[[ml-get-record]]
//lcawley Verified example output 2017-04-11
==== Get Records

The get records API enables you to retrieve anomaly records for a job.

===== Request

`GET _xpack/ml/anomaly_detectors/<job_id>/results/records`

////
===== Description

////
===== Path Parameters

`job_id`::
  (+string+) Identifier for the job.

===== Request Body

`desc`::
  (+boolean+) If true, the results are sorted in descending order.

`end`::
  (+string+) Returns records with timestamps earlier than this time.

`expand`::
  (+boolean+) TBD
//This field did not work on older build.

`from`::
  (+integer+) Skips the specified number of records.

`include_interim`::
  (+boolean+) If true, the output includes interim results.

`partition_value`::
  (+string+) If `expand` is true, the records are filtered by this
  partition value.

`record_score`::
  (+double+) Returns records with anomaly scores higher than this value.

`size`::
  (+integer+) Specifies the maximum number of records to obtain.

`sort`::
  (+string+) Specifies the sort field for the requested records.
  By default, the records are sorted by the `anomaly_score` value.

`start`::
  (+string+) Returns records with timestamps after this time.

===== Results

The API returns the following information:

`records`::
  (+array+) An array of record objects. For more information, see
  <<ml-results-records,Records>>.

////
  ===== Responses

  200
  (EmptyResponse) The cluster has been successfully deleted
  404
  (BasicFailedReply) The cluster specified by {cluster_id} cannot be found (code: clusters.cluster_not_found)
  412
  (BasicFailedReply) The Elasticsearch cluster has not been shutdown yet (code: clusters.cluster_plan_state_error)
////
===== Examples

The following example gets bucket information for the `it-ops-kpi` job:

[source,js]
--------------------------------------------------
GET _xpack/ml/anomaly_detectors/it-ops-kpi/results/records
{
  "sort": "record_score",
  "desc": true,
  "start": "1454944100000"
}
--------------------------------------------------
// CONSOLE
// TEST[skip:todo]

In this example, the API returns twelve results for the specified
time constraints:
----
{
  "count": 12,
  "records": [
    {
      "job_id": "it-ops-kpi",
      "result_type": "record",
      "probability": 0.00000332668,
      "record_score": 72.9929,
      "initial_record_score": 65.7923,
      "bucket_span": 300,
      "detector_index": 0,
      "sequence_num": 1,
      "is_interim": false,
      "timestamp": 1454944200000,
      "function": "low_sum",
      "function_description": "sum",
      "typical": [
        1806.48
      ],
      "actual": [
        288
      ],
      "field_name": "events_per_min"
    },
  ...
  ]
}
----