OpenSearch/docs/en/rest-api/ml/get-bucket.asciidoc

125 lines
3.1 KiB
Plaintext
Raw Normal View History

//lcawley Verified example output 2017-04-11
[[ml-get-bucket]]
==== Get Buckets
The get bucket API enables you to retrieve information about buckets in the
results from a job.
===== Request
`GET _xpack/ml/anomaly_detectors/<job_id>/results/buckets` +
`GET _xpack/ml/anomaly_detectors/<job_id>/results/buckets/<timestamp>`
===== Description
This API presents a chronological view of the records, grouped by bucket.
===== Path Parameters
`job_id`::
(string) Identifier for the job
`timestamp`::
(string) The timestamp of a single bucket result.
If you do not specify this optional parameter, the API returns information
about all buckets that you have authority to view in the job.
===== Request Body
`anomaly_score`::
(double) Returns buckets with anomaly scores higher than this value.
`end`::
(string) Returns buckets with timestamps earlier than this time.
`expand`::
(boolean) If true, the output includes anomaly records.
`from`::
(integer) Skips the specified number of buckets.
`include_interim`::
(boolean) If true, the output includes interim results.
`partition_value`::
(string) If `expand` is true, the anomaly records are filtered by this
partition value.
`size`::
(integer) Specifies the maximum number of buckets to obtain.
`start`::
(string) Returns buckets with timestamps after this time.
===== Results
The API returns the following information:
`buckets`::
(array) An array of bucket objects. For more information, see
<<ml-results-buckets,Buckets>>.
////
===== Responses
200
(EmptyResponse) The cluster has been successfully deleted
404
(BasicFailedReply) The cluster specified by {cluster_id} cannot be found (code: clusters.cluster_not_found)
412
(BasicFailedReply) The Elasticsearch cluster has not been shutdown yet (code: clusters.cluster_plan_state_error)
////
===== Examples
The following example gets bucket information for the `it-ops-kpi` job:
[source,js]
--------------------------------------------------
GET _xpack/ml/anomaly_detectors/it-ops-kpi/results/buckets
{
"anomaly_score": 80,
"start": "1454530200001"
}
--------------------------------------------------
// CONSOLE
// TEST[skip:todo]
In this example, the API returns a single result that matches the specified
score and time constraints:
----
{
"count": 1,
"buckets": [
{
"job_id": "it-ops-kpi",
"timestamp": 1454943900000,
"anomaly_score": 94.1706,
"bucket_span": 300,
"initial_anomaly_score": 94.1706,
"record_count": 1,
"event_count": 153,
"is_interim": false,
"bucket_influencers": [
{
"job_id": "it-ops-kpi",
"result_type": "bucket_influencer",
"influencer_field_name": "bucket_time",
"initial_anomaly_score": 94.1706,
"anomaly_score": 94.1706,
"raw_anomaly_score": 2.32119,
"probability": 0.00000575042,
"timestamp": 1454943900000,
"bucket_span": 300,
"sequence_num": 2,
"is_interim": false
}
],
"processing_time_ms": 2,
"partition_scores": [],
"result_type": "bucket"
}
]
}
----