2020-03-02 10:28:55 -05:00
|
|
|
[role="xpack"]
|
|
|
|
[testenv="platinum"]
|
|
|
|
[[cat-anomaly-detectors]]
|
|
|
|
=== cat anomaly detectors API
|
|
|
|
++++
|
|
|
|
<titleabbrev>cat anomaly detectors</titleabbrev>
|
|
|
|
++++
|
|
|
|
|
|
|
|
Returns configuration and usage information about {anomaly-jobs}.
|
|
|
|
|
|
|
|
[[cat-anomaly-detectors-request]]
|
|
|
|
==== {api-request-title}
|
|
|
|
|
|
|
|
`GET /_cat/ml/anomaly_detectors/<job_id>` +
|
|
|
|
|
|
|
|
`GET /_cat/ml/anomaly_detectors`
|
|
|
|
|
|
|
|
[[cat-anomaly-detectors-prereqs]]
|
|
|
|
==== {api-prereq-title}
|
|
|
|
|
|
|
|
* If the {es} {security-features} are enabled, you must have `monitor_ml`,
|
|
|
|
`monitor`, `manage_ml`, or `manage` cluster privileges to use this API. See
|
|
|
|
<<security-privileges>> and {ml-docs}/setup.html[Set up {ml-features}].
|
|
|
|
|
|
|
|
|
|
|
|
[[cat-anomaly-detectors-desc]]
|
|
|
|
==== {api-description-title}
|
|
|
|
|
|
|
|
See {ml-docs}/ml-jobs.html[{anomaly-jobs-cap}].
|
|
|
|
|
|
|
|
NOTE: This API returns a maximum of 10,000 jobs.
|
|
|
|
|
|
|
|
[[cat-anomaly-detectors-path-params]]
|
|
|
|
==== {api-path-parms-title}
|
|
|
|
|
|
|
|
`<job_id>`::
|
|
|
|
(Optional, string)
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=job-id-anomaly-detection]
|
|
|
|
|
|
|
|
[[cat-anomaly-detectors-query-params]]
|
|
|
|
==== {api-query-parms-title}
|
|
|
|
|
|
|
|
`allow_no_jobs`::
|
|
|
|
(Optional, boolean)
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=allow-no-jobs]
|
|
|
|
|
|
|
|
include::{docdir}/rest-api/common-parms.asciidoc[tag=bytes]
|
|
|
|
|
|
|
|
include::{docdir}/rest-api/common-parms.asciidoc[tag=http-format]
|
|
|
|
|
|
|
|
include::{docdir}/rest-api/common-parms.asciidoc[tag=cat-h]
|
|
|
|
+
|
|
|
|
If you do not specify which columns to include, the API returns the default
|
|
|
|
columns. If you explicitly specify one or more columns, it returns only the
|
|
|
|
specified columns.
|
|
|
|
+
|
|
|
|
Valid columns are:
|
|
|
|
|
|
|
|
`assignment_explanation`, `ae`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=assignment-explanation-anomaly-jobs]
|
|
|
|
|
|
|
|
`buckets.count`, `bc`, `bucketsCount`:::
|
|
|
|
(Default)
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=bucket-count-anomaly-jobs]
|
|
|
|
|
|
|
|
`buckets.time.exp_avg`, `btea`, `bucketsTimeExpAvg`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=bucket-time-exponential-average]
|
|
|
|
|
|
|
|
`buckets.time.exp_avg_hour`, `bteah`, `bucketsTimeExpAvgHour`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=bucket-time-exponential-average-hour]
|
|
|
|
|
|
|
|
`buckets.time.max`, `btmax`, `bucketsTimeMax`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=bucket-time-maximum]
|
|
|
|
|
|
|
|
`buckets.time.min`, `btmin`, `bucketsTimeMin`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=bucket-time-minimum]
|
|
|
|
|
|
|
|
`buckets.time.total`, `btt`, `bucketsTimeTotal`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=bucket-time-total]
|
|
|
|
|
|
|
|
`data.buckets`, `db`, `dataBuckets`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=bucket-count]
|
|
|
|
|
|
|
|
`data.earliest_record`, `der`, `dataEarliestRecord`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=earliest-record-timestamp]
|
|
|
|
|
|
|
|
`data.empty_buckets`, `deb`, `dataEmptyBuckets`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=empty-bucket-count]
|
|
|
|
|
|
|
|
`data.input_bytes`, `dib`, `dataInputBytes`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=input-bytes]
|
|
|
|
|
|
|
|
`data.input_fields`, `dif`, `dataInputFields`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=input-field-count]
|
|
|
|
|
|
|
|
`data.input_records`, `dir`, `dataInputRecords`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=input-record-count]
|
|
|
|
|
|
|
|
`data.invalid_dates`, `did`, `dataInvalidDates`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=invalid-date-count]
|
|
|
|
|
|
|
|
`data.last`, `dl`, `dataLast`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=last-data-time]
|
|
|
|
|
|
|
|
`data.last_empty_bucket`, `dleb`, `dataLastEmptyBucket`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=latest-empty-bucket-timestamp]
|
|
|
|
|
|
|
|
`data.last_sparse_bucket`, `dlsb`, `dataLastSparseBucket`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=latest-sparse-record-timestamp]
|
|
|
|
|
|
|
|
`data.latest_record`, `dlr`, `dataLatestRecord`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=latest-record-timestamp]
|
|
|
|
|
|
|
|
`data.missing_fields`, `dmf`, `dataMissingFields`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=missing-field-count]
|
|
|
|
|
|
|
|
`data.out_of_order_timestamps`, `doot`, `dataOutOfOrderTimestamps`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=out-of-order-timestamp-count]
|
|
|
|
|
|
|
|
`data.processed_fields`, `dpf`, `dataProcessedFields`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=processed-field-count]
|
|
|
|
|
|
|
|
`data.processed_records`, `dpr`, `dataProcessedRecords`:::
|
|
|
|
(Default)
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=processed-record-count]
|
|
|
|
|
|
|
|
`data.sparse_buckets`, `dsb`, `dataSparseBuckets`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=sparse-bucket-count]
|
|
|
|
|
|
|
|
`forecasts.memory.avg`, `fmavg`, `forecastsMemoryAvg`:::
|
|
|
|
The average memory usage in bytes for forecasts related to the {anomaly-job}.
|
|
|
|
|
|
|
|
`forecasts.memory.max`, `fmmax`, `forecastsMemoryMax`:::
|
|
|
|
The maximum memory usage in bytes for forecasts related to the {anomaly-job}.
|
|
|
|
|
|
|
|
`forecasts.memory.min`, `fmmin`, `forecastsMemoryMin`:::
|
|
|
|
The minimum memory usage in bytes for forecasts related to the {anomaly-job}.
|
|
|
|
|
|
|
|
`forecasts.memory.total`, `fmt`, `forecastsMemoryTotal`:::
|
|
|
|
The total memory usage in bytes for forecasts related to the {anomaly-job}.
|
|
|
|
|
|
|
|
`forecasts.records.avg`, `fravg`, `forecastsRecordsAvg`:::
|
|
|
|
The average number of `model_forecast` documents written for forecasts related
|
|
|
|
to the {anomaly-job}.
|
|
|
|
|
|
|
|
`forecasts.records.max`, `frmax`, `forecastsRecordsMax`:::
|
|
|
|
The maximum number of `model_forecast` documents written for forecasts related
|
|
|
|
to the {anomaly-job}.
|
|
|
|
|
|
|
|
`forecasts.records.min`, `frmin`, `forecastsRecordsMin`:::
|
|
|
|
The minimum number of `model_forecast` documents written for forecasts related
|
|
|
|
to the {anomaly-job}.
|
|
|
|
|
|
|
|
`forecasts.records.total`, `frt`, `forecastsRecordsTotal`:::
|
|
|
|
The total number of `model_forecast` documents written for forecasts related to
|
|
|
|
the {anomaly-job}.
|
|
|
|
|
|
|
|
`forecasts.time.avg`, `ftavg`, `forecastsTimeAvg`:::
|
|
|
|
The average runtime in milliseconds for forecasts related to the {anomaly-job}.
|
|
|
|
|
|
|
|
`forecasts.time.max`, `ftmax`, `forecastsTimeMax`:::
|
|
|
|
The maximum runtime in milliseconds for forecasts related to the {anomaly-job}.
|
|
|
|
|
|
|
|
`forecasts.time.min`, `ftmin`, `forecastsTimeMin`:::
|
|
|
|
The minimum runtime in milliseconds for forecasts related to the {anomaly-job}.
|
|
|
|
|
|
|
|
`forecasts.time.total`, `ftt`, `forecastsTimeTotal`:::
|
|
|
|
The total runtime in milliseconds for forecasts related to the {anomaly-job}.
|
|
|
|
|
|
|
|
`forecasts.total`, `ft`, `forecastsTotal`:::
|
|
|
|
(Default)
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=forecast-total]
|
|
|
|
|
|
|
|
`id`:::
|
|
|
|
(Default)
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=job-id-anomaly-detection]
|
|
|
|
|
|
|
|
`model.bucket_allocation_failures`, `mbaf`, `modelBucketAllocationFailures`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=bucket-allocation-failures-count]
|
|
|
|
|
|
|
|
`model.by_fields`, `mbf`, `modelByFields`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=total-by-field-count]
|
|
|
|
|
|
|
|
`model.bytes`, `mb`, `modelBytes`:::
|
|
|
|
(Default)
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=model-bytes]
|
|
|
|
|
|
|
|
`model.bytes_exceeded`, `mbe`, `modelBytesExceeded`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=model-bytes-exceeded]
|
|
|
|
|
|
|
|
`model.categorization_status`, `mcs`, `modelCategorizationStatus`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=categorization-status]
|
|
|
|
|
|
|
|
`model.categorized_doc_count`, `mcdc`, `modelCategorizedDocCount`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=categorized-doc-count]
|
|
|
|
|
|
|
|
`model.dead_category_count`, `mdcc`, `modelDeadCategoryCount`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=dead-category-count]
|
|
|
|
|
2020-04-25 05:36:49 -04:00
|
|
|
`model.failed_category_count`, `mdcc`, `modelFailedCategoryCount`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=failed-category-count]
|
|
|
|
|
2020-03-02 10:28:55 -05:00
|
|
|
`model.frequent_category_count`, `mfcc`, `modelFrequentCategoryCount`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=frequent-category-count]
|
|
|
|
|
|
|
|
`model.log_time`, `mlt`, `modelLogTime`:::
|
|
|
|
The timestamp when the model stats were gathered, according to server time.
|
|
|
|
|
|
|
|
`model.memory_limit`, `mml`, `modelMemoryLimit`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=model-memory-limit-anomaly-jobs]
|
|
|
|
|
|
|
|
`model.memory_status`, `mms`, `modelMemoryStatus`:::
|
|
|
|
(Default)
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=model-memory-status]
|
|
|
|
|
|
|
|
`model.over_fields`, `mof`, `modelOverFields`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=total-over-field-count]
|
|
|
|
|
|
|
|
`model.partition_fields`, `mpf`, `modelPartitionFields`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=total-partition-field-count]
|
|
|
|
|
|
|
|
`model.rare_category_count`, `mrcc`, `modelRareCategoryCount`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=rare-category-count]
|
|
|
|
|
|
|
|
`model.timestamp`, `mt`, `modelTimestamp`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=model-timestamp]
|
|
|
|
|
|
|
|
`model.total_category_count`, `mtcc`, `modelTotalCategoryCount`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=total-category-count]
|
|
|
|
|
|
|
|
`node.address`, `na`, `nodeAddress`:::
|
|
|
|
The network address of the node.
|
|
|
|
+
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=node-jobs]
|
|
|
|
|
|
|
|
`node.ephemeral_id`, `ne`, `nodeEphemeralId`:::
|
|
|
|
The ephemeral ID of the node.
|
|
|
|
+
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=node-jobs]
|
|
|
|
|
|
|
|
`node.id`, `ni`, `nodeId`:::
|
|
|
|
The unique identifier of the node.
|
|
|
|
+
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=node-jobs]
|
|
|
|
|
|
|
|
`node.name`, `nn`, `nodeName`:::
|
|
|
|
The node name.
|
|
|
|
+
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=node-jobs]
|
|
|
|
|
|
|
|
`opened_time`, `ot`:::
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=open-time]
|
|
|
|
|
|
|
|
`state`, `s`:::
|
|
|
|
(Default)
|
|
|
|
include::{docdir}/ml/ml-shared.asciidoc[tag=state-anomaly-job]
|
|
|
|
|
|
|
|
include::{docdir}/rest-api/common-parms.asciidoc[tag=help]
|
|
|
|
|
|
|
|
include::{docdir}/rest-api/common-parms.asciidoc[tag=cat-s]
|
|
|
|
|
|
|
|
include::{docdir}/rest-api/common-parms.asciidoc[tag=time]
|
|
|
|
|
|
|
|
include::{docdir}/rest-api/common-parms.asciidoc[tag=cat-v]
|
|
|
|
|
|
|
|
[[cat-anomaly-detectors-example]]
|
|
|
|
==== {api-examples-title}
|
|
|
|
|
|
|
|
[source,console]
|
|
|
|
--------------------------------------------------
|
|
|
|
GET _cat/ml/anomaly_detectors?h=id,s,dpr,mb&v
|
|
|
|
--------------------------------------------------
|
|
|
|
// TEST[skip:kibana sample data]
|
|
|
|
|
|
|
|
[source,console-result]
|
|
|
|
----
|
|
|
|
id s dpr mb
|
|
|
|
high_sum_total_sales closed 14022 1.5mb
|
|
|
|
low_request_rate closed 1216 40.5kb
|
|
|
|
response_code_rates closed 28146 132.7kb
|
|
|
|
url_scanning closed 28146 501.6kb
|
|
|
|
----
|
|
|
|
// TESTRESPONSE[skip:kibana sample data]
|