ES|QL grouping functions

The STATS command supports these grouping functions:

• BUCKET

  Creates groups of values (buckets) from a datetime or numeric input.

• CATEGORIZE

  Groups text messages into categories of similarly formatted text values.

• TBUCKET

  Creates timestamp-based buckets aligned to calendar boundaries.

• WITHOUT

The INLINE STATS command supports these grouping functions:

• BUCKET
• TBUCKET