WARNING: Version 5.4 of the Elastic Stack has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Get Bucketsedit
The get bucket API enables you to retrieve job results for one or more buckets.
Requestedit
GET _xpack/ml/anomaly_detectors/<job_id>/results/buckets
GET _xpack/ml/anomaly_detectors/<job_id>/results/buckets/<timestamp>
Descriptionedit
This API presents a chronological view of the records, grouped by bucket.
Path Parametersedit
-
job_id
- (string) Identifier for the job
-
timestamp
- (string) The timestamp of a single bucket result. If you do not specify this optional parameter, the API returns information about all buckets.
Request Bodyedit
-
anomaly_score
- (double) Returns buckets with anomaly scores higher than this value.
-
end
- (string) Returns buckets with timestamps earlier than this time.
-
exclude_interim
- (boolean) If true, the output excludes interim results. By default, interim results are included.
-
expand
- (boolean) If true, the output includes anomaly records.
-
page
-
-
from
- (integer) Skips the specified number of buckets.
-
size
- (integer) Specifies the maximum number of buckets to obtain.
-
-
start
- (string) Returns buckets with timestamps after this time.
Authorizationedit
You must have monitor_ml
, monitor
, manage_ml
, or manage
cluster
privileges to use this API. You also need read
index privilege on the index
that stores the results. The machine_learning_admin
and machine_learning_user
roles provide these privileges. For more information, see
Security Privileges and Built-in Roles.
Examplesedit
The following example gets bucket information for the it-ops-kpi
job:
GET _xpack/ml/anomaly_detectors/it-ops-kpi/results/buckets { "anomaly_score": 80, "start": "1454530200001" }
In this example, the API returns a single result that matches the specified score and time constraints:
{ "count": 1, "buckets": [ { "job_id": "it-ops-kpi", "timestamp": 1454943900000, "anomaly_score": 94.1706, "bucket_span": 300, "initial_anomaly_score": 94.1706, "record_count": 1, "event_count": 153, "is_interim": false, "bucket_influencers": [ { "job_id": "it-ops-kpi", "result_type": "bucket_influencer", "influencer_field_name": "bucket_time", "initial_anomaly_score": 94.1706, "anomaly_score": 94.1706, "raw_anomaly_score": 2.32119, "probability": 0.00000575042, "timestamp": 1454943900000, "bucket_span": 300, "sequence_num": 2, "is_interim": false } ], "processing_time_ms": 2, "partition_scores": [], "result_type": "bucket" } ] }