2017-05-05 13:40:17 -04:00
|
|
|
|
[[ml-geo-functions]]
|
|
|
|
|
=== Geographic Functions
|
|
|
|
|
|
2017-05-19 14:09:39 -04:00
|
|
|
|
The geographic functions detect anomalies in the geographic location of the
|
|
|
|
|
input data.
|
2017-05-05 13:40:17 -04:00
|
|
|
|
|
2017-05-19 14:09:39 -04:00
|
|
|
|
The {xpackml} features include the following geographic function: `lat_long`.
|
2017-05-05 13:40:17 -04:00
|
|
|
|
|
2017-05-19 14:09:39 -04:00
|
|
|
|
[float]
|
|
|
|
|
[[ml-lat-long]]
|
|
|
|
|
==== Lat_long
|
|
|
|
|
|
|
|
|
|
The `lat_long` function detects anomalies in the geographic location of the
|
2017-05-05 13:40:17 -04:00
|
|
|
|
input data.
|
|
|
|
|
|
2017-05-19 14:09:39 -04:00
|
|
|
|
This function supports the following properties:
|
|
|
|
|
|
|
|
|
|
* `field_name` (required)
|
|
|
|
|
* `by_field_name` (optional)
|
|
|
|
|
* `over_field_name` (optional)
|
|
|
|
|
* `partition_field_name` (optional)
|
|
|
|
|
|
|
|
|
|
For more information about those properties,
|
|
|
|
|
see <<ml-detectorconfig,Detector Configuration Objects>>.
|
|
|
|
|
|
|
|
|
|
.Example 1: Analyzing transactions with the lat_long function
|
|
|
|
|
[source,js]
|
|
|
|
|
--------------------------------------------------
|
|
|
|
|
{
|
|
|
|
|
"function" : "lat_long",
|
|
|
|
|
"field_name" : "transactionCoordinates",
|
|
|
|
|
"by_field_name" : "creditCardNumber"
|
|
|
|
|
}
|
|
|
|
|
--------------------------------------------------
|
|
|
|
|
|
|
|
|
|
If you use this `lat_long` function in a detector in your job, it
|
|
|
|
|
detects anomalies where the geographic location of a credit card transaction is
|
|
|
|
|
unusual for a particular customer’s credit card. An anomaly might indicate fraud.
|
|
|
|
|
|
|
|
|
|
IMPORTANT: The `field_name` that you supply must be a single string that contains
|
|
|
|
|
two comma-separated numbers of the form `latitude,longitude`. The `latitude` and
|
|
|
|
|
`longitude` must be in the range -180 to 180 and represent a point on the
|
|
|
|
|
surface of the Earth.
|
2017-05-05 14:57:20 -04:00
|
|
|
|
|
2017-05-19 14:09:39 -04:00
|
|
|
|
For example, JSON data might contain the following transaction coordinates:
|
|
|
|
|
|
|
|
|
|
[source,js]
|
|
|
|
|
--------------------------------------------------
|
|
|
|
|
{
|
|
|
|
|
"time": 1460464275,
|
|
|
|
|
"transactionCoordinates": "40.7,-74.0",
|
|
|
|
|
"creditCardNumber": "1234123412341234"
|
|
|
|
|
}
|
|
|
|
|
--------------------------------------------------
|
2017-05-05 14:57:20 -04:00
|
|
|
|
|
2017-05-19 14:09:39 -04:00
|
|
|
|
In {es}, location data is likely to be stored in `geo_point` fields. For more
|
|
|
|
|
information, see {ref}/geo-point.html[Geo-point datatype]. This data type is not
|
|
|
|
|
supported natively in {xpackml} features. You can, however, use Painless scripts
|
|
|
|
|
in `script_fields` in your {dfeed} to transform the data into an appropriate
|
|
|
|
|
format. For example, the following Painless script transforms
|
|
|
|
|
`"coords": {"lat" : 41.44, "lon":90.5}` into `"lat-lon": "41.44,90.5"`:
|
2017-05-05 14:57:20 -04:00
|
|
|
|
|
|
|
|
|
[source,js]
|
|
|
|
|
--------------------------------------------------
|
2017-05-19 14:09:39 -04:00
|
|
|
|
{
|
|
|
|
|
"script_fields": {
|
|
|
|
|
"lat-lon": {
|
|
|
|
|
"script": {
|
|
|
|
|
"inline": "doc['coords'].lat + ',' + doc['coords'].lon",
|
|
|
|
|
"lang": "painless"
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2017-05-05 14:57:20 -04:00
|
|
|
|
--------------------------------------------------
|
|
|
|
|
|
2017-05-19 14:09:39 -04:00
|
|
|
|
For more information about `script_fields`, see <<ml-datafeed-resource>>.
|