IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Get Categories APIedit
Retrieves job results for one or more categories.
Requestedit
GET _xpack/ml/anomaly_detectors/<job_id>/results/categories
GET _xpack/ml/anomaly_detectors/<job_id>/results/categories/<category_id>
Descriptionedit
For more information about categories, see Categorizing log messages.
Path Parametersedit
-
job_id
- (string) Identifier for the job.
-
category_id
- (long) Identifier for the category. If you do not specify this optional parameter, the API returns information about all categories in the job.
Request Bodyedit
-
page
-
-
from
- (integer) Skips the specified number of categories.
-
size
- (integer) Specifies the maximum number of categories to obtain.
-
Resultsedit
The API returns the following information:
-
categories
- (array) An array of category objects. For more information, see Categories.
Authorizationedit
You must have monitor_ml
, monitor
, manage_ml
, or manage
cluster
privileges to use this API. You also need read
index privilege on the index
that stores the results. The machine_learning_admin
and machine_learning_user
roles provide these privileges. For more information, see
Security privileges and
Built-in roles.
Examplesedit
The following example gets information about one category for the
esxi_log
job:
GET _xpack/ml/anomaly_detectors/esxi_log/results/categories { "page":{ "size": 1 } }
In this example, the API returns the following information:
{ "count": 11, "categories": [ { "job_id" : "esxi_log", "category_id" : 1, "terms" : "Vpxa verbose vpxavpxaInvtVm opID VpxaInvtVmChangeListener Guest DiskInfo Changed", "regex" : ".*?Vpxa.+?verbose.+?vpxavpxaInvtVm.+?opID.+?VpxaInvtVmChangeListener.+?Guest.+?DiskInfo.+?Changed.*", "max_matching_length": 154, "examples" : [ "Oct 19 17:04:44 esxi1.acme.com Vpxa: [3CB3FB90 verbose 'vpxavpxaInvtVm' opID=WFU-33d82c31] [VpxaInvtVmChangeListener] Guest DiskInfo Changed", "Oct 19 17:04:45 esxi2.acme.com Vpxa: [3CA66B90 verbose 'vpxavpxaInvtVm' opID=WFU-33927856] [VpxaInvtVmChangeListener] Guest DiskInfo Changed", "Oct 19 17:04:51 esxi1.acme.com Vpxa: [FFDBAB90 verbose 'vpxavpxaInvtVm' opID=WFU-25e0d447] [VpxaInvtVmChangeListener] Guest DiskInfo Changed", "Oct 19 17:04:58 esxi2.acme.com Vpxa: [FFDDBB90 verbose 'vpxavpxaInvtVm' opID=WFU-bbff0134] [VpxaInvtVmChangeListener] Guest DiskInfo Changed" ], "grok_pattern" : ".*?%{SYSLOGTIMESTAMP:timestamp}.+?Vpxa.+?%{BASE16NUM:field}.+?verbose.+?vpxavpxaInvtVm.+?opID.+?VpxaInvtVmChangeListener.+?Guest.+?DiskInfo.+?Changed.*" } ] }