All methods and paths for this operation:
Retrievs overall bucket results that summarize the bucket results of multiple anomaly detection jobs.
The overall_score is calculated by combining the scores of all the
buckets within the overall bucket span. First, the maximum
anomaly_score per anomaly detection job in the overall bucket is
calculated. Then the top_n of those scores are averaged to result in
the overall_score. This means that you can fine-tune the
overall_score so that it is more or less sensitive to the number of
jobs that detect an anomaly at the same time. For example, if you set
top_n to 1, the overall_score is the maximum bucket score in the
overall bucket. Alternatively, if you set top_n to the number of jobs,
the overall_score is high only when all jobs detect anomalies in that
overall bucket. If you set the bucket_span parameter (to a value
greater than its default), the overall_score is the maximum
overall_score of the overall buckets that have a span equal to the
jobs' largest bucket span.
monitor_mlIdentifier for the anomaly detection job. It can be a job identifier, a group name, a comma-separated list of jobs or groups, or a wildcard expression.
You can summarize the bucket results for all anomaly detection jobs by
using _all or by specifying * as the <job_id>.
Specifies what to do when the request:
_all string or no identifiers and there are no matches.If true, the request returns an empty jobs array when there are no
matches and the subset of results when there are partial matches. If this
parameter is false, the request returns a 404 status code when there
are no matches or only partial matches.
The span of the overall buckets. Must be greater or equal to the largest bucket span of the specified anomaly detection jobs, which is the default value.
By default, an overall bucket has a span equal to the largest bucket span
of the specified anomaly detection jobs. To override that behavior, use
the optional bucket_span parameter.
Returns overall buckets with timestamps earlier than this time.
If true, the output excludes interim results.
Returns overall buckets with overall scores greater than or equal to this value.
Returns overall buckets with timestamps after this time.
The number of top anomaly detection job bucket scores to be used in the
overall_score calculation.
Refer to the description for the allow_no_match query parameter.
Default value is true.
Refer to the description for the bucket_span query parameter.
Refer to the description for the exclude_interim query parameter.
Default value is false.
Refer to the description for the overall_score query parameter.
Refer to the description for the top_n query parameter.
Default value is 1.
GET _ml/anomaly_detectors/job-*/results/overall_buckets
{
"overall_score": 80,
"start": "1403532000000"
}resp = client.ml.get_overall_buckets(
job_id="job-*",
overall_score=80,
start="1403532000000",
)const response = await client.ml.getOverallBuckets({
job_id: "job-*",
overall_score: 80,
start: 1403532000000,
});response = client.ml.get_overall_buckets(
job_id: "job-*",
body: {
"overall_score": 80,
"start": "1403532000000"
}
)$resp = $client->ml()->getOverallBuckets([
"job_id" => "job-*",
"body" => [
"overall_score" => 80,
"start" => "1403532000000",
],
]);curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"overall_score":80,"start":"1403532000000"}' "$ELASTICSEARCH_URL/_ml/anomaly_detectors/job-*/results/overall_buckets"{
"overall_score": 80,
"start": "1403532000000"
}