ES|QL aggregation functions

The STATS and INLINE STATS commands support these aggregate functions:

• ABSENT

  Returns true if the input expression yields no non-null values.

• AVG

  Returns the average of a numeric field.

• COUNT

  Returns the total number of input values.

• COUNT_DISTINCT

  Returns the approximate number of distinct values.

• EARLIEST

  Returns the earliest value of a field sorted by timestamp.

• FIRST

  Returns the earliest occurrence of a field based on a sort field.

• LAST

  Returns the latest occurrence of a field based on a sort field.

• LATEST

  Returns the latest value of a field sorted by timestamp.

• MAX

  Returns the maximum value of a field.

• MEDIAN

  Returns the median value of a numeric field.

• MEDIAN_ABSOLUTE_DEVIATION

  Returns the median absolute deviation, a robust measure of variability.

• MIN

  Returns the minimum value of a field.

• PERCENTILE

  Returns the value at which a certain percentage of observed values occur.

• PRESENT

  Returns true if the input expression yields any non-null values.

• SAMPLE

  Collects sample values for a field.

• SPARKLINE

  Computes y-axis values of a sparkline graph for an aggregation over time.

• ST_CENTROID_AGG

  Calculates the spatial centroid over a field with geometry type.

• ST_EXTENT_AGG

  Calculates the spatial extent bounding box over a field with geometry type.

• STD_DEV

  Returns the population standard deviation of a numeric field.

• SUM

  Returns the sum of a numeric expression.

• TOP

  Collects the top values for a field, including repeated values.

• VALUES

  Returns unique deduplicated values as a multivalued field.

• VARIANCE

  Returns the population variance of a numeric field.

• WEIGHTED_AVG

  Returns the weighted average of a numeric expression.