OpenSearch/docs/reference/ml/anomaly-detection/apis/put-job.asciidoc

339 lines
8.7 KiB
Plaintext
Raw Normal View History

[role="xpack"]
[testenv="platinum"]
[[ml-put-job]]
=== Create {anomaly-jobs} API
++++
<titleabbrev>Create jobs</titleabbrev>
++++
Instantiates an {anomaly-job}.
[[ml-put-job-request]]
==== {api-request-title}
`PUT _ml/anomaly_detectors/<job_id>`
[[ml-put-job-prereqs]]
==== {api-prereq-title}
* If the {es} {security-features} are enabled, you must have `manage_ml` or
`manage` cluster privileges to use this API. See
<<security-privileges>>.
[[ml-put-job-desc]]
==== {api-description-title}
IMPORTANT: You must use {kib} or this API to create an {anomaly-job}. Do not put
a job directly to the `.ml-config` index using the {es} index API. If {es}
{security-features} are enabled, do not give users `write` privileges on the
`.ml-config` index.
[[ml-put-job-path-parms]]
==== {api-path-parms-title}
`<job_id>`::
(Required, string)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=job-id-anomaly-detection-define]
[role="child_attributes"]
[[ml-put-job-request-body]]
==== {api-request-body-title}
`allow_lazy_open`::
(Optional, boolean)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=allow-lazy-open]
//Begin analysis_config
[[put-analysisconfig]]`analysis_config`::
(Required, object)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=analysis-config]
+
.Properties of `analysis_config`
[%collapsible%open]
====
`bucket_span`:::
(<<time-units,time units>>)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=bucket-span]
`categorization_analyzer`:::
(object or string)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=categorization-analyzer]
`categorization_field_name`:::
(string)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=categorization-field-name]
`categorization_filters`:::
(array of strings)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=categorization-filters]
//Begin analysis_config.detectors
`detectors`:::
(array) An array of detector configuration objects. Detector configuration
objects specify which data fields a job analyzes. They also specify which
analytical functions are used. You can specify multiple detectors for a job.
+
NOTE: If the `detectors` array does not contain at least one detector,
no analysis can occur and an error is returned.
+
.Properties of `detectors`
[%collapsible%open]
=====
`by_field_name`::::
(string)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=by-field-name]
//Begin analysis_config.detectors.custom_rules
[[put-customrules]]`custom_rules`::::
(array)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=custom-rules]
+
.Properties of `custom_rules`
[%collapsible%open]
======
`actions`:::
(array)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=custom-rules-actions]
//Begin analysis_config.detectors.custom_rules.conditions
`conditions`:::
(array)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=custom-rules-conditions]
+
.Properties of `conditions`
[%collapsible%open]
=======
`applies_to`::::
(string)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=custom-rules-conditions-applies-to]
`operator`::::
(string)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=custom-rules-conditions-operator]
`value`::::
(double)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=custom-rules-conditions-value]
=======
//End analysis_config.detectors.custom_rules.conditions
//Begin analysis_config.detectors.custom_rules.scope
`scope`:::
(object)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=custom-rules-scope]
+
.Properties of `scope`
[%collapsible%open]
=======
`filter_id`::::
(string)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=custom-rules-scope-filter-id]
`filter_type`::::
(string)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=custom-rules-scope-filter-type]
=======
//End analysis_config.detectors.custom_rules.scope
======
//End analysis_config.detectors.custom_rules
`detector_description`::::
(string)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=detector-description]
`detector_index`::::
(integer)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=detector-index]
+
If you specify a value for this property, it is ignored.
`exclude_frequent`::::
(string)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=exclude-frequent]
`field_name`::::
(string)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=detector-field-name]
`function`::::
(string)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=function]
`over_field_name`::::
(string)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=over-field-name]
`partition_field_name`::::
(string)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=partition-field-name]
`use_null`::::
(boolean)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=use-null]
=====
//End analysis_config.detectors
`influencers`:::
(array of strings)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=influencers]
`latency`:::
(<<time-units,time units>>)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=latency]
`multivariate_by_fields`:::
(boolean)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=multivariate-by-fields]
`summary_count_field_name`:::
(string)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=summary-count-field-name]
====
//End analysis_config
//Begin analysis_limits
[[put-analysislimits]]`analysis_limits`::
(Optional, object)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=analysis-limits]
+
.Properties of `analysis_limits`
[%collapsible%open]
====
`categorization_examples_limit`:::
(long)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=categorization-examples-limit]
`model_memory_limit`:::
(long or string)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=model-memory-limit]
====
//End analysis_limits
`background_persist_interval`::
(Optional, <<time-units, time units>>)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=background-persist-interval]
[[put-customsettings]]`custom_settings`::
(Optional, object)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=custom-settings]
//Begin data_description
[[put-datadescription]]`data_description`::
(Required, object)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=data-description]
//End data_description
`daily_model_snapshot_retention_after_days`::
(Optional, long)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=daily-model-snapshot-retention-after-days]
`description`::
(Optional, string) A description of the job.
`groups`::
(Optional, array of strings)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=groups]
//Begin model_plot_config
`model_plot_config`::
(Optional, object)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=model-plot-config]
+
.Properties of `model_plot_config`
[%collapsible%open]
====
`annotations_enabled`:::
(boolean)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=model-plot-config-annotations-enabled]
`enabled`:::
(boolean)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=model-plot-config-enabled]
`terms`:::
experimental[] (string)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=model-plot-config-terms]
====
//End model_plot_config
`model_snapshot_retention_days`::
(Optional, long)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=model-snapshot-retention-days]
`renormalization_window_days`::
(Optional, long)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=renormalization-window-days]
`results_index_name`::
(Optional, string)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=results-index-name]
`results_retention_days`::
(Optional, long)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=results-retention-days]
[[ml-put-job-example]]
==== {api-examples-title}
[source,console]
--------------------------------------------------
PUT _ml/anomaly_detectors/total-requests
{
"description" : "Total sum of requests",
"analysis_config" : {
"bucket_span":"10m",
"detectors": [
{
"detector_description": "Sum of total",
"function": "sum",
"field_name": "total"
}
]
},
"data_description" : {
"time_field":"timestamp",
"time_format": "epoch_ms"
}
}
--------------------------------------------------
When the job is created, you receive the following results:
[source,console-result]
----
{
"job_id" : "total-requests",
"job_type" : "anomaly_detector",
"job_version" : "7.5.0",
"description" : "Total sum of requests",
"create_time" : 1562352500629,
"analysis_config" : {
"bucket_span" : "10m",
"detectors" : [
{
"detector_description" : "Sum of total",
"function" : "sum",
"field_name" : "total",
"detector_index" : 0
}
],
"influencers" : [ ]
},
"analysis_limits" : {
"model_memory_limit" : "1024mb",
"categorization_examples_limit" : 4
},
"data_description" : {
"time_field" : "timestamp",
"time_format" : "epoch_ms"
},
"model_snapshot_retention_days" : 10,
"daily_model_snapshot_retention_after_days" : 1,
"results_index_name" : "shared",
"allow_lazy_open" : false
}
----
// TESTRESPONSE[s/"job_version" : "7.5.0"/"job_version" : $body.job_version/]
// TESTRESPONSE[s/1562352500629/$body.$_path/]