{ - "query": "FROM mv | EVAL b=MV_MIN(b) | EVAL b + 2, a + b | LIMIT 4" -} ----- -// TEST[continued] - -[source,console-result] ----- -{ - "columns": [ - { "name": "a", "type": "long"}, - { "name": "b", "type": "long"}, - { "name": "b+2", "type": "long"}, - { "name": "a+b", "type": "long"} - ], - "values": [ - [1, 1, 3, 2], - [2, 3, 5, 5] - ] -} ----- - diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/dissect.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/dissect.asciidoc deleted file mode 100644 index e6206615342f7..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/dissect.asciidoc +++ /dev/null @@ -1,19 +0,0 @@ -[discrete] -[[esql-dissect]] -=== `DISSECT` - -`DISSECT` enables you to extract structured data out of a string. `DISSECT` -matches the string against a delimiter-based pattern, and extracts the specified -keys as columns. - -Refer to the <> for the -syntax of dissect patterns. - -[source.merge.styled,esql] ----- -include::{esql-specs}/dissect.csv-spec[tag=dissect] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/dissect.csv-spec[tag=dissect-result] -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/drop.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/drop.asciidoc deleted file mode 100644 index 50e3b27fb1b28..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/drop.asciidoc +++ /dev/null @@ -1,18 +0,0 @@ -[discrete] -[[esql-drop]] -=== `DROP` - -Use `DROP` to remove columns: - -[source,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=dropheight] ----- - -Rather than specify each column by name, you can use wildcards to drop all -columns with a name that matches a pattern: - -[source,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=dropheightwithwildcard] ----- diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/enrich.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/enrich.asciidoc deleted file mode 100644 index 1e489119d4ca3..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/enrich.asciidoc +++ /dev/null @@ -1,101 +0,0 @@ -[discrete] -[[esql-enrich]] -=== `ENRICH` - -**Syntax** - -[source,txt] ----- -ENRICH policy [ON match_field] [WITH [new_name1 = ]field1, [new_name2 = ]field2, ...] ----- - -*Parameters* - -`policy`:: -The name of the enrich policy. You need to <> -and <> the enrich policy first. - -`ON match_field`:: -The match field. `ENRICH` uses its value to look for records in the enrich -index. If not specified, the match will be performed on the column with the same -name as the `match_field` defined in the <>. - -`WITH fieldX`:: -The enrich fields from the enrich index that are added to the result as new -columns. If a column with the same name as the enrich field already exists, the -existing column will be replaced by the new column. If not specified, each of -the enrich fields defined in the policy is added - -`new_nameX =`:: -Enables you to change the name of the column that's added for each of the enrich -fields. Defaults to the enrich field name. - -*Description* - -`ENRICH` enables you to add data from existing indices as new columns using an -enrich policy. Refer to <> for information about setting up a -policy. - -image::images/esql/esql-enrich.png[align="center"] - -TIP: Before you can use `ENRICH`, you need to <>. - -*Examples* - -// tag::examples[] -The following example uses the `languages_policy` enrich policy to add a new -column for each enrich field defined in the policy. The match is performed using -the `match_field` defined in the <> and -requires that the input table has a column with the same name (`language_code` -in this example). `ENRICH` will look for records in the -<> based on the match field value. - -[source.merge.styled,esql] ----- -include::{esql-specs}/docs-ignoreCsvTests.csv-spec[tag=enrich] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/docs-ignoreCsvTests.csv-spec[tag=enrich-result] -|=== - -To use a column with a different name than the `match_field` defined in the -policy as the match field, use `ON `: - -[source.merge.styled,esql] ----- -include::{esql-specs}/docs-ignoreCsvTests.csv-spec[tag=enrich_on] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/docs-ignoreCsvTests.csv-spec[tag=enrich_on-result] -|=== - -By default, each of the enrich fields defined in the policy is added as a -column. To explicitly select the enrich fields that are added, use -`WITH , ...`: - -[source.merge.styled,esql] ----- -include::{esql-specs}/docs-ignoreCsvTests.csv-spec[tag=enrich_with] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/docs-ignoreCsvTests.csv-spec[tag=enrich_with-result] -|=== - -You can rename the columns that are added using `WITH new_name=`: - -[source.merge.styled,esql] ----- -include::{esql-specs}/docs-ignoreCsvTests.csv-spec[tag=enrich_rename] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/docs-ignoreCsvTests.csv-spec[tag=enrich_rename-result] -|=== - -In case of name collisions, the newly created columns will override existing -columns. -// end::examples[] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/eval.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/eval.asciidoc deleted file mode 100644 index a0a78f2a3bf97..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/eval.asciidoc +++ /dev/null @@ -1,30 +0,0 @@ -[discrete] -[[esql-eval]] -=== `EVAL` -`EVAL` enables you to append new columns: - -[source.merge.styled,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=eval] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/docs.csv-spec[tag=eval-result] -|=== - -If the specified column already exists, the existing column will be dropped, and -the new column will be appended to the table: - -[source.merge.styled,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=evalReplace] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/docs.csv-spec[tag=evalReplace-result] -|=== - -[discrete] -==== Functions -`EVAL` supports various functions for calculating values. Refer to -<> for more information. diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/grok.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/grok.asciidoc deleted file mode 100644 index 914c13b2320eb..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/grok.asciidoc +++ /dev/null @@ -1,21 +0,0 @@ -[discrete] -[[esql-grok]] -=== `GROK` - -`GROK` enables you to extract structured data out of a string. `GROK` matches -the string against patterns, based on regular expressions, and extracts the -specified patterns as columns. - -Refer to the <> for the syntax for -of grok patterns. - -For example: - -[source.merge.styled,esql] ----- -include::{esql-specs}/grok.csv-spec[tag=grok] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/grok.csv-spec[tag=grok-result] -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/keep.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/keep.asciidoc deleted file mode 100644 index 3e54e5a7d1c5c..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/keep.asciidoc +++ /dev/null @@ -1,35 +0,0 @@ -[discrete] -[[esql-keep]] -=== `KEEP` - -The `KEEP` command enables you to specify what columns are returned and the -order in which they are returned. - -To limit the columns that are returned, use a comma-separated list of column -names. The columns are returned in the specified order: - -[source.merge.styled,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=keep] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/docs.csv-spec[tag=keep-result] -|=== - -Rather than specify each column by name, you can use wildcards to return all -columns with a name that matches a pattern: - -[source,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=keepWildcard] ----- - -The asterisk wildcard (`*`) by itself translates to all columns that do not -match the other arguments. This query will first return all columns with a name -that starts with an h, followed by all other columns: - -[source,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=keepDoubleWildcard] ----- diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/limit.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/limit.asciidoc deleted file mode 100644 index c02b534af59e1..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/limit.asciidoc +++ /dev/null @@ -1,13 +0,0 @@ -[discrete] -[[esql-limit]] -=== `LIMIT` - -The `LIMIT` processing command enables you to limit the number of rows: - -[source,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=limit] ----- - -If not specified, `LIMIT` defaults to `500`. A single query will not return -more than 10,000 rows, regardless of the `LIMIT` value. diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/mv_expand.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/mv_expand.asciidoc deleted file mode 100644 index d62b28aabe440..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/mv_expand.asciidoc +++ /dev/null @@ -1,14 +0,0 @@ -[discrete] -[[esql-mv_expand]] -=== `MV_EXPAND` - -The `MV_EXPAND` processing command expands multivalued fields into one row per value, duplicating other fields: - -[source.merge.styled,esql] ----- -include::{esql-specs}/mv_expand.csv-spec[tag=simple] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/mv_expand.csv-spec[tag=simple-result] -|=== diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/rename.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/rename.asciidoc deleted file mode 100644 index 1dda424317976..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/rename.asciidoc +++ /dev/null @@ -1,27 +0,0 @@ -[discrete] -[[esql-rename]] -=== `RENAME` - -Use `RENAME` to rename a column using the following syntax: - -[source,esql] ----- -RENAME AS ----- - -For example: - -[source,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=rename] ----- - -If a column with the new name already exists, it will be replaced by the new -column. - -Multiple columns can be renamed with a single `RENAME` command: - -[source,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=renameMultipleColumns] ----- diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/sort.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/sort.asciidoc deleted file mode 100644 index 76a9193375932..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/sort.asciidoc +++ /dev/null @@ -1,37 +0,0 @@ -[discrete] -[[esql-sort]] -=== `SORT` -Use the `SORT` command to sort rows on one or more fields: - -[source,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=sort] ----- - -The default sort order is ascending. Set an explicit sort order using `ASC` or -`DESC`: - -[source,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=sortDesc] ----- - -Two rows with the same sort key are considered equal. You can provide additional -sort expressions to act as tie breakers: - -[source,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=sortTie] ----- - -[discrete] -==== `null` values -By default, `null` values are treated as being larger than any other value. With -an ascending sort order, `null` values are sorted last, and with a descending -sort order, `null` values are sorted first. You can change that by providing -`NULLS FIRST` or `NULLS LAST`: - -[source,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=sortNullsFirst] ----- diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/stats.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/stats.asciidoc deleted file mode 100644 index 71f4470e3dfb0..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/stats.asciidoc +++ /dev/null @@ -1,45 +0,0 @@ -[discrete] -[[esql-stats-by]] -=== `STATS ... BY` -Use `STATS ... BY` to group rows according to a common value and calculate one -or more aggregated values over the grouped rows. - -[source.merge.styled,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=stats] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/docs.csv-spec[tag=stats-result] -|=== - -If `BY` is omitted, the output table contains exactly one row with the -aggregations applied over the entire dataset: - -[source.merge.styled,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=statsWithoutBy] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/docs.csv-spec[tag=statsWithoutBy-result] -|=== - -It's possible to calculate multiple values: - -[source,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=statsCalcMultipleValues] ----- - -It's also possible to group by multiple values (only supported for long and -keyword family fields): - -[source,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=statsGroupByMultipleValues] ----- - -The following aggregation functions are supported: - -include::../functions/aggregation-functions.asciidoc[tag=agg_list] diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/where.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/where.asciidoc deleted file mode 100644 index 8dd55df12b9e7..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/processing_commands/where.asciidoc +++ /dev/null @@ -1,33 +0,0 @@ -[discrete] -[[esql-where]] -=== `WHERE` - -Use `WHERE` to produce a table that contains all the rows from the input table -for which the provided condition evaluates to `true`: - -[source,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=where] ----- - -Which, if `still_hired` is a boolean field, can be simplified to: - -[source,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=whereBoolean] ----- - -[discrete] -==== Operators - -Refer to <> for an overview of the supported operators. - -[discrete] -==== Functions -`WHERE` supports various functions for calculating values. Refer to -<> for more information. - -[source,esql] ----- -include::{esql-specs}/docs.csv-spec[tag=whereFunction] ----- diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/source_commands/from.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/source_commands/from.asciidoc deleted file mode 100644 index 5718bfc27ac1c..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/source_commands/from.asciidoc +++ /dev/null @@ -1,37 +0,0 @@ -[discrete] -[[esql-from]] -=== `FROM` - -The `FROM` source command returns a table with up to 10,000 documents from a -data stream, index, or alias. Each row in the resulting table represents a -document. Each column corresponds to a field, and can be accessed by the name -of that field. - -[source,esql] ----- -FROM employees ----- - -You can use <> to refer to indices, aliases -and data streams. This can be useful for time series data, for example to access -today's index: - -[source,esql] ----- -FROM ----- - -Use comma-separated lists or wildcards to query multiple data streams, indices, -or aliases: - -[source,esql] ----- -FROM employees-00001,other-employees-* ----- - -Use the `METADATA` directive to enable <>: - -[source,esql] ----- -FROM employees [METADATA _id] ----- diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/source_commands/row.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/source_commands/row.asciidoc deleted file mode 100644 index edfe5ecbf7cf3..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/source_commands/row.asciidoc +++ /dev/null @@ -1,29 +0,0 @@ -[discrete] -[[esql-row]] -=== `ROW` - -The `ROW` source command produces a row with one or more columns with values -that you specify. This can be useful for testing. - -[source.merge.styled,esql] ----- -include::{esql-specs}/row.csv-spec[tag=example] ----- -[%header.monospaced.styled,format=dsv,separator=|] -|=== -include::{esql-specs}/row.csv-spec[tag=example-result] -|=== - -Use square brackets to create multi-value columns: - -[source,esql] ----- -include::{esql-specs}/row.csv-spec[tag=multivalue] ----- - -`ROW` supports the use of <>: - -[source,esql] ----- -include::{esql-specs}/row.csv-spec[tag=function] ----- diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/source_commands/show.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/source_commands/show.asciidoc deleted file mode 100644 index 956baf628e9f3..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/source_commands/show.asciidoc +++ /dev/null @@ -1,10 +0,0 @@ -[discrete] -[[esql-show]] -=== `SHOW ` - -The `SHOW ` source command returns information about the deployment and -its capabilities: - -* Use `SHOW INFO` to return the deployment's version, build date and hash. -* Use `SHOW FUNCTIONS` to return a list of all supported functions and a -synopsis of each function. diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/task_management.asciidoc b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/task_management.asciidoc deleted file mode 100644 index 96a624c89bf7d..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/task_management.asciidoc +++ /dev/null @@ -1,35 +0,0 @@ -[[esql-task-management]] -== {esql} task management - -++++ -Task management -++++ - -You can list running {esql} queries with the <>: - -[source,console,id=esql-task-management-get-all] ----- -GET /_tasks?pretty&detailed&group_by=parents&human&actions=*data/read/esql ----- - -Which returns a list of statuses like this: - -[source,js] ----- -include::{esql-specs}/query_task.json[] ----- -// NOTCONSOLE -// Tested in a unit test - -<1> The user submitted query. -<2> Time the query has been running. - -You can use this to find long running queries and, if you need to, cancel them -with the <>: - -[source,console,id=esql-task-management-cancelEsqlQueryRequestTests] ----- -POST _tasks/2j8UKw1bRO283PMwDugNNg:5326/_cancel ----- - -It may take a few seconds for the query to be stopped. diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/language_definition/esql_base_lexer.g4 b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/language_definition/esql_base_lexer.g4 deleted file mode 100644 index 747c1fdcd1921..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/language_definition/esql_base_lexer.g4 +++ /dev/null @@ -1,191 +0,0 @@ -lexer grammar EsqlBaseLexer; - -DISSECT : 'dissect' -> pushMode(EXPRESSION); -DROP : 'drop' -> pushMode(SOURCE_IDENTIFIERS); -ENRICH : 'enrich' -> pushMode(SOURCE_IDENTIFIERS); -EVAL : 'eval' -> pushMode(EXPRESSION); -EXPLAIN : 'explain' -> pushMode(EXPLAIN_MODE); -FROM : 'from' -> pushMode(SOURCE_IDENTIFIERS); -GROK : 'grok' -> pushMode(EXPRESSION); -INLINESTATS : 'inlinestats' -> pushMode(EXPRESSION); -KEEP : 'keep' -> pushMode(SOURCE_IDENTIFIERS); -LIMIT : 'limit' -> pushMode(EXPRESSION); -MV_EXPAND : 'mv_expand' -> pushMode(SOURCE_IDENTIFIERS); -PROJECT : 'project' -> pushMode(SOURCE_IDENTIFIERS); -RENAME : 'rename' -> pushMode(SOURCE_IDENTIFIERS); -ROW : 'row' -> pushMode(EXPRESSION); -SHOW : 'show' -> pushMode(EXPRESSION); -SORT : 'sort' -> pushMode(EXPRESSION); -STATS : 'stats' -> pushMode(EXPRESSION); -WHERE : 'where' -> pushMode(EXPRESSION); -UNKNOWN_CMD : ~[ \r\n\t[\]/]+ -> pushMode(EXPRESSION); - -LINE_COMMENT - : '//' ~[\r\n]* '\r'? '\n'? -> channel(HIDDEN) - ; - -MULTILINE_COMMENT - : '/*' (MULTILINE_COMMENT|.)*? '*/' -> channel(HIDDEN) - ; - -WS - : [ \r\n\t]+ -> channel(HIDDEN) - ; - - -mode EXPLAIN_MODE; -EXPLAIN_OPENING_BRACKET : '[' -> type(OPENING_BRACKET), pushMode(DEFAULT_MODE); -EXPLAIN_PIPE : '|' -> type(PIPE), popMode; -EXPLAIN_WS : WS -> channel(HIDDEN); -EXPLAIN_LINE_COMMENT : LINE_COMMENT -> channel(HIDDEN); -EXPLAIN_MULTILINE_COMMENT : MULTILINE_COMMENT -> channel(HIDDEN); - -mode EXPRESSION; - -PIPE : '|' -> popMode; - -fragment DIGIT - : [0-9] - ; - -fragment LETTER - : [A-Za-z] - ; - -fragment ESCAPE_SEQUENCE - : '\\' [tnr"\\] - ; - -fragment UNESCAPED_CHARS - : ~[\r\n"\\] - ; - -fragment EXPONENT - : [Ee] [+-]? DIGIT+ - ; - -STRING - : '"' (ESCAPE_SEQUENCE | UNESCAPED_CHARS)* '"' - | '"""' (~[\r\n])*? '"""' '"'? '"'? - ; - -INTEGER_LITERAL - : DIGIT+ - ; - -DECIMAL_LITERAL - : DIGIT+ DOT DIGIT* - | DOT DIGIT+ - | DIGIT+ (DOT DIGIT*)? EXPONENT - | DOT DIGIT+ EXPONENT - ; - -BY : 'by'; - -AND : 'and'; -ASC : 'asc'; -ASSIGN : '='; -COMMA : ','; -DESC : 'desc'; -DOT : '.'; -FALSE : 'false'; -FIRST : 'first'; -LAST : 'last'; -LP : '('; -IN: 'in'; -IS: 'is'; -LIKE: 'like'; -NOT : 'not'; -NULL : 'null'; -NULLS : 'nulls'; -OR : 'or'; -PARAM: '?'; -RLIKE: 'rlike'; -RP : ')'; -TRUE : 'true'; -INFO : 'info'; -FUNCTIONS : 'functions'; - -EQ : '=='; -NEQ : '!='; -LT : '<'; -LTE : '<='; -GT : '>'; -GTE : '>='; - -PLUS : '+'; -MINUS : '-'; -ASTERISK : '*'; -SLASH : '/'; -PERCENT : '%'; - -// Brackets are funny. We can happen upon a CLOSING_BRACKET in two ways - one -// way is to start in an explain command which then shifts us to expression -// mode. Thus, the two popModes on CLOSING_BRACKET. The other way could as -// the start of a multivalued field constant. To line up with the double pop -// the explain mode needs, we double push when we see that. -OPENING_BRACKET : '[' -> pushMode(EXPRESSION), pushMode(EXPRESSION); -CLOSING_BRACKET : ']' -> popMode, popMode; - - -UNQUOTED_IDENTIFIER - : LETTER (LETTER | DIGIT | '_')* - // only allow @ at beginning of identifier to keep the option to allow @ as infix operator in the future - // also, single `_` and `@` characters are not valid identifiers - | ('_' | '@') (LETTER | DIGIT | '_')+ - ; - -QUOTED_IDENTIFIER - : '`' ( ~'`' | '``' )* '`' - ; - -EXPR_LINE_COMMENT - : LINE_COMMENT -> channel(HIDDEN) - ; - -EXPR_MULTILINE_COMMENT - : MULTILINE_COMMENT -> channel(HIDDEN) - ; - -EXPR_WS - : WS -> channel(HIDDEN) - ; - - - -mode SOURCE_IDENTIFIERS; - -SRC_PIPE : '|' -> type(PIPE), popMode; -SRC_OPENING_BRACKET : '[' -> type(OPENING_BRACKET), pushMode(SOURCE_IDENTIFIERS), pushMode(SOURCE_IDENTIFIERS); -SRC_CLOSING_BRACKET : ']' -> popMode, popMode, type(CLOSING_BRACKET); -SRC_COMMA : ',' -> type(COMMA); -SRC_ASSIGN : '=' -> type(ASSIGN); -AS : 'as'; -METADATA: 'metadata'; -ON : 'on'; -WITH : 'with'; - -SRC_UNQUOTED_IDENTIFIER - : SRC_UNQUOTED_IDENTIFIER_PART+ - ; - -fragment SRC_UNQUOTED_IDENTIFIER_PART - : ~[=`|,[\]/ \t\r\n]+ - | '/' ~[*/] // allow single / but not followed by another / or * which would start a comment - ; - -SRC_QUOTED_IDENTIFIER - : QUOTED_IDENTIFIER - ; - -SRC_LINE_COMMENT - : LINE_COMMENT -> channel(HIDDEN) - ; - -SRC_MULTILINE_COMMENT - : MULTILINE_COMMENT -> channel(HIDDEN) - ; - -SRC_WS - : WS -> channel(HIDDEN) - ; diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/language_definition/esql_base_lexer.tokens b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/language_definition/esql_base_lexer.tokens deleted file mode 100644 index d8761f5eb0d73..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/language_definition/esql_base_lexer.tokens +++ /dev/null @@ -1,137 +0,0 @@ -DISSECT=1 -DROP=2 -ENRICH=3 -EVAL=4 -EXPLAIN=5 -FROM=6 -GROK=7 -INLINESTATS=8 -KEEP=9 -LIMIT=10 -MV_EXPAND=11 -PROJECT=12 -RENAME=13 -ROW=14 -SHOW=15 -SORT=16 -STATS=17 -WHERE=18 -UNKNOWN_CMD=19 -LINE_COMMENT=20 -MULTILINE_COMMENT=21 -WS=22 -EXPLAIN_WS=23 -EXPLAIN_LINE_COMMENT=24 -EXPLAIN_MULTILINE_COMMENT=25 -PIPE=26 -STRING=27 -INTEGER_LITERAL=28 -DECIMAL_LITERAL=29 -BY=30 -AND=31 -ASC=32 -ASSIGN=33 -COMMA=34 -DESC=35 -DOT=36 -FALSE=37 -FIRST=38 -LAST=39 -LP=40 -IN=41 -IS=42 -LIKE=43 -NOT=44 -NULL=45 -NULLS=46 -OR=47 -PARAM=48 -RLIKE=49 -RP=50 -TRUE=51 -INFO=52 -FUNCTIONS=53 -EQ=54 -NEQ=55 -LT=56 -LTE=57 -GT=58 -GTE=59 -PLUS=60 -MINUS=61 -ASTERISK=62 -SLASH=63 -PERCENT=64 -OPENING_BRACKET=65 -CLOSING_BRACKET=66 -UNQUOTED_IDENTIFIER=67 -QUOTED_IDENTIFIER=68 -EXPR_LINE_COMMENT=69 -EXPR_MULTILINE_COMMENT=70 -EXPR_WS=71 -AS=72 -METADATA=73 -ON=74 -WITH=75 -SRC_UNQUOTED_IDENTIFIER=76 -SRC_QUOTED_IDENTIFIER=77 -SRC_LINE_COMMENT=78 -SRC_MULTILINE_COMMENT=79 -SRC_WS=80 -EXPLAIN_PIPE=81 -'dissect'=1 -'drop'=2 -'enrich'=3 -'eval'=4 -'explain'=5 -'from'=6 -'grok'=7 -'inlinestats'=8 -'keep'=9 -'limit'=10 -'mv_expand'=11 -'project'=12 -'rename'=13 -'row'=14 -'show'=15 -'sort'=16 -'stats'=17 -'where'=18 -'by'=30 -'and'=31 -'asc'=32 -'desc'=35 -'.'=36 -'false'=37 -'first'=38 -'last'=39 -'('=40 -'in'=41 -'is'=42 -'like'=43 -'not'=44 -'null'=45 -'nulls'=46 -'or'=47 -'?'=48 -'rlike'=49 -')'=50 -'true'=51 -'info'=52 -'functions'=53 -'=='=54 -'!='=55 -'<'=56 -'<='=57 -'>'=58 -'>='=59 -'+'=60 -'-'=61 -'*'=62 -'/'=63 -'%'=64 -']'=66 -'as'=72 -'metadata'=73 -'on'=74 -'with'=75 diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/language_definition/esql_base_parser.g4 b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/language_definition/esql_base_parser.g4 deleted file mode 100644 index 044e920744375..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/language_definition/esql_base_parser.g4 +++ /dev/null @@ -1,246 +0,0 @@ - -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -parser grammar EsqlBaseParser; - -options {tokenVocab=EsqlBaseLexer;} - -singleStatement - : query EOF - ; - -query - : sourceCommand #singleCommandQuery - | query PIPE processingCommand #compositeQuery - ; - -sourceCommand - : explainCommand - | fromCommand - | rowCommand - | showCommand - ; - -processingCommand - : evalCommand - | inlinestatsCommand - | limitCommand - | keepCommand - | sortCommand - | statsCommand - | whereCommand - | dropCommand - | renameCommand - | dissectCommand - | grokCommand - | enrichCommand - | mvExpandCommand - ; - -whereCommand - : WHERE booleanExpression - ; - -booleanExpression - : NOT booleanExpression #logicalNot - | valueExpression #booleanDefault - | regexBooleanExpression #regexExpression - | left=booleanExpression operator=AND right=booleanExpression #logicalBinary - | left=booleanExpression operator=OR right=booleanExpression #logicalBinary - | valueExpression (NOT)? IN LP valueExpression (COMMA valueExpression)* RP #logicalIn - | valueExpression IS NOT? NULL #isNull - ; - -regexBooleanExpression - : valueExpression (NOT)? kind=LIKE pattern=string - | valueExpression (NOT)? kind=RLIKE pattern=string - ; - -valueExpression - : operatorExpression #valueExpressionDefault - | left=operatorExpression comparisonOperator right=operatorExpression #comparison - ; - -operatorExpression - : primaryExpression #operatorExpressionDefault - | operator=(MINUS | PLUS) operatorExpression #arithmeticUnary - | left=operatorExpression operator=(ASTERISK | SLASH | PERCENT) right=operatorExpression #arithmeticBinary - | left=operatorExpression operator=(PLUS | MINUS) right=operatorExpression #arithmeticBinary - ; - -primaryExpression - : constant #constantDefault - | qualifiedName #dereference - | functionExpression #function - | LP booleanExpression RP #parenthesizedExpression - ; - -functionExpression - : identifier LP (ASTERISK | (booleanExpression (COMMA booleanExpression)*))? RP - ; - -rowCommand - : ROW fields - ; - -fields - : field (COMMA field)* - ; - -field - : booleanExpression - | qualifiedName ASSIGN booleanExpression - ; - -fromCommand - : FROM sourceIdentifier (COMMA sourceIdentifier)* metadata? - ; - -metadata - : OPENING_BRACKET METADATA sourceIdentifier (COMMA sourceIdentifier)* CLOSING_BRACKET - ; - - -evalCommand - : EVAL fields - ; - -statsCommand - : STATS fields? (BY grouping)? - ; - -inlinestatsCommand - : INLINESTATS fields (BY grouping)? - ; - -grouping - : qualifiedName (COMMA qualifiedName)* - ; - -sourceIdentifier - : SRC_UNQUOTED_IDENTIFIER - | SRC_QUOTED_IDENTIFIER - ; - -qualifiedName - : identifier (DOT identifier)* - ; - - -identifier - : UNQUOTED_IDENTIFIER - | QUOTED_IDENTIFIER - ; - -constant - : NULL #nullLiteral - | integerValue UNQUOTED_IDENTIFIER #qualifiedIntegerLiteral - | decimalValue #decimalLiteral - | integerValue #integerLiteral - | booleanValue #booleanLiteral - | PARAM #inputParam - | string #stringLiteral - | OPENING_BRACKET numericValue (COMMA numericValue)* CLOSING_BRACKET #numericArrayLiteral - | OPENING_BRACKET booleanValue (COMMA booleanValue)* CLOSING_BRACKET #booleanArrayLiteral - | OPENING_BRACKET string (COMMA string)* CLOSING_BRACKET #stringArrayLiteral - ; - -limitCommand - : LIMIT INTEGER_LITERAL - ; - -sortCommand - : SORT orderExpression (COMMA orderExpression)* - ; - -orderExpression - : booleanExpression ordering=(ASC | DESC)? (NULLS nullOrdering=(FIRST | LAST))? - ; - -keepCommand - : KEEP sourceIdentifier (COMMA sourceIdentifier)* - | PROJECT sourceIdentifier (COMMA sourceIdentifier)* - ; - -dropCommand - : DROP sourceIdentifier (COMMA sourceIdentifier)* - ; - -renameCommand - : RENAME renameClause (COMMA renameClause)* - ; - -renameClause: - oldName=sourceIdentifier AS newName=sourceIdentifier - ; - -dissectCommand - : DISSECT primaryExpression string commandOptions? - ; - -grokCommand - : GROK primaryExpression string - ; - -mvExpandCommand - : MV_EXPAND sourceIdentifier - ; - -commandOptions - : commandOption (COMMA commandOption)* - ; - -commandOption - : identifier ASSIGN constant - ; - -booleanValue - : TRUE | FALSE - ; - -numericValue - : decimalValue - | integerValue - ; - -decimalValue - : (PLUS | MINUS)? DECIMAL_LITERAL - ; - -integerValue - : (PLUS | MINUS)? INTEGER_LITERAL - ; - -string - : STRING - ; - -comparisonOperator - : EQ | NEQ | LT | LTE | GT | GTE - ; - -explainCommand - : EXPLAIN subqueryExpression - ; - -subqueryExpression - : OPENING_BRACKET query CLOSING_BRACKET - ; - -showCommand - : SHOW INFO #showInfo - | SHOW FUNCTIONS #showFunctions - ; - -enrichCommand - : ENRICH policyName=sourceIdentifier (ON matchField=sourceIdentifier)? (WITH enrichWithClause (COMMA enrichWithClause)*)? - ; - -enrichWithClause - : (newName=sourceIdentifier ASSIGN)? enrichField=sourceIdentifier - ; diff --git a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/language_definition/esql_base_parser.tokens b/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/language_definition/esql_base_parser.tokens deleted file mode 100644 index d8761f5eb0d73..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/language_definition/esql_base_parser.tokens +++ /dev/null @@ -1,137 +0,0 @@ -DISSECT=1 -DROP=2 -ENRICH=3 -EVAL=4 -EXPLAIN=5 -FROM=6 -GROK=7 -INLINESTATS=8 -KEEP=9 -LIMIT=10 -MV_EXPAND=11 -PROJECT=12 -RENAME=13 -ROW=14 -SHOW=15 -SORT=16 -STATS=17 -WHERE=18 -UNKNOWN_CMD=19 -LINE_COMMENT=20 -MULTILINE_COMMENT=21 -WS=22 -EXPLAIN_WS=23 -EXPLAIN_LINE_COMMENT=24 -EXPLAIN_MULTILINE_COMMENT=25 -PIPE=26 -STRING=27 -INTEGER_LITERAL=28 -DECIMAL_LITERAL=29 -BY=30 -AND=31 -ASC=32 -ASSIGN=33 -COMMA=34 -DESC=35 -DOT=36 -FALSE=37 -FIRST=38 -LAST=39 -LP=40 -IN=41 -IS=42 -LIKE=43 -NOT=44 -NULL=45 -NULLS=46 -OR=47 -PARAM=48 -RLIKE=49 -RP=50 -TRUE=51 -INFO=52 -FUNCTIONS=53 -EQ=54 -NEQ=55 -LT=56 -LTE=57 -GT=58 -GTE=59 -PLUS=60 -MINUS=61 -ASTERISK=62 -SLASH=63 -PERCENT=64 -OPENING_BRACKET=65 -CLOSING_BRACKET=66 -UNQUOTED_IDENTIFIER=67 -QUOTED_IDENTIFIER=68 -EXPR_LINE_COMMENT=69 -EXPR_MULTILINE_COMMENT=70 -EXPR_WS=71 -AS=72 -METADATA=73 -ON=74 -WITH=75 -SRC_UNQUOTED_IDENTIFIER=76 -SRC_QUOTED_IDENTIFIER=77 -SRC_LINE_COMMENT=78 -SRC_MULTILINE_COMMENT=79 -SRC_WS=80 -EXPLAIN_PIPE=81 -'dissect'=1 -'drop'=2 -'enrich'=3 -'eval'=4 -'explain'=5 -'from'=6 -'grok'=7 -'inlinestats'=8 -'keep'=9 -'limit'=10 -'mv_expand'=11 -'project'=12 -'rename'=13 -'row'=14 -'show'=15 -'sort'=16 -'stats'=17 -'where'=18 -'by'=30 -'and'=31 -'asc'=32 -'desc'=35 -'.'=36 -'false'=37 -'first'=38 -'last'=39 -'('=40 -'in'=41 -'is'=42 -'like'=43 -'not'=44 -'null'=45 -'nulls'=46 -'or'=47 -'?'=48 -'rlike'=49 -')'=50 -'true'=51 -'info'=52 -'functions'=53 -'=='=54 -'!='=55 -'<'=56 -'<='=57 -'>'=58 -'>='=59 -'+'=60 -'-'=61 -'*'=62 -'/'=63 -'%'=64 -']'=66 -'as'=72 -'metadata'=73 -'on'=74 -'with'=75 diff --git a/x-pack/plugins/elastic_assistant/server/lib/langchain/content_loaders/add_required_kb_resource_metadata.test.ts b/x-pack/plugins/elastic_assistant/server/lib/langchain/content_loaders/add_required_kb_resource_metadata.test.ts index c66c18cd434ad..48aa99c2e09af 100644 --- a/x-pack/plugins/elastic_assistant/server/lib/langchain/content_loaders/add_required_kb_resource_metadata.test.ts +++ b/x-pack/plugins/elastic_assistant/server/lib/langchain/content_loaders/add_required_kb_resource_metadata.test.ts @@ -7,9 +7,10 @@ import { addRequiredKbResourceMetadata } from './add_required_kb_resource_metadata'; import { mockExampleQueryDocsFromDirectoryLoader } from '../../../__mocks__/docs_from_directory_loader'; +import { SECURITY_LABS_RESOURCE } from '../../../routes/knowledge_base/constants'; describe('addRequiredKbResourceMetadata', () => { - const kbResource = 'esql'; + const kbResource = SECURITY_LABS_RESOURCE; test('it includes the original metadata properties', () => { const EXPECTED_ADDITIONAL_KEYS_COUNT = 2; // two keys, `kbResource` and `required` diff --git a/x-pack/plugins/elastic_assistant/server/lib/langchain/content_loaders/esql_loader.test.ts b/x-pack/plugins/elastic_assistant/server/lib/langchain/content_loaders/esql_loader.test.ts deleted file mode 100644 index 9c1c5976fd550..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/lib/langchain/content_loaders/esql_loader.test.ts +++ /dev/null @@ -1,125 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { Logger } from '@kbn/core/server'; - -import { addRequiredKbResourceMetadata } from './add_required_kb_resource_metadata'; -import { loadESQL } from './esql_loader'; -import { - mockEsqlDocsFromDirectoryLoader, - mockEsqlLanguageDocsFromDirectoryLoader, - mockExampleQueryDocsFromDirectoryLoader, -} from '../../../__mocks__/docs_from_directory_loader'; -import { ESQL_RESOURCE } from '../../../routes/knowledge_base/constants'; -import { AIAssistantKnowledgeBaseDataClient } from '../../../ai_assistant_data_clients/knowledge_base'; - -let mockLoad = jest.fn(); - -jest.mock('langchain/document_loaders/fs/directory', () => ({ - DirectoryLoader: jest.fn().mockImplementation(() => ({ - load: mockLoad, - })), -})); - -jest.mock('langchain/document_loaders/fs/text', () => ({ - TextLoader: jest.fn().mockImplementation(() => ({})), -})); - -const kbDataClient = { - addKnowledgeBaseDocuments: jest.fn().mockResolvedValue(['1', '2', '3', '4', '5']), -} as unknown as AIAssistantKnowledgeBaseDataClient; - -const logger = { - info: jest.fn(), - error: jest.fn(), -} as unknown as Logger; - -describe('loadESQL', () => { - beforeEach(() => { - jest.clearAllMocks(); - - mockLoad = jest - .fn() - .mockReturnValueOnce(mockEsqlDocsFromDirectoryLoader) - .mockReturnValueOnce(mockEsqlLanguageDocsFromDirectoryLoader) - .mockReturnValueOnce(mockExampleQueryDocsFromDirectoryLoader); - }); - - describe('loadESQL', () => { - beforeEach(async () => { - await loadESQL(kbDataClient, logger); - }); - - it('loads ES|QL docs, language files, and example queries into the Knowledge Base', async () => { - expect(kbDataClient.addKnowledgeBaseDocuments).toHaveBeenCalledWith({ - documents: [ - ...addRequiredKbResourceMetadata({ - docs: mockEsqlDocsFromDirectoryLoader, - kbResource: ESQL_RESOURCE, - required: false, - }), - ...addRequiredKbResourceMetadata({ - docs: mockEsqlLanguageDocsFromDirectoryLoader, - kbResource: ESQL_RESOURCE, - required: false, - }), - ...addRequiredKbResourceMetadata({ - docs: mockExampleQueryDocsFromDirectoryLoader, - kbResource: ESQL_RESOURCE, - required: true, - }), - ], - global: true, - }); - }); - - it('logs the expected (distinct) counts for each category of documents', async () => { - expect((logger.info as jest.Mock).mock.calls[0][0]).toEqual( - 'Loading 1 ES|QL docs, 2 language docs, and 3 example queries into the Knowledge Base' - ); - }); - - it('logs the expected total of all documents loaded', async () => { - expect((logger.info as jest.Mock).mock.calls[1][0]).toEqual( - 'Loaded 5 ES|QL docs, language docs, and example queries into the Knowledge Base' - ); - }); - - it('does NOT log an error in the happy path', async () => { - expect(logger.error).not.toHaveBeenCalled(); - }); - }); - - it('returns true if documents were loaded', async () => { - (kbDataClient.addKnowledgeBaseDocuments as jest.Mock).mockResolvedValueOnce([ - 'this is a response', - ]); - - const result = await loadESQL(kbDataClient, logger); - - expect(result).toBe(true); - }); - - it('returns false if documents were NOT loaded', async () => { - (kbDataClient.addKnowledgeBaseDocuments as jest.Mock).mockResolvedValueOnce([]); - - const result = await loadESQL(kbDataClient, logger); - - expect(result).toBe(false); - }); - - it('logs the expected error if loading fails', async () => { - const error = new Error('Failed to load documents'); - (kbDataClient.addKnowledgeBaseDocuments as jest.Mock).mockRejectedValueOnce(error); - - await loadESQL(kbDataClient, logger); - - expect(logger.error).toHaveBeenCalledWith( - 'Failed to load ES|QL docs, language docs, and example queries into the Knowledge Base\nError: Failed to load documents' - ); - }); -}); diff --git a/x-pack/plugins/elastic_assistant/server/lib/langchain/content_loaders/esql_loader.ts b/x-pack/plugins/elastic_assistant/server/lib/langchain/content_loaders/esql_loader.ts deleted file mode 100644 index 4668671674bc3..0000000000000 --- a/x-pack/plugins/elastic_assistant/server/lib/langchain/content_loaders/esql_loader.ts +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { Logger } from '@kbn/core/server'; -import { DirectoryLoader } from 'langchain/document_loaders/fs/directory'; -import { TextLoader } from 'langchain/document_loaders/fs/text'; -import { resolve } from 'path'; -import { Document } from 'langchain/document'; - -import { Metadata } from '@kbn/elastic-assistant-common'; -import { addRequiredKbResourceMetadata } from './add_required_kb_resource_metadata'; -import { ESQL_RESOURCE } from '../../../routes/knowledge_base/constants'; -import { AIAssistantKnowledgeBaseDataClient } from '../../../ai_assistant_data_clients/knowledge_base'; - -/** - * Loads the ESQL docs and language files into the Knowledge Base. - */ -export const loadESQL = async ( - kbDataClient: AIAssistantKnowledgeBaseDataClient, - logger: Logger -): Promise => { - try { - const docsLoader = new DirectoryLoader( - resolve(__dirname, '../../../knowledge_base/esql/documentation'), - { - '.asciidoc': (path) => new TextLoader(path), - }, - true - ); - - const languageLoader = new DirectoryLoader( - resolve(__dirname, '../../../knowledge_base/esql/language_definition'), - { - '.g4': (path) => new TextLoader(path), - '.tokens': (path) => new TextLoader(path), - }, - true - ); - - const exampleQueriesLoader = new DirectoryLoader( - resolve(__dirname, '../../../knowledge_base/esql/example_queries'), - { - '.asciidoc': (path) => new TextLoader(path), - }, - true - ); - - const docs = (await docsLoader.load()) as Array>; - const languageDocs = (await languageLoader.load()) as Array>; - const rawExampleQueries = await exampleQueriesLoader.load(); - - // Add additional metadata to the example queries that indicates they are required KB documents: - const requiredExampleQueries = addRequiredKbResourceMetadata({ - docs: rawExampleQueries, - kbResource: ESQL_RESOURCE, - }) as Array>; - - // And make sure remaining docs have `kbResource:esql` - const docsWithMetadata = addRequiredKbResourceMetadata({ - docs, - kbResource: ESQL_RESOURCE, - required: false, - }) as Array>; - - const languageDocsWithMetadata = addRequiredKbResourceMetadata({ - docs: languageDocs, - kbResource: ESQL_RESOURCE, - required: false, - }) as Array>; - - logger.info( - `Loading ${docsWithMetadata.length} ES|QL docs, ${languageDocsWithMetadata.length} language docs, and ${requiredExampleQueries.length} example queries into the Knowledge Base` - ); - - const response = await kbDataClient.addKnowledgeBaseDocuments({ - documents: [...docsWithMetadata, ...languageDocsWithMetadata, ...requiredExampleQueries], - global: true, - }); - - logger.info( - `Loaded ${ - response?.length ?? 0 - } ES|QL docs, language docs, and example queries into the Knowledge Base` - ); - - return response.length > 0; - } catch (e) { - logger.error( - `Failed to load ES|QL docs, language docs, and example queries into the Knowledge Base\n${e}` - ); - return false; - } -}; diff --git a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/elasticsearch_store.test.ts b/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/elasticsearch_store.test.ts index e45ad55999af6..4d32d7bc02da9 100644 --- a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/elasticsearch_store.test.ts +++ b/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/elasticsearch_store.test.ts @@ -308,18 +308,7 @@ describe('ElasticsearchStore', () => { { query: { bool: { - must_not: [ - { - term: { - 'metadata.kbResource': 'esql', - }, - }, - { - term: { - 'metadata.required': true, - }, - }, - ], + must_not: [{ term: { 'metadata.required': true } }], must: [ { text_expansion: { @@ -340,18 +329,7 @@ describe('ElasticsearchStore', () => { { query: { bool: { - must: [ - { - term: { - 'metadata.kbResource': 'esql', - }, - }, - { - term: { - 'metadata.required': true, - }, - }, - ], + must: [{ term: { 'metadata.required': true } }], }, }, size: TERMS_QUERY_SIZE, @@ -374,18 +352,7 @@ describe('ElasticsearchStore', () => { { query: { bool: { - must_not: [ - { - term: { - 'metadata.kbResource': 'esql', - }, - }, - { - term: { - 'metadata.required': true, - }, - }, - ], + must_not: [{ term: { 'metadata.required': true } }], must: [ { text_expansion: { @@ -406,18 +373,7 @@ describe('ElasticsearchStore', () => { { query: { bool: { - must: [ - { - term: { - 'metadata.kbResource': 'esql', - }, - }, - { - term: { - 'metadata.required': true, - }, - }, - ], + must: [{ term: { 'metadata.required': true } }], }, }, size: TERMS_QUERY_SIZE, @@ -433,7 +389,6 @@ describe('ElasticsearchStore', () => { expect(reportEvent).toHaveBeenCalledWith(KNOWLEDGE_BASE_EXECUTION_SUCCESS_EVENT.eventType, { model: '.elser_model_2', - resourceAccessed: 'esql', responseTime: 142, resultCount: 2, }); @@ -446,7 +401,6 @@ describe('ElasticsearchStore', () => { expect(reportEvent).toHaveBeenCalledWith(KNOWLEDGE_BASE_EXECUTION_ERROR_EVENT.eventType, { model: '.elser_model_2', - resourceAccessed: 'esql', errorMessage: 'Oh no!', }); }); diff --git a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/elasticsearch_store.ts b/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/elasticsearch_store.ts index 48ea50d9d4fe8..78c1b104685ad 100644 --- a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/elasticsearch_store.ts +++ b/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/elasticsearch_store.ts @@ -26,7 +26,6 @@ import { getTermsSearchQuery } from './helpers/get_terms_search_query'; import { getVectorSearchQuery } from './helpers/get_vector_search_query'; import type { MsearchResponse } from './helpers/types'; import { - ESQL_RESOURCE, KNOWLEDGE_BASE_INDEX_PATTERN, KNOWLEDGE_BASE_INGEST_PIPELINE, } from '../../../routes/knowledge_base/constants'; @@ -72,7 +71,7 @@ export class ElasticsearchStore extends VectorStore { private readonly logger: Logger; private readonly telemetry: AnalyticsServiceSetup; private readonly model: string; - private kbResource: string; + private kbResource?: string; _vectorstoreType(): string { return 'elasticsearch'; @@ -93,7 +92,7 @@ export class ElasticsearchStore extends VectorStore { this.logger = logger; this.telemetry = telemetry; this.model = model ?? '.elser_model_2'; - this.kbResource = kbResource ?? ESQL_RESOURCE; + this.kbResource = kbResource; this.kbDataClient = kbDataClient; } @@ -269,7 +268,7 @@ export class ElasticsearchStore extends VectorStore { this.telemetry.reportEvent(KNOWLEDGE_BASE_EXECUTION_SUCCESS_EVENT.eventType, { model: this.model, - resourceAccessed: this.kbResource, + ...(this.kbResource != null ? { resourceAccessed: this.kbResource } : {}), resultCount: results.length, responseTime: result.took ?? 0, }); @@ -288,7 +287,7 @@ export class ElasticsearchStore extends VectorStore { const error = transformError(e); this.telemetry.reportEvent(KNOWLEDGE_BASE_EXECUTION_ERROR_EVENT.eventType, { model: this.model, - resourceAccessed: this.kbResource, + ...(this.kbResource != null ? { resourceAccessed: this.kbResource } : {}), errorMessage: error.message, }); this.logger.error(e); diff --git a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_required_kb_docs_terms_query_dsl.ts b/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_required_kb_docs_terms_query_dsl.ts index ba5af8c3bfef7..df3e8f42ad63b 100644 --- a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_required_kb_docs_terms_query_dsl.ts +++ b/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_required_kb_docs_terms_query_dsl.ts @@ -20,13 +20,17 @@ import type { Field, FieldValue, QueryDslTermQuery } from '@elastic/elasticsearc * @returns An array of `term`s that may be used in a `bool` Elasticsearch DSL query to filter in/out required KB documents */ export const getRequiredKbDocsTermsQueryDsl = ( - kbResource: string + kbResource?: string ): Array>> => [ - { - term: { - 'metadata.kbResource': kbResource, - }, - }, + ...(kbResource != null + ? [ + { + term: { + 'metadata.kbResource': kbResource, + }, + }, + ] + : []), { term: { 'metadata.required': true, diff --git a/x-pack/plugins/elastic_assistant/server/lib/telemetry/event_based_telemetry.ts b/x-pack/plugins/elastic_assistant/server/lib/telemetry/event_based_telemetry.ts index 4ba95896d7058..5ff5ff894dffe 100644 --- a/x-pack/plugins/elastic_assistant/server/lib/telemetry/event_based_telemetry.ts +++ b/x-pack/plugins/elastic_assistant/server/lib/telemetry/event_based_telemetry.ts @@ -9,7 +9,7 @@ import type { EventTypeOpts } from '@kbn/core/server'; export const KNOWLEDGE_BASE_EXECUTION_SUCCESS_EVENT: EventTypeOpts<{ model: string; - resourceAccessed: string; + resourceAccessed?: string; resultCount: number; responseTime: number; }> = { @@ -25,6 +25,7 @@ export const KNOWLEDGE_BASE_EXECUTION_SUCCESS_EVENT: EventTypeOpts<{ type: 'keyword', _meta: { description: 'Which knowledge base resource was accessed', + optional: true, }, }, resultCount: { @@ -44,7 +45,7 @@ export const KNOWLEDGE_BASE_EXECUTION_SUCCESS_EVENT: EventTypeOpts<{ export const KNOWLEDGE_BASE_EXECUTION_ERROR_EVENT: EventTypeOpts<{ model: string; - resourceAccessed: string; + resourceAccessed?: string; errorMessage: string; }> = { eventType: 'knowledge_base_execution_error', @@ -59,6 +60,7 @@ export const KNOWLEDGE_BASE_EXECUTION_ERROR_EVENT: EventTypeOpts<{ type: 'keyword', _meta: { description: 'Which knowledge base resource was accessed', + optional: true, }, }, errorMessage: { diff --git a/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/constants.ts b/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/constants.ts index e50faf8a434e2..89970611df0e9 100644 --- a/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/constants.ts +++ b/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/constants.ts @@ -5,13 +5,10 @@ * 2.0. */ -export const MODEL_EVALUATION_RESULTS_INDEX_PATTERN = - '.kibana-elastic-ai-assistant-evaluation-results'; export const KNOWLEDGE_BASE_INDEX_PATTERN = '.kibana-elastic-ai-assistant-kb'; export const KNOWLEDGE_BASE_INGEST_PIPELINE = '.kibana-elastic-ai-assistant-kb-ingest-pipeline'; // Query for determining if ESQL docs have been loaded, searches for a specific doc. Intended for the ElasticsearchStore.similaritySearch() // Note: We may want to add a tag of the resource name to the document metadata, so we can CRUD by specific resource export const ESQL_DOCS_LOADED_QUERY = 'You can chain processing commands, separated by a pipe character: `|`.'; -export const ESQL_RESOURCE = 'esql'; export const SECURITY_LABS_RESOURCE = 'security_labs'; diff --git a/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/entries/find_route.ts b/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/entries/find_route.ts index 7bafff17352dc..356d5d9150a67 100644 --- a/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/entries/find_route.ts +++ b/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/entries/find_route.ts @@ -26,7 +26,7 @@ import { performChecks } from '../../helpers'; import { transformESSearchToKnowledgeBaseEntry } from '../../../ai_assistant_data_clients/knowledge_base/transforms'; import { EsKnowledgeBaseEntrySchema } from '../../../ai_assistant_data_clients/knowledge_base/types'; import { getKBUserFilter } from './utils'; -import { ESQL_RESOURCE, SECURITY_LABS_RESOURCE } from '../constants'; +import { SECURITY_LABS_RESOURCE } from '../constants'; export const findKnowledgeBaseEntriesRoute = (router: ElasticAssistantPluginRouter) => { router.versioned @@ -108,12 +108,6 @@ export const findKnowledgeBaseEntriesRoute = (router: ElasticAssistantPluginRout }); const systemEntries = [ - { - bucketId: 'esqlDocsId', - kbResource: ESQL_RESOURCE, - name: 'ES|QL documents', - required: true, - }, { bucketId: 'securityLabsId', kbResource: SECURITY_LABS_RESOURCE, diff --git a/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/get_knowledge_base_status.test.ts b/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/get_knowledge_base_status.test.ts index 7f1d1d0149f56..6244599a2af27 100644 --- a/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/get_knowledge_base_status.test.ts +++ b/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/get_knowledge_base_status.test.ts @@ -36,6 +36,8 @@ describe('Get Knowledge Base Status Route', () => { isModelInstalled: jest.fn().mockResolvedValue(true), isSetupAvailable: jest.fn().mockResolvedValue(true), isModelDeployed: jest.fn().mockResolvedValue(true), + isSetupInProgress: false, + isSecurityLabsDocsLoaded: jest.fn().mockResolvedValue(true), }); getKnowledgeBaseStatusRoute(server.router); @@ -44,10 +46,19 @@ describe('Get Knowledge Base Status Route', () => { describe('Status codes', () => { test('returns 200 if all statuses are false', async () => { const response = await server.inject( - getGetKnowledgeBaseStatusRequest('esql'), + getGetKnowledgeBaseStatusRequest(), requestContextMock.convertContext(context) ); + expect(response.status).toEqual(200); + expect(response.body).toEqual({ + elser_exists: true, + index_exists: true, + is_setup_in_progress: false, + is_setup_available: true, + pipeline_exists: true, + security_labs_exists: true, + }); }); }); }); diff --git a/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/get_knowledge_base_status.ts b/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/get_knowledge_base_status.ts index 3e4fcbb7f404b..833e674b68ffd 100644 --- a/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/get_knowledge_base_status.ts +++ b/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/get_knowledge_base_status.ts @@ -15,10 +15,8 @@ import { } from '@kbn/elastic-assistant-common'; import { buildRouteValidationWithZod } from '@kbn/elastic-assistant-common/impl/schemas/common'; import { KibanaRequest } from '@kbn/core/server'; -import { getKbResource } from './get_kb_resource'; import { buildResponse } from '../../lib/build_response'; import { ElasticAssistantPluginRouter } from '../../types'; -import { ESQL_RESOURCE } from './constants'; import { isV2KnowledgeBaseEnabled } from '../helpers'; /** @@ -51,9 +49,6 @@ export const getKnowledgeBaseStatusRoute = (router: ElasticAssistantPluginRouter const logger = ctx.elasticAssistant.logger; try { - // Use asInternalUser - const kbResource = getKbResource(request); - // FF Check for V2 KB const v2KnowledgeBaseEnabled = isV2KnowledgeBaseEnabled({ context: ctx, request }); @@ -78,13 +73,11 @@ export const getKnowledgeBaseStatusRoute = (router: ElasticAssistantPluginRouter pipeline_exists: pipelineExists, }; - if (indexExists && isModelDeployed && kbResource === ESQL_RESOURCE) { - const esqlExists = await kbDataClient.isESQLDocsLoaded(); + if (indexExists && isModelDeployed) { const securityLabsExists = await kbDataClient.isSecurityLabsDocsLoaded(); return response.ok({ body: { ...body, - esql_exists: esqlExists, security_labs_exists: v2KnowledgeBaseEnabled ? securityLabsExists : true, }, }); diff --git a/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/post_knowledge_base.ts b/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/post_knowledge_base.ts index b5abf30b2bf07..e57018cac3706 100644 --- a/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/post_knowledge_base.ts +++ b/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/post_knowledge_base.ts @@ -17,7 +17,6 @@ import { IKibanaResponse } from '@kbn/core/server'; import { buildResponse } from '../../lib/build_response'; import { ElasticAssistantPluginRouter } from '../../types'; import { isV2KnowledgeBaseEnabled } from '../helpers'; -import { ESQL_RESOURCE } from './constants'; // Since we're awaiting on ELSER setup, this could take a bit (especially if ML needs to autoscale) // Consider just returning if attempt was successful, and switch to client polling @@ -55,7 +54,6 @@ export const postKnowledgeBaseRoute = (router: ElasticAssistantPluginRouter) => const assistantContext = ctx.elasticAssistant; const core = ctx.core; const soClient = core.savedObjects.getClient(); - const kbResource = request.params.resource; // FF Check for V2 KB const v2KnowledgeBaseEnabled = isV2KnowledgeBaseEnabled({ context: ctx, request }); @@ -73,10 +71,8 @@ export const postKnowledgeBaseRoute = (router: ElasticAssistantPluginRouter) => return response.custom({ body: { success: false }, statusCode: 500 }); } - const installEsqlDocs = kbResource === ESQL_RESOURCE; await knowledgeBaseDataClient.setupKnowledgeBase({ soClient, - installEsqlDocs, installSecurityLabsDocs: v2KnowledgeBaseEnabled, }); diff --git a/x-pack/plugins/security_solution/common/experimental_features.ts b/x-pack/plugins/security_solution/common/experimental_features.ts index 9536e89f3cf21..1ae20af759611 100644 --- a/x-pack/plugins/security_solution/common/experimental_features.ts +++ b/x-pack/plugins/security_solution/common/experimental_features.ts @@ -118,11 +118,6 @@ export const allowedExperimentalValues = Object.freeze({ */ assistantKnowledgeBaseByDefault: false, - /** - * Enables the NaturalLanguageESQLTool and disables the ESQLKnowledgeBaseTool, introduced in `8.16.0`. - */ - assistantNaturalLanguageESQLTool: false, - /** * Enables the Managed User section inside the new user details flyout. */ diff --git a/x-pack/plugins/security_solution/server/assistant/tools/esql_language_knowledge_base/common.ts b/x-pack/plugins/security_solution/server/assistant/tools/esql/common.ts similarity index 100% rename from x-pack/plugins/security_solution/server/assistant/tools/esql_language_knowledge_base/common.ts rename to x-pack/plugins/security_solution/server/assistant/tools/esql/common.ts diff --git a/x-pack/plugins/security_solution/server/assistant/tools/esql_language_knowledge_base/nl_to_esql_tool.test.ts b/x-pack/plugins/security_solution/server/assistant/tools/esql/nl_to_esql_tool.test.ts similarity index 100% rename from x-pack/plugins/security_solution/server/assistant/tools/esql_language_knowledge_base/nl_to_esql_tool.test.ts rename to x-pack/plugins/security_solution/server/assistant/tools/esql/nl_to_esql_tool.test.ts diff --git a/x-pack/plugins/security_solution/server/assistant/tools/esql_language_knowledge_base/nl_to_esql_tool.ts b/x-pack/plugins/security_solution/server/assistant/tools/esql/nl_to_esql_tool.ts similarity index 100% rename from x-pack/plugins/security_solution/server/assistant/tools/esql_language_knowledge_base/nl_to_esql_tool.ts rename to x-pack/plugins/security_solution/server/assistant/tools/esql/nl_to_esql_tool.ts diff --git a/x-pack/plugins/security_solution/server/assistant/tools/esql_language_knowledge_base/esql_language_knowledge_base_tool.test.ts b/x-pack/plugins/security_solution/server/assistant/tools/esql_language_knowledge_base/esql_language_knowledge_base_tool.test.ts deleted file mode 100644 index 589c95e8483bf..0000000000000 --- a/x-pack/plugins/security_solution/server/assistant/tools/esql_language_knowledge_base/esql_language_knowledge_base_tool.test.ts +++ /dev/null @@ -1,135 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { DynamicTool } from '@langchain/core/tools'; -import { ESQL_KNOWLEDGE_BASE_TOOL } from './esql_language_knowledge_base_tool'; -import type { ElasticsearchClient } from '@kbn/core-elasticsearch-server'; -import type { KibanaRequest } from '@kbn/core-http-server'; -import type { ExecuteConnectorRequestBody } from '@kbn/elastic-assistant-common/impl/schemas/actions_connector/post_actions_connector_execute_route.gen'; -import { loggerMock } from '@kbn/logging-mocks'; -import type { AIAssistantKnowledgeBaseDataClient } from '@kbn/elastic-assistant-plugin/server/ai_assistant_data_clients/knowledge_base'; -import { getPromptSuffixForOssModel } from './common'; - -describe('EsqlLanguageKnowledgeBaseTool', () => { - const kbDataClient = jest.fn() as unknown as AIAssistantKnowledgeBaseDataClient; - const esClient = { - search: jest.fn().mockResolvedValue({}), - } as unknown as ElasticsearchClient; - const request = { - body: { - isEnabledKnowledgeBase: false, - alertsIndexPattern: '.alerts-security.alerts-default', - allow: ['@timestamp', 'cloud.availability_zone', 'user.name'], - allowReplacement: ['user.name'], - replacements: { key: 'value' }, - size: 20, - }, - } as unknown as KibanaRequest; - const logger = loggerMock.create(); - const rest = { - kbDataClient, - esClient, - logger, - request, - }; - - describe('isSupported', () => { - it('returns false if isEnabledKnowledgeBase is false', () => { - const params = { - isEnabledKnowledgeBase: false, - modelExists: true, - ...rest, - }; - - expect(ESQL_KNOWLEDGE_BASE_TOOL.isSupported(params)).toBe(false); - }); - - it('returns false if modelExists is false (the ELSER model is not installed)', () => { - const params = { - isEnabledKnowledgeBase: true, - modelExists: false, // <-- ELSER model is not installed - ...rest, - }; - - expect(ESQL_KNOWLEDGE_BASE_TOOL.isSupported(params)).toBe(false); - }); - - it('returns true if isEnabledKnowledgeBase and modelExists are true', () => { - const params = { - isEnabledKnowledgeBase: true, - modelExists: true, - ...rest, - }; - - expect(ESQL_KNOWLEDGE_BASE_TOOL.isSupported(params)).toBe(true); - }); - }); - - describe('getTool', () => { - it('returns null if isEnabledKnowledgeBase is false', () => { - const tool = ESQL_KNOWLEDGE_BASE_TOOL.getTool({ - isEnabledKnowledgeBase: false, - modelExists: true, - ...rest, - }); - - expect(tool).toBeNull(); - }); - - it('returns null if modelExists is false (the ELSER model is not installed)', () => { - const tool = ESQL_KNOWLEDGE_BASE_TOOL.getTool({ - isEnabledKnowledgeBase: true, - modelExists: false, // <-- ELSER model is not installed - ...rest, - }); - - expect(tool).toBeNull(); - }); - - it('should return a Tool instance if isEnabledKnowledgeBase and modelExists are true', () => { - const tool = ESQL_KNOWLEDGE_BASE_TOOL.getTool({ - isEnabledKnowledgeBase: true, - modelExists: true, - ...rest, - }); - - expect(tool?.name).toEqual('ESQLKnowledgeBaseTool'); - }); - - it('should return a tool with the expected tags', () => { - const tool = ESQL_KNOWLEDGE_BASE_TOOL.getTool({ - isEnabledKnowledgeBase: true, - modelExists: true, - ...rest, - }) as DynamicTool; - - expect(tool.tags).toEqual(['esql', 'query-generation', 'knowledge-base']); - }); - - it('should return tool with the expected description for OSS model', () => { - const tool = ESQL_KNOWLEDGE_BASE_TOOL.getTool({ - isEnabledKnowledgeBase: true, - modelExists: true, - isOssModel: true, - ...rest, - }) as DynamicTool; - - expect(tool.description).toContain(getPromptSuffixForOssModel('ESQLKnowledgeBaseTool')); - }); - - it('should return tool with the expected description for non-OSS model', () => { - const tool = ESQL_KNOWLEDGE_BASE_TOOL.getTool({ - isEnabledKnowledgeBase: true, - modelExists: true, - isOssModel: false, - ...rest, - }) as DynamicTool; - - expect(tool.description).not.toContain(getPromptSuffixForOssModel('ESQLKnowledgeBaseTool')); - }); - }); -}); diff --git a/x-pack/plugins/security_solution/server/assistant/tools/esql_language_knowledge_base/esql_language_knowledge_base_tool.ts b/x-pack/plugins/security_solution/server/assistant/tools/esql_language_knowledge_base/esql_language_knowledge_base_tool.ts deleted file mode 100644 index 37e037898cd20..0000000000000 --- a/x-pack/plugins/security_solution/server/assistant/tools/esql_language_knowledge_base/esql_language_knowledge_base_tool.ts +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { DynamicStructuredTool } from '@langchain/core/tools'; -import { DirectoryLoader } from 'langchain/document_loaders/fs/directory'; -import { TextLoader } from 'langchain/document_loaders/fs/text'; -import type { Document } from 'langchain/document'; -import { resolve } from 'path'; -import { z } from '@kbn/zod'; -import type { AssistantTool, AssistantToolParams } from '@kbn/elastic-assistant-plugin/server'; -import { ESQL_RESOURCE } from '@kbn/elastic-assistant-plugin/server/routes/knowledge_base/constants'; -import { APP_UI_ID } from '../../../../common'; -import { getPromptSuffixForOssModel } from './common'; - -const TOOL_NAME = 'ESQLKnowledgeBaseTool'; - -const toolDetails = { - id: 'esql-knowledge-base-tool', - name: TOOL_NAME, - description: - 'Call this for knowledge on how to build an ESQL query, or answer questions about the ES|QL query language. Input must always be the user query on a single line, with no other text. Your answer will be parsed as JSON, so never use quotes within the output and instead use backticks. Do not add any additional text to describe your output.', -}; -export const ESQL_KNOWLEDGE_BASE_TOOL: AssistantTool = { - ...toolDetails, - sourceRegister: APP_UI_ID, - isSupported: (params: AssistantToolParams): params is AssistantToolParams => { - const { kbDataClient, isEnabledKnowledgeBase, modelExists } = params; - return isEnabledKnowledgeBase && modelExists && kbDataClient != null; - }, - getTool(params: AssistantToolParams) { - if (!this.isSupported(params)) return null; - - const { kbDataClient, isOssModel } = params as AssistantToolParams; - if (kbDataClient == null) return null; - - return new DynamicStructuredTool({ - name: toolDetails.name, - description: - toolDetails.description + (isOssModel ? getPromptSuffixForOssModel(TOOL_NAME) : ''), - schema: z.object({ - question: z.string().describe(`The user's exact question about ESQL`), - }), - func: async (input) => { - const exampleQueriesLoader = new DirectoryLoader( - resolve( - __dirname, - '../../../../../elastic_assistant/server/knowledge_base/esql/example_queries' - ), - { - '.asciidoc': (path) => new TextLoader(path), - }, - true - ); - const rawExampleQueries = await exampleQueriesLoader.load(); - - const docs = await kbDataClient.getKnowledgeBaseDocumentEntries({ - kbResource: ESQL_RESOURCE, - query: input.question, - }); - - let legacyDocs: Document[] = []; - - if (!kbDataClient?.isV2KnowledgeBaseEnabled) { - legacyDocs = await kbDataClient.getKnowledgeBaseDocumentEntries({ - kbResource: 'unknown', - query: input.question, - }); - } - - return JSON.stringify([...rawExampleQueries, ...docs, ...legacyDocs]).substring(0, 50000); - }, - tags: ['esql', 'query-generation', 'knowledge-base'], - // TODO: Remove after ZodAny is fixed https://github.com/langchain-ai/langchainjs/blob/main/langchain-core/src/tools.ts - }) as unknown as DynamicStructuredTool; - }, -}; diff --git a/x-pack/plugins/security_solution/server/assistant/tools/index.test.ts b/x-pack/plugins/security_solution/server/assistant/tools/index.test.ts index 0d719adc80fe2..70d0daea037ed 100644 --- a/x-pack/plugins/security_solution/server/assistant/tools/index.test.ts +++ b/x-pack/plugins/security_solution/server/assistant/tools/index.test.ts @@ -13,7 +13,7 @@ describe('getAssistantTools', () => { }); it('should return an array of applicable tools', () => { - const tools = getAssistantTools({ naturalLanguageESQLToolEnabled: true }); + const tools = getAssistantTools({}); const minExpectedTools = 3; // 3 tools are currently implemented diff --git a/x-pack/plugins/security_solution/server/assistant/tools/index.ts b/x-pack/plugins/security_solution/server/assistant/tools/index.ts index fa0098dce1eec..a704aaa44d0a1 100644 --- a/x-pack/plugins/security_solution/server/assistant/tools/index.ts +++ b/x-pack/plugins/security_solution/server/assistant/tools/index.ts @@ -7,8 +7,7 @@ import type { AssistantTool } from '@kbn/elastic-assistant-plugin/server'; -import { ESQL_KNOWLEDGE_BASE_TOOL } from './esql_language_knowledge_base/esql_language_knowledge_base_tool'; -import { NL_TO_ESQL_TOOL } from './esql_language_knowledge_base/nl_to_esql_tool'; +import { NL_TO_ESQL_TOOL } from './esql/nl_to_esql_tool'; import { ALERT_COUNTS_TOOL } from './alert_counts/alert_counts_tool'; import { OPEN_AND_ACKNOWLEDGED_ALERTS_TOOL } from './open_and_acknowledged_alerts/open_and_acknowledged_alerts_tool'; import { ATTACK_DISCOVERY_TOOL } from './attack_discovery/attack_discovery_tool'; @@ -17,16 +16,14 @@ import { KNOWLEDGE_BASE_WRITE_TOOL } from './knowledge_base/knowledge_base_write import { SECURITY_LABS_KNOWLEDGE_BASE_TOOL } from './security_labs/security_labs_tool'; export const getAssistantTools = ({ - naturalLanguageESQLToolEnabled, assistantKnowledgeBaseByDefault, }: { - naturalLanguageESQLToolEnabled?: boolean; assistantKnowledgeBaseByDefault?: boolean; }): AssistantTool[] => { const tools = [ ALERT_COUNTS_TOOL, ATTACK_DISCOVERY_TOOL, - naturalLanguageESQLToolEnabled ? NL_TO_ESQL_TOOL : ESQL_KNOWLEDGE_BASE_TOOL, + NL_TO_ESQL_TOOL, KNOWLEDGE_BASE_RETRIEVAL_TOOL, KNOWLEDGE_BASE_WRITE_TOOL, OPEN_AND_ACKNOWLEDGED_ALERTS_TOOL, diff --git a/x-pack/plugins/security_solution/server/plugin.ts b/x-pack/plugins/security_solution/server/plugin.ts index 1becac2c75f71..1f144f8189ed7 100644 --- a/x-pack/plugins/security_solution/server/plugin.ts +++ b/x-pack/plugins/security_solution/server/plugin.ts @@ -536,8 +536,6 @@ export class Plugin implements ISecuritySolutionPlugin { plugins.elasticAssistant.registerTools( APP_UI_ID, getAssistantTools({ - naturalLanguageESQLToolEnabled: - config.experimentalFeatures.assistantNaturalLanguageESQLTool, assistantKnowledgeBaseByDefault: config.experimentalFeatures.assistantKnowledgeBaseByDefault, })