elasticsearch/docs/reference/query-languages/esql/_snippets/functions/examples/case.md

% This is generated by ESQL's AbstractFunctionTestCase. Do not edit it. See ../README.md for how to regenerate it.

**Examples**

Determine whether employees are monolingual, bilingual, or polyglot:

```esql
FROM employees
| EVAL type = CASE(
    languages <= 1, "monolingual",
    languages <= 2, "bilingual",
     "polyglot")
| KEEP emp_no, languages, type
```

| emp_no:integer | languages:integer | type:keyword |
| --- | --- | --- |
| 10001 | 2 | bilingual |
| 10002 | 5 | polyglot |
| 10003 | 4 | polyglot |
| 10004 | 5 | polyglot |
| 10005 | 1 | monolingual |

Calculate the total connection success rate based on log messages:

```esql
FROM sample_data
| EVAL successful = CASE(
    STARTS_WITH(message, "Connected to"), 1,
    message == "Connection error", 0
  )
| STATS success_rate = AVG(successful)
```

| success_rate:double |
| --- |
| 0.5 |

Calculate an hourly error rate as a percentage of the total number of log messages:

```esql
FROM sample_data
| EVAL error = CASE(message LIKE "*error*", 1, 0)
| EVAL hour = DATE_TRUNC(1 hour, @timestamp)
| STATS error_rate = AVG(error) by hour
| SORT hour
```

| error_rate:double | hour:date |
| --- | --- |
| 0.0 | 2023-10-23T12:00:00.000Z |
| 0.6 | 2023-10-23T13:00:00.000Z |
ESQL: Fix misspelling in generated docs (#129789) Pulled from #128576 so it's easier to review. 2025-06-21 03:42:37 +08:00			`% This is generated by ESQL's AbstractFunctionTestCase. Do not edit it. See ../README.md for how to regenerate it.`
Split ESQL functions/operators docs files (#123904) * Port from asciidocalypse * Fix links for operator lists * Remove unused image files after moving/editing them * Fix lists links * Fix like/rlike links * Fix remaining bad references to /elasticsearch/docs * Fix logstash and beats references * Fix logstash and beats references * Fix image links 2025-03-04 21:59:31 +08:00
			`Examples`

			`Determine whether employees are monolingual, bilingual, or polyglot:`

			```esql
			`FROM employees`
			`\| EVAL type = CASE(`
			`languages <= 1, "monolingual",`
			`languages <= 2, "bilingual",`
			`"polyglot")`
			`\| KEEP emp_no, languages, type`
			```

			`\| emp_no:integer \| languages:integer \| type:keyword \|`
			`\| --- \| --- \| --- \|`
			`\| 10001 \| 2 \| bilingual \|`
			`\| 10002 \| 5 \| polyglot \|`
			`\| 10003 \| 4 \| polyglot \|`
			`\| 10004 \| 5 \| polyglot \|`
			`\| 10005 \| 1 \| monolingual \|`

			`Calculate the total connection success rate based on log messages:`

			```esql
			`FROM sample_data`
			`\| EVAL successful = CASE(`
			`STARTS_WITH(message, "Connected to"), 1,`
			`message == "Connection error", 0`
			`)`
			`\| STATS success_rate = AVG(successful)`
			```

			`\| success_rate:double \|`
			`\| --- \|`
			`\| 0.5 \|`

			`Calculate an hourly error rate as a percentage of the total number of log messages:`

			```esql
			`FROM sample_data`
			`\| EVAL error = CASE(message LIKE "error", 1, 0)`
			`\| EVAL hour = DATE_TRUNC(1 hour, @timestamp)`
			`\| STATS error_rate = AVG(error) by hour`
			`\| SORT hour`
			```

			`\| error_rate:double \| hour:date \|`
			`\| --- \| --- \|`
			`\| 0.0 \| 2023-10-23T12:00:00.000Z \|`
			`\| 0.6 \| 2023-10-23T13:00:00.000Z \|`