From 1091285780b96832ebece8c6146559b0bfceb7f4 Mon Sep 17 00:00:00 2001 From: ashwinkumar12345 Date: Thu, 11 Nov 2021 13:59:50 -0800 Subject: [PATCH] Incorporated feedback Signed-off-by: ashwinkumar12345 --- _monitoring-plugins/ad/api.md | 34 +++++++++++++++++++++++++++------ _monitoring-plugins/ad/index.md | 8 ++++++-- 2 files changed, 34 insertions(+), 8 deletions(-) diff --git a/_monitoring-plugins/ad/api.md b/_monitoring-plugins/ad/api.md index af3b4946..e8a03522 100644 --- a/_monitoring-plugins/ad/api.md +++ b/_monitoring-plugins/ad/api.md @@ -1975,18 +1975,38 @@ Introduced 1.0 Returns all results for a search query. -Specify the `only_query_custom_result_index` parameter (default value is `false`) to search both the custom result index and default result index. To search only the custom result index, set this parameter to `true`: +You have the following search options: -```json -POST _plugins/_anomaly_detection/detectors/results/_search/?only_query_custom_result_index=true -``` +- To search only the default result index, simply use the search API: + + ```json + POST _plugins/_anomaly_detection/detectors/results/_search/ + ``` + +- To search both the custom result index and default result index, you can either add the custom result index to the search API: + + ```json + POST _plugins/_anomaly_detection/detectors/results/_search/ + ``` + + Or, add the custom result index and set the `only_query_custom_result_index` parameter to `false`: + + ```json + POST _plugins/_anomaly_detection/detectors/results/_search/?only_query_custom_result_index=false + ``` + +- To search only the custom result index, add the custom result index to the search API and set the `only_query_custom_result_index` parameter to `true`: + + ```json + POST _plugins/_anomaly_detection/detectors/results/_search/?only_query_custom_result_index=true + ``` The following example searches anomaly results for grade greater than 0 for real-time analysis: #### Request ```json -GET_plugins/_anomaly_detection/detectors/results/_search/opensearch-ad-plugin-result-test +GET _plugins/_anomaly_detection/detectors/results/_search/opensearch-ad-plugin-result-test POST _plugins/_anomaly_detection/detectors/results/_search/opensearch-ad-plugin-result-test { "query": { @@ -2918,7 +2938,9 @@ Introduced 1.1 Deletes the results of a detector based on a query. -This command doesn't delete any custom result indices. You need to manually delete any custom result indices that you don’t need anymore. +The delete detector results API only deletes anomaly result documents in the default result index. It doesn't support deleting anomaly result documents stored in any custom result indices. + +You need to manually delete anomaly result documents that you don't need from custom result indices. #### Request diff --git a/_monitoring-plugins/ad/index.md b/_monitoring-plugins/ad/index.md index cfb5cd4a..a29be684 100644 --- a/_monitoring-plugins/ad/index.md +++ b/_monitoring-plugins/ad/index.md @@ -44,7 +44,11 @@ A detector is an individual anomaly detection task. You can define multiple dete - This value tells the detector that the data is not ingested into OpenSearch in real time but with a certain delay. Set the window delay to shift the detector interval to account for this delay. - For example, say the detector interval is 10 minutes and data is ingested into your cluster with a general delay of 1 minute. Assume the detector runs at 2:00. The detector attempts to get the last 10 minutes of data from 1:50 to 2:00, but because of the 1-minute delay, it only gets 9 minutes of data and misses the data from 1:59 to 2:00. Setting the window delay to 1 minute shifts the interval window to 1:49 - 1:59, so the detector accounts for all 10 minutes of the detector interval time. 1. Specify custom result index. - - If you want to store the anomaly detection results in your own index, choose **Enable custom result index** and specify the custom index to store the result. + - If you want to store the anomaly detection results in your own index, choose **Enable custom result index** and specify the custom index to store the result. The anomaly detection plugin adds an `opensearch-ad-plugin-result-` prefix to the index name that you input. For example, if you input `abc` as the result index name, the final index name is `opensearch-ad-plugin-result-abc`. + + You can use the dash “-” sign to separate the namespace to manage custom result index permissions. For example, if you use `opensearch-ad-plugin-result-financial-us-group1` as the result index, you can create a permission role based on the pattern `opensearch-ad-plugin-result-financial-us-*` to represent the "financial" department at a granular level for the "us" area. + {: .note } + - If the custom index you specify doesn’t already exist, the anomaly detection plugin creates this index when you create the detector and start your real-time or historical analysis. - If the custom index already exists, the plugin checks if the index mapping of the custom index matches the anomaly result file. You need to make sure the custom index has valid mapping as shown here: [anomaly-results.json](https://github.com/opensearch-project/anomaly-detection/blob/main/src/main/resources/mappings/anomaly-results.json). - To use the custom result index option, you need the following permissions: @@ -54,7 +58,7 @@ A detector is an individual anomaly detection task. You can define multiple dete - `indices:data/write/bulk*` - You need the `bulk*` permission because the anomaly detection plugin uses the bulk API to write results into the custom index. - Managing the custom result index: - The anomaly detection dashboard queries all detectors’ results from all custom result indices. Having too many custom result indices might impact the performance of the anomaly detection plugin. - - We recommend you use [Index State Management]({{site.url}}{{site.baseurl}}/im-plugin/ism/index/) to rollover old result indices. You can also manually delete or archive any old result indices. + - You can use [Index State Management]({{site.url}}{{site.baseurl}}/im-plugin/ism/index/) to rollover old result indices. You can also manually delete or archive any old result indices. We recommend reusing a custom result index for multiple detectors. 1. Choose **Next**. After you define the detector, the next step is to configure the model.