Path parameters

• job_id string Required

  Identifier for the anomaly detection job.

Query parameters

• anomaly_score number

  Returns buckets with anomaly scores greater or equal than this value.

• desc boolean

  If true, the buckets are sorted in descending order.

• end string | number

  Returns buckets with timestamps earlier than this time. -1 means it is unset and results are not limited to specific timestamps.

• exclude_interim boolean

  If true, the output excludes interim results.

• expand boolean

  If true, the output includes anomaly records.

• from number

  Skips the specified number of buckets.

• size number

  Specifies the maximum number of buckets to obtain.

• sort string

  Specifies the sort field for the requested buckets.

• start string | number

  Returns buckets with timestamps after this time. -1 means it is unset and results are not limited to specific timestamps.

Responses

• 200 application/json
  Hide response attributes Show response attributes object

  • buckets array[object] Required
    Hide buckets attributes Show buckets attributes object

    • anomaly_score number Required

      The maximum anomaly score, between 0-100, for any of the bucket influencers. This is an overall, rate-limited score for the job. All the anomaly records in the bucket contribute to this score. This value might be updated as new data is analyzed.

    • bucket_influencers array[object] Required
      Hide bucket_influencers attributes Show bucket_influencers attributes object

      • anomaly_score number Required

        A normalized score between 0-100, which is calculated for each bucket influencer. This score might be updated as newer data is analyzed.

      • bucket_span number

        Time unit for seconds

      • influencer_field_name string Required

        Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

      • initial_anomaly_score number Required

        The score between 0-100 for each bucket influencer. This score is the initial value that was calculated at the time the bucket was processed.

      • is_interim boolean Required

        If true, this is an interim result. In other words, the results are calculated based on partial input data.

      • job_id string Required
      • probability number Required

        The probability that the bucket has this behavior, in the range 0 to 1. This value can be held to a high precision of over 300 decimal places, so the anomaly_score is provided as a human-readable and friendly interpretation of this.

      • raw_anomaly_score number Required

        Internal.

      • result_type string Required

        Internal. This value is always set to bucket_influencer.

      • timestamp number

        Time unit for milliseconds

      • timestamp_string string
    • bucket_span number

      Time unit for seconds

    • event_count number Required

      The number of input data records processed in this bucket.

    • initial_anomaly_score number Required

      The maximum anomaly score for any of the bucket influencers. This is the initial value that was calculated at the time the bucket was processed.

    • is_interim boolean Required

      If true, this is an interim result. In other words, the results are calculated based on partial input data.

    • job_id string Required
    • processing_time_ms number

      Time unit for milliseconds

    • result_type string Required

      Internal. This value is always set to bucket.

    • timestamp number

      Time unit for milliseconds

    • timestamp_string string | number

      A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.

      One of:

      DateTime string EpochTimeUnitMillis number

      Time unit for milliseconds

  • count number Required