[DOCS] Improvements on datafeed related docs (elastic/x-pack-elasticsearch#1293)
Original commit: elastic/x-pack-elasticsearch@4bb1932f0e
This commit is contained in:
parent
500170c456
commit
eae7d19d2f
|
@ -43,12 +43,11 @@ zone designators must be encoded as `%2B`.
|
||||||
If the system restarts, any jobs that had {dfeeds} running are also restarted.
|
If the system restarts, any jobs that had {dfeeds} running are also restarted.
|
||||||
|
|
||||||
When a stopped {dfeed} is restarted, it continues processing input data from
|
When a stopped {dfeed} is restarted, it continues processing input data from
|
||||||
the next millisecond after it was stopped. If your data contains the same
|
the next millisecond after it was stopped. If new data was indexed for that
|
||||||
timestamp (for example, it is summarized by minute), then data loss is possible
|
exact millisecond, between stopping and starting, it will be ignored.
|
||||||
for the timestamp value when the {dfeed} stopped. This situation can occur
|
|
||||||
because the job might not have completely processed all data for that millisecond.
|
|
||||||
If you specify a `start` value that is earlier than the timestamp of the latest
|
If you specify a `start` value that is earlier than the timestamp of the latest
|
||||||
processed record, that value is ignored.
|
processed record, the {dfeed} continues from 1 millisecond after the timestamp
|
||||||
|
of the latest processed record.
|
||||||
|
|
||||||
|
|
||||||
===== Path Parameters
|
===== Path Parameters
|
||||||
|
|
|
@ -33,7 +33,7 @@ The following properties can be updated after the {dfeed} is created:
|
||||||
bucket spans, or, for longer bucket spans, a sensible fraction of the bucket
|
bucket spans, or, for longer bucket spans, a sensible fraction of the bucket
|
||||||
span. For example: "150s".
|
span. For example: "150s".
|
||||||
|
|
||||||
`indexes` (required)::
|
`indexes`::
|
||||||
(array) An array of index names. For example: ["it_ops_metrics"].
|
(array) An array of index names. For example: ["it_ops_metrics"].
|
||||||
|
|
||||||
`job_id`::
|
`job_id`::
|
||||||
|
@ -55,7 +55,7 @@ The following properties can be updated after the {dfeed} is created:
|
||||||
(unsigned integer) The `size` parameter that is used in {es} searches.
|
(unsigned integer) The `size` parameter that is used in {es} searches.
|
||||||
The default value is `1000`.
|
The default value is `1000`.
|
||||||
|
|
||||||
`types` (required)::
|
`types`::
|
||||||
(array) A list of types to search for within the specified indices.
|
(array) A list of types to search for within the specified indices.
|
||||||
For example: ["network","sql","kpi"].
|
For example: ["network","sql","kpi"].
|
||||||
|
|
||||||
|
@ -70,89 +70,44 @@ For more information, see <<privileges-list-cluster>>.
|
||||||
|
|
||||||
===== Examples
|
===== Examples
|
||||||
|
|
||||||
The following example updates the `datafeed-it-ops-kpi` {dfeed}:
|
The following example updates the query for `datafeed-it-ops-kpi` {dfeed} so that
|
||||||
|
only log entries of error level are analyzed:
|
||||||
|
|
||||||
[source,js]
|
[source,js]
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
POST _xpack/ml/datafeeds/datafeed-it-ops-kpi/_update
|
POST _xpack/ml/datafeeds/datafeed-it-ops-kpi/_update
|
||||||
{
|
{
|
||||||
"query_delay": "60s",
|
"query": {
|
||||||
"frequency": "150s",
|
"term": {
|
||||||
"aggregations": {
|
"level": "error"
|
||||||
"buckets": {
|
}
|
||||||
"date_histogram": {
|
|
||||||
"field": "@timestamp",
|
|
||||||
"interval": 30000,
|
|
||||||
"offset": 0,
|
|
||||||
"order": {
|
|
||||||
"_key": "asc"
|
|
||||||
},
|
|
||||||
"keyed": false,
|
|
||||||
"min_doc_count": 0
|
|
||||||
},
|
|
||||||
"aggregations": {
|
|
||||||
"events_per_min": {
|
|
||||||
"sum": {
|
|
||||||
"field": "events_per_min"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"@timestamp": {
|
|
||||||
"max": {
|
|
||||||
"field": "@timestamp"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"scroll_size": 1000,
|
|
||||||
"chunking_config": {
|
|
||||||
"mode": "manual",
|
|
||||||
"time_span": "30000000ms"
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
// CONSOLE
|
// CONSOLE
|
||||||
// TEST[skip:todo]
|
// TEST[skip:todo]
|
||||||
|
|
||||||
When the {dfeed} is updated, you receive the following results:
|
When the {dfeed} is updated, you receive the full datafeed configuration with
|
||||||
|
with the updated values:
|
||||||
[source,js]
|
[source,js]
|
||||||
----
|
----
|
||||||
{
|
{
|
||||||
"datafeed_id": "datafeed-it-ops-kpi",
|
"datafeed_id": "datafeed-it-ops-kpi",
|
||||||
"job_id": "it-ops-kpi",
|
"job_id": "it-ops-kpi",
|
||||||
"query_delay": "60s",
|
"query_delay": "1m",
|
||||||
"frequency": "150s",
|
"indexes": ["it-ops"],
|
||||||
...
|
"types": ["logs"],
|
||||||
"aggregations": {
|
"query": {
|
||||||
"buckets": {
|
"term": {
|
||||||
"date_histogram": {
|
"level": {
|
||||||
"field": "@timestamp",
|
"value": "error",
|
||||||
"interval": 30000,
|
"boost": 1
|
||||||
"offset": 0,
|
|
||||||
"order": {
|
|
||||||
"_key": "asc"
|
|
||||||
},
|
|
||||||
"keyed": false,
|
|
||||||
"min_doc_count": 0
|
|
||||||
},
|
|
||||||
"aggregations": {
|
|
||||||
"events_per_min": {
|
|
||||||
"sum": {
|
|
||||||
"field": "events_per_min"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"@timestamp": {
|
|
||||||
"max": {
|
|
||||||
"field": "@timestamp"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"scroll_size": 1000,
|
"scroll_size": 1000,
|
||||||
"chunking_config": {
|
"chunking_config": {
|
||||||
"mode": "manual",
|
"mode": "auto"
|
||||||
"time_span": "30000000ms"
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
----
|
----
|
||||||
|
|
Loading…
Reference in New Issue