ES|QL FORK command
The FORK processing command creates multiple execution branches to operate
on the same input data and combines the results in a single output table.
FORK ( <processing_commands> ) ( <processing_commands> ) ... ( <processing_commands> )
The FORK processing command creates multiple execution branches to operate
on the same input data and combines the results in a single output table. A discriminator column (_fork) is added to identify which branch each row came from.
Together with the FUSE command, FORK enables hybrid search to combine and score results from multiple queries. To learn more about using ES|QL for search, refer to ES|QL for search.
FORK branches default to LIMIT 1000 if no LIMIT is provided.
FORK merges its branch outputs into a single table, adding a _fork discriminator
column to each row to indicate which branch it came from.
The _fork column takes values like fork1, fork2, fork3, corresponding to the
order branches are defined.
Branches can output different columns. Columns with the same name must have the same
data type across all branches; missing columns are filled with null values.
Row order is preserved within each branch, but rows from different branches may be
interleaved. Use SORT _fork to group results by branch.
FORKsupports at most 8 execution branches.- In versions older than 9.3.0 using remote cluster references and
FORKis not supported. - Using more than one
FORKcommand in a query is not supported.
The following examples show how to run parallel branches and combine their results.
Each FORK branch returns one row. FORK adds a _fork column that indicates
which branch each row came from:
FROM employees
| FORK ( WHERE emp_no == 10001 )
( WHERE emp_no == 10002 )
| KEEP emp_no, _fork
| SORT emp_no
| emp_no:integer | _fork:keyword |
|---|---|
| 10001 | fork1 |
| 10002 | fork2 |
Returns the total number of rows that match the query along with the top five rows sorted by score:
FROM books METADATA _score
| WHERE author:"Faulkner"
| EVAL score = round(_score, 2)
| FORK (SORT score DESC, author | LIMIT 5 | KEEP author, score)
(STATS total = COUNT(*))
| SORT _fork, score DESC, author
| author:text | score:double | _fork:keyword | total:long |
|---|---|---|---|
| Colleen Faulkner | 2.18 | fork1 | null |
| William Faulkner | 2.18 | fork1 | null |
| Danny Faulkner | 2.02 | fork1 | null |
| Paul Faulkner | 2.02 | fork1 | null |
| William Faulkner | 2.02 | fork1 | null |
| null | null | fork2 | 18 |