diff --git a/_monitoring-plugins/ad/api.md b/_monitoring-plugins/ad/api.md index 9abf4b0f..1abd8eb8 100644 --- a/_monitoring-plugins/ad/api.md +++ b/_monitoring-plugins/ad/api.md @@ -332,6 +332,97 @@ Options | Description | Type | Required --- +## Validate detector +Introduced 1.2 +{: .label .label-purple } + +Returns whether the detector configuration has any issues that might prevent OpenSearch from creating the detector. + +You can use the validate API to identify issues in your model configuration before creating the detector. + +The request body consists of the detector configuration and follows the same format as the request body of the create detector API: + +#### Request + +```json +POST _plugins/_anomaly_detection/detectors/_validate +POST _plugins/_anomaly_detection/detectors/_validate/detector +{ + "name": "test-detector", + "description": "Test detector", + "time_field": "timestamp", + "indices": [ + "server_log*" + ], + "feature_attributes": [ + { + "feature_name": "test", + "feature_enabled": true, + "aggregation_query": { + "test": { + "sum": { + "field": "value" + } + } + } + } + ], + "filter_query": { + "bool": { + "filter": [ + { + "range": { + "value": { + "gt": 1 + } + } + } + ], + "adjust_pure_negative": true, + "boost": 1 + } + }, + "detection_interval": { + "period": { + "interval": 1, + "unit": "Minutes" + } + }, + "window_delay": { + "period": { + "interval": 1, + "unit": "Minutes" + } + } +} +``` + +If the validate API doesn’t find any issue in the detector configuration, it returns an empty response: + +#### Sample response + +```json +{} +``` + +If the validate API finds an issue, it returns a message explaining what's wrong with the configuration. In this example, the feature query is aggregating over a field that doesn’t exist in the data source: + +#### Sample response + +```json +{ + "detector": { + "feature_attributes": { + "message": "Feature has invalid query returning empty aggregated data: average_total_rev", + "sub_issues": { + "average_total_rev": "Feature has invalid query returning empty aggregated data" + } + } + } +} +``` +--- + ## Get detector Introduced 1.0 {: .label .label-purple } diff --git a/_monitoring-plugins/ad/index.md b/_monitoring-plugins/ad/index.md index 88161545..afc6d0e7 100644 --- a/_monitoring-plugins/ad/index.md +++ b/_monitoring-plugins/ad/index.md @@ -110,7 +110,12 @@ We recommend experimenting with historical analysis with different feature sets ## Step 4: Review and create -Review your model configuration and select **Create detector**. +Review your detector settings and model configurations to make sure that they're valid and then proceed to select **Create detector**. + +![Anomaly detection results]({{site.url}}{{site.baseurl}}/images/review_ad.png) + +If you see any validation errors, edit the settings to fix the errors and then return back to this page. +{: .note } ## Step 5: Observe the results diff --git a/_security-plugin/access-control/permissions.md b/_security-plugin/access-control/permissions.md index 19858bb5..869c2a15 100644 --- a/_security-plugin/access-control/permissions.md +++ b/_security-plugin/access-control/permissions.md @@ -80,8 +80,10 @@ These permissions are for the cluster and can't be applied granularly. For examp - cluster:admin/opendistro/ad/detector/search - cluster:admin/opendistro/ad/detector/stats - cluster:admin/opendistro/ad/detector/write +- cluster:admin/opendistro/ad/detector/validate - cluster:admin/opendistro/ad/detectors/get - cluster:admin/opendistro/ad/result/search +- cluster:admin/opendistro/ad/result/topAnomalies - cluster:admin/opendistro/ad/tasks/search - cluster:admin/opendistro/alerting/alerts/ack (acknowledge) - cluster:admin/opendistro/alerting/alerts/get diff --git a/images/review_ad.png b/images/review_ad.png new file mode 100644 index 00000000..2c387843 Binary files /dev/null and b/images/review_ad.png differ