diff --git a/docs/en/rest-api/ml/datafeedresource.asciidoc b/docs/en/rest-api/ml/datafeedresource.asciidoc index a053ff7ae57..0bcba261577 100644 --- a/docs/en/rest-api/ml/datafeedresource.asciidoc +++ b/docs/en/rest-api/ml/datafeedresource.asciidoc @@ -5,8 +5,8 @@ A data feed resource has the following properties: `aggregations`:: - (object) When set the datafeed performs aggregation searches. - For syntax information, see {ref}search-aggregations.html[Aggregations]. + (object) If set, the data feed performs aggregation searches. + For syntax information, see {ref}/search-aggregations.html[Aggregations]. Support for aggregations is limited: TBD. For example: `{"@timestamp": {"histogram": {"field": "@timestamp", @@ -15,43 +15,46 @@ A data feed resource has the following properties: "field": "events_per_min"}}}}}`. `chunking_config`:: - (object) The chunking configuration, which specifies how data searches - will be chunked. See <>. + (object) The chunking configuration, which specifies how data searches are + chunked. See <>. For example: {"mode": "manual", "time_span": "3h"} `datafeed_id`:: (string) A numerical character string that uniquely identifies the data feed. `frequency`:: - (time units) Interval at which scheduled queries should be made while the datafeed - runs in real-time. The default is either the bucket span for short bucket spans, or, - for longer bucket spans, a sensible fraction of the bucket span. - For example: "150s" + (time units) The interval at which scheduled queries are made while the data + feed runs in real time. The default value is either the bucket span for short + bucket spans, or, for longer bucket spans, a sensible fraction of the bucket + span. For example: "150s" `indexes` (required):: (array) An array of index names. For example: ["it_ops_metrics"] `job_id` (required):: - (string) The id of the job to which the datafeed will send data. + (string) The unique identifier for the job to which the data feed sends data. `query`:: - (object) Elasticsearch query DSL. Corresponds to the query object in an Elasticsearch - search POST body. All options supported by Elasticsearch may be used, as this object - is passed verbatim to Elasticsearch. If not specified the default is “match_all”: {} - By default, this property has the following value: `{"match_all": {"boost": 1}}`. + (object) The Elasticsearch query domain-specific language (DSL). This value + corresponds to the query object in an Elasticsearch search POST body. All the + options that are supported by Elasticsearch can be used, as this object is + passed verbatim to Elasticsearch. By default, this property has the following + value: `{"match_all": {"boost": 1}}`. If this property is not specified, the + default value is `“match_all”: {}`. `query_delay`:: - (time units) How many seconds behind real-time should data be queried. For example, - if data from 10:04am may not be searchable in Elasticsearch until 10:06am then set this to 120 seconds. - The default is 60 seconds. For example: "60s" + (time units) The number of seconds behind real-time that data is queried. For + example, if data from 10:04 a.m. might not be searchable in Elasticsearch + until 10:06 a.m., set this property to 120 seconds. The default value is 60 + seconds. For example: "60s". `scroll_size`:: - (unsigned integer) The `size` parameter to be used in elasticsearch searches. + (unsigned integer) The `size` parameter that is used in Elasticsearch searches. The default value is `1000`. `types` (required):: - (array) List of types to search for within the specified indexes. - For example: ["network","sql","kpi"] + (array) A list of types to search for within the specified indices. + For example: ["network","sql","kpi"]. [[ml-datafeed-chunking-config]] ===== Chunking Configuration Objects @@ -59,15 +62,15 @@ A data feed resource has the following properties: A chunking configuration object has the following properties: `mode` (required):: - There are 3 available modes: + - `auto`::: the chunk size will be dynamically calculated. - `manual`::: chunking will be applied according to the specified `time_span`. - `off`::: no chunking will be applied. + There are three available modes: + + `auto`::: The chunk size will be dynamically calculated. + `manual`::: Chunking will be applied according to the specified `time_span`. + `off`::: No chunking will be applied. `time_span`:: (time units) The time span that each search will be querying. This setting is only applicable when the mode is set to `manual`. - For example: "3h" + For example: "3h". [float] [[ml-datafeed-counts]] diff --git a/docs/en/rest-api/ml/put-datafeed.asciidoc b/docs/en/rest-api/ml/put-datafeed.asciidoc index 302bde4131b..71c9f86360c 100644 --- a/docs/en/rest-api/ml/put-datafeed.asciidoc +++ b/docs/en/rest-api/ml/put-datafeed.asciidoc @@ -25,33 +25,46 @@ data feed to each job. ===== Request Body `aggregations`:: - (object) TBD. + (object) If set, the data feed performs aggregation searches. + For more information, see <>. `chunking_config`:: - (object) TBD. - For example: {"mode": "manual", "time_span": "30000000ms"} + (object) The chunking configuration, which specifies how data searches are + chunked. See <>. `frequency`:: - TBD: For example: "150s" + (time units) The interval at which scheduled queries are made while the data + feed runs in real time. The default value is either the bucket span for short + bucket spans, or, for longer bucket spans, a sensible fraction of the bucket + span. For example: "150s". `indexes` (required):: - (array) An array of index names. For example: ["it_ops_metrics"] + (array) An array of index names. For example: ["it_ops_metrics"]. `job_id` (required):: (string) A numerical character string that uniquely identifies the job. `query`:: - (object) The query that retrieves the data. - By default, this property has the following value: `{"match_all": {"boost": 1}}`. + (object) The Elasticsearch query domain-specific language (DSL). This value + corresponds to the query object in an Elasticsearch search POST body. All the + options that are supported by Elasticsearch can be used, as this object is + passed verbatim to Elasticsearch. By default, this property has the following + value: `{"match_all": {"boost": 1}}`. If this property is not specified, the + default value is `“match_all”: {}`. `query_delay`:: - TBD. For example: "60s" + (time units) The number of seconds behind real-time that data is queried. For + example, if data from 10:04 a.m. might not be searchable in Elasticsearch + until 10:06 a.m., set this property to 120 seconds. The default value is 60 + seconds. For example: "60s". `scroll_size`:: - TBD. For example, 1000 + (unsigned integer) The `size` parameter that is used in Elasticsearch searches. + The default value is `1000`. `types` (required):: - TBD. For example: ["network","sql","kpi"] + (array) A list of types to search for within the specified indices. + For example: ["network","sql","kpi"]. For more information about these properties, see <>. diff --git a/docs/en/rest-api/ml/update-datafeed.asciidoc b/docs/en/rest-api/ml/update-datafeed.asciidoc index fa4f5590873..70a4a4a32d8 100644 --- a/docs/en/rest-api/ml/update-datafeed.asciidoc +++ b/docs/en/rest-api/ml/update-datafeed.asciidoc @@ -20,33 +20,46 @@ The update data feed API enables you to update certain properties of a data feed The following properties can be updated after the data feed is created: `aggregations`:: - (object) TBD. + (object) If set, the data feed performs aggregation searches. + For more information, see <>. `chunking_config`:: - (object) TBD. - For example: {"mode": "manual", "time_span": "30000000ms"} + (object) The chunking configuration, which specifies how data searches are + chunked. See <>. `frequency`:: - () TBD: For example: "150s" + (time units) The interval at which scheduled queries are made while the data + feed runs in real time. The default value is either the bucket span for short + bucket spans, or, for longer bucket spans, a sensible fraction of the bucket + span. For example: "150s". `indexes` (required):: - (array) An array of index names. For example: ["it_ops_metrics"] + (array) An array of index names. For example: ["it_ops_metrics"]. `job_id`:: (string) A numerical character string that uniquely identifies the job. `query`:: - (object) The query that retrieves the data. - By default, this property has the following value: `{"match_all": {"boost": 1}}`. + (object) The Elasticsearch query domain-specific language (DSL). This value + corresponds to the query object in an Elasticsearch search POST body. All the + options that are supported by Elasticsearch can be used, as this object is + passed verbatim to Elasticsearch. By default, this property has the following + value: `{"match_all": {"boost": 1}}`. If this property is not specified, the + default value is `“match_all”: {}`. `query_delay`:: - () TBD. For example: "60s" + (time units) The number of seconds behind real-time that data is queried. For + example, if data from 10:04 a.m. might not be searchable in Elasticsearch + until 10:06 a.m., set this property to 120 seconds. The default value is 60 + seconds. For example: "60s". `scroll_size`:: - () TBD. For example, 1000 + (unsigned integer) The `size` parameter that is used in Elasticsearch searches. + The default value is `1000`. `types` (required):: - () TBD. For example: ["network","sql","kpi"] + (array) A list of types to search for within the specified indices. + For example: ["network","sql","kpi"]. For more information about these properties, see <>.