elasticsearch/docs/reference/query-languages/esql/_snippets/functions/categorize.md

## `CATEGORIZE` [esql-categorize]

::::{warning}
Do not use on production environments. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
::::


**Syntax**

:::{image} ../../../../../images/categorize.svg
:alt: Embedded
:class: text-center
:::

**Parameters**

`field`
:   Expression to categorize

**Description**

Groups text messages into categories of similarly formatted text values.

`CATEGORIZE` has the following limitations:

* can’t be used within other expressions
* can’t be used with multiple groupings
* can’t be used or referenced within aggregate functions

**Supported types**

| field | result |
| --- | --- |
| keyword | keyword |
| text | keyword |

**Example**

This example categorizes server logs messages into categories and aggregates their counts.

```esql
FROM sample_data
| STATS count=COUNT() BY category=CATEGORIZE(message)
```

| count:long | category:keyword |
| --- | --- |
| 3 | .**?Connected.+?to.**? |
| 3 | .**?Connection.+?error.**? |
| 1 | .**?Disconnected.**? |
-												[9.0] [docs] Migrate docs from AsciiDoc to Markdown (#123507) (#124124)

* [docs] Migrate docs from AsciiDoc to Markdown (#123507)

* delete asciidoc files

* add migrated files

* fix errors

* Disable docs tests

* Clarify release notes page titles

* Revert "Clarify release notes page titles"

This reverts commit 8be688648dcc9249943fbaabe37b0d58f87c09e8.

* Comment out edternal URI images

* Clean up query languages landing pages, link to conceptual docs

* Add .md to url

* Fixes inference processor nesting.

---------

Co-authored-by: Liam Thompson <32779855+leemthompo@users.noreply.github.com>
Co-authored-by: Liam Thompson <leemthompo@gmail.com>
Co-authored-by: Martijn Laarman <Mpdreamz@gmail.com>
Co-authored-by: István Zoltán Szabó <szabosteve@gmail.com>
(cherry picked from commit b7e3a1e14ba8c1dec606507628fc4344c41708a2)

# Conflicts:
#	docs/build.gradle
#	docs/reference/migration/index.asciidoc
#	docs/reference/migration/migrate_9_0.asciidoc
#	docs/reference/release-notes.asciidoc
#	docs/reference/release-notes/9.0.0.asciidoc
#	docs/reference/release-notes/highlights.asciidoc

* Fix build file

* Really fix build file

---------

Co-authored-by: Colleen McGinnis <colleen.j.mcginnis@gmail.com>
											
										
										
											2025-03-06 14:53:46 +08:00
+								## `CATEGORIZE` [esql-categorize]
 								::::{warning}
 								Do not use on production environments. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
 								::::
 								**Syntax**
 								:::{image} ../../../../../images/categorize.svg
 								:alt: Embedded
 								:class: text-center
 								:::
 								**Parameters**
 								`field`
 								:   Expression to categorize
 								**Description**
 								Groups text messages into categories of similarly formatted text values.
 								`CATEGORIZE` has the following limitations:
 								* can’t be used within other expressions
 								* can’t be used with multiple groupings
 								* can’t be used or referenced within aggregate functions
 								**Supported types**
 								| field | result |
 								| --- | --- |
 								| keyword | keyword |
 								| text | keyword |
 								**Example**
 								This example categorizes server logs messages into categories and aggregates their counts.
 								```esql
 								FROM sample_data
 								| STATS count=COUNT() BY category=CATEGORIZE(message)
 								```
 								| count:long | category:keyword |
 								| --- | --- |
 								| 3 | .**?Connected.+?to.**? |
 								| 3 | .**?Connection.+?error.**? |
 								| 1 | .**?Disconnected.**? |