133 lines
3.0 KiB
Plaintext
133 lines
3.0 KiB
Plaintext
[[ml-get-record]]
|
|
==== Get Records
|
|
|
|
The get records API allows you to retrieve anomaly records for a job.
|
|
|
|
===== Request
|
|
|
|
`GET _xpack/ml/anomaly_detectors/<job_id>/results/records`
|
|
|
|
////
|
|
===== Description
|
|
|
|
|
|
////
|
|
===== Path Parameters
|
|
|
|
`job_id`::
|
|
(+string+) Identifier for the job.
|
|
|
|
===== Request Body
|
|
|
|
`desc`::
|
|
(+boolean+) If true, the results are sorted in descending order.
|
|
//TBD: Using the "sort" value?
|
|
|
|
`end`::
|
|
(+string+) Returns records with timestamps earlier than this time.
|
|
|
|
`expand`::
|
|
(+boolean+) TBD
|
|
//This field did not work on older build.
|
|
|
|
`from`::
|
|
(+integer+) Skips the specified number of records.
|
|
|
|
`include_interim`::
|
|
(+boolean+) If true, the output includes interim results.
|
|
|
|
`partition_value`::
|
|
(+string+) If `expand` is true, the records are filtered by this
|
|
partition value.
|
|
|
|
`record_score`::
|
|
(+double+) Returns records with anomaly scores higher than this value.
|
|
|
|
`size`::
|
|
(+integer+) Specifies the maximum number of records to obtain.
|
|
|
|
`sort`::
|
|
(+string+) Specifies the sort field for the requested records.
|
|
By default, the records are sorted by the `anomaly_score` value.
|
|
|
|
`start`::
|
|
(+string+) Returns records with timestamps after this time.
|
|
|
|
===== Results
|
|
|
|
The API returns the following information:
|
|
|
|
`records`::
|
|
(+array+) An array of record objects. For more information, see
|
|
<<ml-results-records,Records>>.
|
|
|
|
////
|
|
===== Responses
|
|
|
|
200
|
|
(EmptyResponse) The cluster has been successfully deleted
|
|
404
|
|
(BasicFailedReply) The cluster specified by {cluster_id} cannot be found (code: clusters.cluster_not_found)
|
|
412
|
|
(BasicFailedReply) The Elasticsearch cluster has not been shutdown yet (code: clusters.cluster_plan_state_error)
|
|
////
|
|
===== Examples
|
|
|
|
The following example gets bucket information for the `it-ops-kpi` job:
|
|
|
|
[source,js]
|
|
--------------------------------------------------
|
|
GET _xpack/ml/anomaly_detectors/it-ops-kpi/results/buckets
|
|
{
|
|
"sort": "record_score",
|
|
"desc": true,
|
|
"start": "1454944200000"
|
|
}
|
|
--------------------------------------------------
|
|
// CONSOLE
|
|
// TEST[skip:todo]
|
|
|
|
In this example, the API returns a single result that matches the specified
|
|
score and time constraints:
|
|
----
|
|
{
|
|
"count": 6,
|
|
"records": [
|
|
{
|
|
"job_id": "it_ops_new_kpi",
|
|
"result_type": "record",
|
|
"probability": 0.000113075,
|
|
"record_score": 86.9677,
|
|
"initial_record_score": 82.8891,
|
|
"bucket_span": 600,
|
|
"detector_index": 0,
|
|
"sequence_num": 1,
|
|
"is_interim": false,
|
|
"timestamp": 1454944200000,
|
|
"partition_field_name": "kpi_indicator",
|
|
"partition_field_value": "online_purchases",
|
|
"function": "low_non_zero_count",
|
|
"function_description": "count",
|
|
"typical": [
|
|
3582.53
|
|
],
|
|
"actual": [
|
|
575
|
|
],
|
|
"influencers": [
|
|
{
|
|
"influencer_field_name": "kpi_indicator",
|
|
"influencer_field_values": [
|
|
"online_purchases"
|
|
]
|
|
}
|
|
],
|
|
"kpi_indicator": [
|
|
"online_purchases"
|
|
]
|
|
},
|
|
...
|
|
]
|
|
}
|
|
----
|