honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
OpenSearch/docs/en/rest-api/ml/update-datafeed.asciidoc

161 lines
4.2 KiB
Plaintext
Raw Blame History

//lcawley Verified example output 2017-04
[[ml-update-datafeed]]
==== Update Data Feeds
The update data feed API enables you to update certain properties of a data feed.
===== Request
`POST _xpack/ml/datafeeds/<feed_id>/_update`
//===== Description
===== Path Parameters
`feed_id` (required)::
(string) Identifier for the data feed
===== Request Body
The following properties can be updated after the data feed is created:
`aggregations`::
(object) If set, the data feed performs aggregation searches.
For more information, see <<ml-datafeed-resource>>.
`chunking_config`::
(object) The chunking configuration, which specifies how data searches are
chunked. See <<ml-datafeed-chunking-config>>.
`frequency`::
(time units) The interval at which scheduled queries are made while the data
feed runs in real time. The default value is either the bucket span for short
bucket spans, or, for longer bucket spans, a sensible fraction of the bucket
span. For example: "150s".
`indexes` (required)::
(array) An array of index names. For example: ["it_ops_metrics"].
`job_id`::
(string) A numerical character string that uniquely identifies the job.
`query`::
(object) The Elasticsearch query domain-specific language (DSL). This value
corresponds to the query object in an Elasticsearch search POST body. All the
options that are supported by Elasticsearch can be used, as this object is
passed verbatim to Elasticsearch. By default, this property has the following
value: `{"match_all": {"boost": 1}}`. If this property is not specified, the
default value is `“match_all”: {}`.
`query_delay`::
(time units) The number of seconds behind real-time that data is queried. For
example, if data from 10:04 a.m. might not be searchable in Elasticsearch
until 10:06 a.m., set this property to 120 seconds. The default value is 60
seconds. For example: "60s".
`scroll_size`::
(unsigned integer) The `size` parameter that is used in Elasticsearch searches.
The default value is `1000`.
`types` (required)::
(array) A list of types to search for within the specified indices.
For example: ["network","sql","kpi"].
For more information about these properties,
see <<ml-datafeed-resource, Data Feed Resources>>.
===== Authorization
You must have `manage_ml`, or `manage` cluster privileges to use this API.
For more information, see <<privileges-list-cluster>>.
===== Examples
The following example updates the `it-ops-kpi` job:
[source,js]
--------------------------------------------------
POST _xpack/ml/datafeeds/datafeed-it-ops-kpi/_update
{
"query_delay": "60s",
"frequency": "150s",
"aggregations": {
"buckets": {
"date_histogram": {
"field": "@timestamp",
"interval": 30000,
"offset": 0,
"order": {
"_key": "asc"
},
"keyed": false,
"min_doc_count": 0
},
"aggregations": {
"events_per_min": {
"sum": {
"field": "events_per_min"
}
},
"@timestamp": {
"max": {
"field": "@timestamp"
}
}
}
}
},
"scroll_size": 1000,
"chunking_config": {
"mode": "manual",
"time_span": "30000000ms"
}
}
--------------------------------------------------
// CONSOLE
// TEST[skip:todo]
When the data feed is updated, you receive the following results:
[source,js]
----
{
"datafeed_id": "datafeed-it-ops-kpi",
"job_id": "it-ops-kpi",
"query_delay": "60s",
"frequency": "150s",
...
"aggregations": {
"buckets": {
"date_histogram": {
"field": "@timestamp",
"interval": 30000,
"offset": 0,
"order": {
"_key": "asc"
},
"keyed": false,
"min_doc_count": 0
},
"aggregations": {
"events_per_min": {
"sum": {
"field": "events_per_min"
}
},
"@timestamp": {
"max": {
"field": "@timestamp"
}
}
}
}
},
"scroll_size": 1000,
"chunking_config": {
"mode": "manual",
"time_span": "30000000ms"
}
}
----
Reference in New Issue View Git Blame Copy Permalink