ES|QL: Ability to use custom labels for FORK branches

[ioanatia]

Let's define a better way to customize the labels that are assigned to _fork.
The syntax is TBD, but we could either do:

1.| FORK errors = (WHERE log.level == "error") warnings = (WHERE log.level == "warning")
2.| FORK (WHERE log.level == "error") AS errors (WHERE log.level == "warning") AS warning`. (should we use a qualifier or a string 🤷‍♀️ ?)
3. Something else?

We could also not have any special syntax, and just document this:

FROM logs-*
| FORK (WHERE log.level == "error" | EVAL label = "error")
             (WHERE log.level == "warning" | EVAL label = "warning")

Or we could detect when _fork is explicitly assigned and not override it with the default label:

FROM logs-*
| FORK (WHERE log.level == "error" | EVAL _fork = "error")
             (WHERE log.level == "warning" | EVAL _fork = "warning")

Context

From @LucaWintergerst :

Right now the _fork discriminator uses positional names (fork1, fork2, ...), and if you want descriptive names you have to tack on an EVAL + CASE after the FORK to remap them:

FROM logs-*
| FORK (WHERE log.level == "error") (WHERE log.level == "warning")
| EVAL _fork = CASE(_fork == "fork1", "errors", _fork == "fork2", "warnings", _fork)

this works but it's too verbose.
For agentic flows, I'd like to assign clearer names to the forks.
Would it make sense to support something like named FORK branches in ES|QL? e.g.:

| FORK errors = (WHERE log.level == "error")  warnings = (WHERE log.level == "warning")

where _fork would contain "errors" / "warnings" instead of "fork1" / "fork2". The main benefit is readability, especially for multi-branch queries and how LLMs can interpret the results and write the queries efficiently

[elasticsearchmachine]

Pinging @elastic/es-search-relevance (Team:Search Relevance)