OpenSearch/docs/reference/ml/anomaly-detection/functions/ml-geo-functions.asciidoc

80 lines
2.6 KiB
Plaintext
Raw Normal View History

[role="xpack"]
[[ml-geo-functions]]
= Geographic functions
The geographic functions detect anomalies in the geographic location of the
input data.
2019-01-07 17:32:36 -05:00
The {ml-features} include the following geographic function: `lat_long`.
NOTE: You cannot create forecasts for {anomaly-jobs} that contain geographic
functions. You also cannot add rules with conditions to detectors that use
geographic functions.
[discrete]
[[ml-lat-long]]
== Lat_long
The `lat_long` function detects anomalies in the geographic location of the
input data.
This function supports the following properties:
* `field_name` (required)
* `by_field_name` (optional)
* `over_field_name` (optional)
* `partition_field_name` (optional)
For more information about those properties, see the
{ref}/ml-put-job.html#ml-put-job-request-body[create {anomaly-jobs} API].
.Example 1: Analyzing transactions with the lat_long function
[source,console]
--------------------------------------------------
PUT _ml/anomaly_detectors/example1
{
"analysis_config": {
"detectors": [{
"function" : "lat_long",
"field_name" : "transactionCoordinates",
"by_field_name" : "creditCardNumber"
}]
},
"data_description": {
"time_field":"timestamp",
"time_format": "epoch_ms"
}
}
--------------------------------------------------
// TEST[skip:needs-licence]
If you use this `lat_long` function in a detector in your {anomaly-job}, it
detects anomalies where the geographic location of a credit card transaction is
unusual for a particular customers credit card. An anomaly might indicate fraud.
IMPORTANT: The `field_name` that you supply must be a single string that contains
two comma-separated numbers of the form `latitude,longitude`, a `geo_point` field,
a `geo_shape` field that contains point values, or a `geo_centroid` aggregation.
The `latitude` and `longitude` must be in the range -180 to 180 and represent a
point on the surface of the Earth.
For example, JSON data might contain the following transaction coordinates:
[source,js]
--------------------------------------------------
{
"time": 1460464275,
"transactionCoordinates": "40.7,-74.0",
"creditCardNumber": "1234123412341234"
}
--------------------------------------------------
// NOTCONSOLE
In {es}, location data is likely to be stored in `geo_point` fields. For more
information, see {ref}/geo-point.html[Geo-point data type]. This data type is
supported natively in {ml-features}. Specifically, {dfeed} when pulling data from
a `geo_point` field, will transform the data into the appropriate `lat,lon` string
format before sending to the {anomaly-job}.
For more information, see <<ml-configuring-transform>>.