[[ml-get-record]] //lcawley Verified example output 2017-04-11 ==== Get Records The get records API enables you to retrieve anomaly records for a job. ===== Request `GET _xpack/ml/anomaly_detectors//results/records` //===== Description ===== Path Parameters `job_id`:: (string) Identifier for the job. ===== Request Body `desc`:: (boolean) If true, the results are sorted in descending order. `end`:: (string) Returns records with timestamps earlier than this time. `exclude_interim`:: (boolean) If true, the output excludes interim results. By default, interim results are included. `page`:: `from`::: (integer) Skips the specified number of records. `size`::: (integer) Specifies the maximum number of records to obtain. `record_score`:: (double) Returns records with anomaly scores higher than this value. `sort`:: (string) Specifies the sort field for the requested records. By default, the records are sorted by the `anomaly_score` value. `start`:: (string) Returns records with timestamps after this time. ===== Results The API returns the following information: `records`:: (array) An array of record objects. For more information, see <>. ===== Authorization You must have `monitor_ml`, `monitor`, `manage_ml`, or `manage` cluster privileges to use this API. You also need `read` index privilege on the index that stores the results. The `machine_learning_admin` and `machine_learning_user` roles provide these privileges. For more information, see <> and <>. ===== Examples The following example gets record information for the `it-ops-kpi` job: [source,js] -------------------------------------------------- GET _xpack/ml/anomaly_detectors/it-ops-kpi/results/records { "sort": "record_score", "desc": true, "start": "1454944100000" } -------------------------------------------------- // CONSOLE // TEST[skip:todo] In this example, the API returns twelve results for the specified time constraints: [source,js] ---- { "count": 12, "records": [ { "job_id": "it-ops-kpi", "result_type": "record", "probability": 0.00000332668, "record_score": 72.9929, "initial_record_score": 65.7923, "bucket_span": 300, "detector_index": 0, "sequence_num": 1, "is_interim": false, "timestamp": 1454944200000, "function": "low_sum", "function_description": "sum", "typical": [ 1806.48 ], "actual": [ 288 ], "field_name": "events_per_min" }, ... ] } ----