IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Get categories APIedit
Retrieves anomaly detection job results for one or more categories.
Requestedit
GET _ml/anomaly_detectors/<job_id>/results/categories
GET _ml/anomaly_detectors/<job_id>/results/categories/<category_id>
Prerequisitesedit
-
You must have
monitor_ml
,monitor
,manage_ml
, ormanage
cluster privileges to use this API. You also needread
index privilege on the index that stores the results. Themachine_learning_admin
andmachine_learning_user
roles provide these privileges. For more information, see Security privileges and Built-in roles.
Descriptionedit
For more information about categories, see Categorizing Log Messages.
Path parametersedit
-
<job_id>
- (Required, string) Identifier for the anomaly detection job.
-
<category_id>
- (Optional, long) Identifier for the category. If you do not specify this parameter, the API returns information about all categories in the anomaly detection job.
Request bodyedit
-
page
-
-
from
- (integer) Skips the specified number of categories.
-
size
- (integer) Specifies the maximum number of categories to obtain.
-
Response bodyedit
The API returns the following information:
-
categories
- (array) An array of category objects. For more information, see Categories.
Examplesedit
The following example gets information about one category for the
esxi_log
job:
GET _ml/anomaly_detectors/esxi_log/results/categories { "page":{ "size": 1 } }
In this example, the API returns the following information:
{ "count": 11, "categories": [ { "job_id" : "esxi_log", "category_id" : 1, "terms" : "Vpxa verbose vpxavpxaInvtVm opID VpxaInvtVmChangeListener Guest DiskInfo Changed", "regex" : ".*?Vpxa.+?verbose.+?vpxavpxaInvtVm.+?opID.+?VpxaInvtVmChangeListener.+?Guest.+?DiskInfo.+?Changed.*", "max_matching_length": 154, "examples" : [ "Oct 19 17:04:44 esxi1.acme.com Vpxa: [3CB3FB90 verbose 'vpxavpxaInvtVm' opID=WFU-33d82c31] [VpxaInvtVmChangeListener] Guest DiskInfo Changed", "Oct 19 17:04:45 esxi2.acme.com Vpxa: [3CA66B90 verbose 'vpxavpxaInvtVm' opID=WFU-33927856] [VpxaInvtVmChangeListener] Guest DiskInfo Changed", "Oct 19 17:04:51 esxi1.acme.com Vpxa: [FFDBAB90 verbose 'vpxavpxaInvtVm' opID=WFU-25e0d447] [VpxaInvtVmChangeListener] Guest DiskInfo Changed", "Oct 19 17:04:58 esxi2.acme.com Vpxa: [FFDDBB90 verbose 'vpxavpxaInvtVm' opID=WFU-bbff0134] [VpxaInvtVmChangeListener] Guest DiskInfo Changed" ], "grok_pattern" : ".*?%{SYSLOGTIMESTAMP:timestamp}.+?Vpxa.+?%{BASE16NUM:field}.+?verbose.+?vpxavpxaInvtVm.+?opID.+?VpxaInvtVmChangeListener.+?Guest.+?DiskInfo.+?Changed.*" } ] }