175 lines
5.5 KiB
Plaintext
175 lines
5.5 KiB
Plaintext
[role="xpack"]
|
|
[testenv="platinum"]
|
|
[[put-dfanalytics]]
|
|
=== Create {dfanalytics-jobs} API
|
|
[subs="attributes"]
|
|
++++
|
|
<titleabbrev>Create {dfanalytics-jobs}</titleabbrev>
|
|
++++
|
|
|
|
Instantiates a {dfanalytics-job}.
|
|
|
|
experimental[]
|
|
|
|
[[ml-put-dfanalytics-request]]
|
|
==== {api-request-title}
|
|
|
|
`PUT _ml/data_frame/analytics/<data_frame_analytics_id>`
|
|
|
|
|
|
[[ml-put-dfanalytics-prereq]]
|
|
==== {api-prereq-title}
|
|
|
|
* You must have `machine_learning_admin` built-in role to use this API. You must
|
|
also have `read` and `view_index_metadata` privileges on the source index and
|
|
`read`, `create_index`, and `index` privileges on the destination index. For
|
|
more information, see {stack-ov}/security-privileges.html[Security privileges]
|
|
and {stack-ov}/built-in-roles.html[Built-in roles].
|
|
|
|
|
|
[[ml-put-dfanalytics-desc]]
|
|
==== {api-description-title}
|
|
|
|
This API creates a {dfanalytics-job} that performs an analysis on the source
|
|
index and stores the outcome in a destination index.
|
|
|
|
The destination index will be automatically created if it does not exist. The
|
|
`index.number_of_shards` and `index.number_of_replicas` settings of the source
|
|
index will be copied over the destination index. When the source index matches
|
|
multiple indices, these settings will be set to the maximum values found in the
|
|
source indices.
|
|
|
|
The mappings of the source indices are also attempted to be copied over
|
|
to the destination index, however, if the mappings of any of the fields don't
|
|
match among the source indices, the attempt will fail with an error message.
|
|
|
|
If the destination index already exists, then it will be use as is. This makes
|
|
it possible to set up the destination index in advance with custom settings
|
|
and mappings.
|
|
|
|
|
|
[[ml-put-dfanalytics-path-params]]
|
|
==== {api-path-parms-title}
|
|
|
|
`<data_frame_analytics_id>`::
|
|
(Required, string) A numerical character string that uniquely identifies the
|
|
{dfanalytics-job}. This identifier can contain lowercase alphanumeric
|
|
characters (a-z and 0-9), hyphens, and underscores. It must start and end with
|
|
alphanumeric characters.
|
|
|
|
|
|
[[ml-put-dfanalytics-request-body]]
|
|
==== {api-request-body-title}
|
|
|
|
`analysis`::
|
|
(Required, object) Defines the type of {dfanalytics} you want to perform on your source
|
|
index. For example: `outlier_detection`. See <<dfanalytics-types>>.
|
|
|
|
`analyzed_fields`::
|
|
(Optional, object) You can specify both `includes` and/or `excludes` patterns.
|
|
If `analyzed_fields` is not set, only the relevant fields will be included.
|
|
For example, all the numeric fields for {oldetection}.
|
|
|
|
`analyzed_fields.includes`:::
|
|
(Optional, array) An array of strings that defines the fields that will be
|
|
included in the analysis.
|
|
|
|
`analyzed_fields.excludes`:::
|
|
(Optional, array) An array of strings that defines the fields that will be
|
|
excluded from the analysis.
|
|
|
|
`description`::
|
|
(Optional, string) A description of the job.
|
|
|
|
`dest`::
|
|
(Required, object) The destination configuration, consisting of `index` and
|
|
optionally `results_field` (`ml` by default).
|
|
|
|
`index`:::
|
|
(Required, string) Defines the _destination index_ to store the results of
|
|
the {dfanalytics-job}.
|
|
|
|
`results_field`:::
|
|
(Optional, string) Defines the name of the field in which to store the
|
|
results of the analysis. Default to `ml`.
|
|
|
|
`model_memory_limit`::
|
|
(Optional, string) The approximate maximum amount of memory resources that are
|
|
permitted for analytical processing. The default value for {dfanalytics-jobs}
|
|
is `1gb`. If your `elasticsearch.yml` file contains an
|
|
`xpack.ml.max_model_memory_limit` setting, an error occurs when you try to
|
|
create {dfanalytics-jobs} that have `model_memory_limit` values greater than
|
|
that setting. For more information, see <<ml-settings>>.
|
|
|
|
`source`::
|
|
(Required, object) The source configuration, consisting of `index` and
|
|
optionally a `query`.
|
|
|
|
`index`:::
|
|
(Required, string or array) Index or indices on which to perform the
|
|
analysis. It can be a single index or index pattern as well as an array of
|
|
indices or patterns.
|
|
|
|
`query`:::
|
|
(Optional, object) The {es} query domain-specific language
|
|
(<<query-dsl,DSL>>). This value corresponds to the query object in an {es}
|
|
search POST body. All the options that are supported by {es} can be used,
|
|
as this object is passed verbatim to {es}. By default, this property has
|
|
the following value: `{"match_all": {}}`.
|
|
|
|
|
|
[[ml-put-dfanalytics-example]]
|
|
==== {api-examples-title}
|
|
|
|
The following example creates the `loganalytics` {dfanalytics-job}, the analysis
|
|
type is `outlier_detection`:
|
|
|
|
[source,console]
|
|
--------------------------------------------------
|
|
PUT _ml/data_frame/analytics/loganalytics
|
|
{
|
|
"description": "Outlier detection on log data",
|
|
"source": {
|
|
"index": "logdata"
|
|
},
|
|
"dest": {
|
|
"index": "logdata_out"
|
|
},
|
|
"analysis": {
|
|
"outlier_detection": {
|
|
}
|
|
}
|
|
}
|
|
--------------------------------------------------
|
|
// TEST[setup:setup_logdata]
|
|
|
|
|
|
The API returns the following result:
|
|
|
|
[source,console-result]
|
|
----
|
|
{
|
|
"id" : "loganalytics",
|
|
"description": "Outlier detection on log data",
|
|
"source" : {
|
|
"index" : [
|
|
"logdata"
|
|
],
|
|
"query" : {
|
|
"match_all" : { }
|
|
}
|
|
},
|
|
"dest" : {
|
|
"index" : "logdata_out",
|
|
"results_field" : "ml"
|
|
},
|
|
"analysis" : {
|
|
"outlier_detection" : { }
|
|
},
|
|
"model_memory_limit" : "1gb",
|
|
"create_time" : 1562351429434,
|
|
"version" : "7.3.0"
|
|
}
|
|
----
|
|
// TESTRESPONSE[s/1562351429434/$body.$_path/]
|
|
// TESTRESPONSE[s/"version" : "7.3.0"/"version" : $body.version/] |