2018-06-19 16:57:10 -04:00
|
|
|
|
[role="xpack"]
|
2017-05-05 13:40:17 -04:00
|
|
|
|
[[ml-geo-functions]]
|
2018-06-19 16:57:10 -04:00
|
|
|
|
=== Geographic functions
|
2017-05-05 13:40:17 -04:00
|
|
|
|
|
2017-05-19 14:09:39 -04:00
|
|
|
|
The geographic functions detect anomalies in the geographic location of the
|
|
|
|
|
|
input data.
|
2017-05-05 13:40:17 -04:00
|
|
|
|
|
2019-01-07 17:32:36 -05:00
|
|
|
|
The {ml-features} include the following geographic function: `lat_long`.
|
2017-05-05 13:40:17 -04:00
|
|
|
|
|
2019-07-26 14:07:01 -04:00
|
|
|
|
NOTE: You cannot create forecasts for {anomaly-jobs} that contain geographic
|
|
|
|
|
|
functions. You also cannot add rules with conditions to detectors that use
|
|
|
|
|
|
geographic functions.
|
2017-12-21 11:14:52 -05:00
|
|
|
|
|
2017-05-19 14:09:39 -04:00
|
|
|
|
[float]
|
|
|
|
|
|
[[ml-lat-long]]
|
|
|
|
|
|
==== Lat_long
|
|
|
|
|
|
|
|
|
|
|
|
The `lat_long` function detects anomalies in the geographic location of the
|
2017-05-05 13:40:17 -04:00
|
|
|
|
input data.
|
|
|
|
|
|
|
2017-05-19 14:09:39 -04:00
|
|
|
|
This function supports the following properties:
|
|
|
|
|
|
|
|
|
|
|
|
* `field_name` (required)
|
|
|
|
|
|
* `by_field_name` (optional)
|
|
|
|
|
|
* `over_field_name` (optional)
|
|
|
|
|
|
* `partition_field_name` (optional)
|
|
|
|
|
|
|
2019-12-27 16:30:26 -05:00
|
|
|
|
For more information about those properties, see the
|
|
|
|
|
|
{ref}/ml-put-job.html#ml-put-job-request-body[create {anomaly-jobs} API].
|
2017-05-19 14:09:39 -04:00
|
|
|
|
|
|
|
|
|
|
.Example 1: Analyzing transactions with the lat_long function
|
2019-09-09 12:35:50 -04:00
|
|
|
|
[source,console]
|
2017-05-19 14:09:39 -04:00
|
|
|
|
--------------------------------------------------
|
2018-12-07 15:34:11 -05:00
|
|
|
|
PUT _ml/anomaly_detectors/example1
|
2017-05-19 14:09:39 -04:00
|
|
|
|
{
|
2018-06-19 16:57:10 -04:00
|
|
|
|
"analysis_config": {
|
|
|
|
|
|
"detectors": [{
|
|
|
|
|
|
"function" : "lat_long",
|
|
|
|
|
|
"field_name" : "transactionCoordinates",
|
|
|
|
|
|
"by_field_name" : "creditCardNumber"
|
|
|
|
|
|
}]
|
|
|
|
|
|
},
|
|
|
|
|
|
"data_description": {
|
|
|
|
|
|
"time_field":"timestamp",
|
|
|
|
|
|
"time_format": "epoch_ms"
|
|
|
|
|
|
}
|
2017-05-19 14:09:39 -04:00
|
|
|
|
}
|
|
|
|
|
|
--------------------------------------------------
|
2018-08-31 14:56:26 -04:00
|
|
|
|
// TEST[skip:needs-licence]
|
2017-05-19 14:09:39 -04:00
|
|
|
|
|
2019-07-26 14:07:01 -04:00
|
|
|
|
If you use this `lat_long` function in a detector in your {anomaly-job}, it
|
2017-05-19 14:09:39 -04:00
|
|
|
|
detects anomalies where the geographic location of a credit card transaction is
|
|
|
|
|
|
unusual for a particular customer’s credit card. An anomaly might indicate fraud.
|
|
|
|
|
|
|
|
|
|
|
|
IMPORTANT: The `field_name` that you supply must be a single string that contains
|
2019-06-10 22:52:53 -04:00
|
|
|
|
two comma-separated numbers of the form `latitude,longitude`, a `geo_point` field,
|
|
|
|
|
|
a `geo_shape` field that contains point values, or a `geo_centroid` aggregation.
|
2019-07-26 14:07:01 -04:00
|
|
|
|
The `latitude` and `longitude` must be in the range -180 to 180 and represent a
|
|
|
|
|
|
point on the surface of the Earth.
|
2017-05-05 14:57:20 -04:00
|
|
|
|
|
2017-05-19 14:09:39 -04:00
|
|
|
|
For example, JSON data might contain the following transaction coordinates:
|
|
|
|
|
|
|
|
|
|
|
|
[source,js]
|
|
|
|
|
|
--------------------------------------------------
|
|
|
|
|
|
{
|
|
|
|
|
|
"time": 1460464275,
|
|
|
|
|
|
"transactionCoordinates": "40.7,-74.0",
|
|
|
|
|
|
"creditCardNumber": "1234123412341234"
|
|
|
|
|
|
}
|
|
|
|
|
|
--------------------------------------------------
|
2018-06-19 16:57:10 -04:00
|
|
|
|
// NOTCONSOLE
|
2017-05-05 14:57:20 -04:00
|
|
|
|
|
2017-05-19 14:09:39 -04:00
|
|
|
|
In {es}, location data is likely to be stored in `geo_point` fields. For more
|
2019-06-10 22:52:53 -04:00
|
|
|
|
information, see {ref}/geo-point.html[Geo-point datatype]. This data type is
|
|
|
|
|
|
supported natively in {ml-features}. Specifically, {dfeed} when pulling data from
|
|
|
|
|
|
a `geo_point` field, will transform the data into the appropriate `lat,lon` string
|
2019-07-26 14:07:01 -04:00
|
|
|
|
format before sending to the {anomaly-job}.
|
2017-05-05 14:57:20 -04:00
|
|
|
|
|
2017-06-23 14:42:37 -04:00
|
|
|
|
For more information, see <<ml-configuring-transform>>.
|
