Updates certain properties of an anomaly detection job. ##Required authorization
- Cluster privileges:
manage_ml
Body
Required
-
Advanced configuration option. Specifies whether this job can open when there is insufficient machine learning node capacity for it to be immediately assigned to a node. If
falseand a machine learning node with capacity to run the job cannot immediately be found, the open anomaly detection jobs API returns an error. However, this is also subject to the cluster-widexpack.ml.max_lazy_ml_nodessetting. If this option is set totrue, the open anomaly detection jobs API does not return an error and the job waits in the opening state until sufficient machine learning node capacity is available. -
Hide analysis_limits attribute Show analysis_limits attribute object
-
A duration. Units can be
nanos,micros,ms(milliseconds),s(seconds),m(minutes),h(hours) andd(days). Also accepts "0" without a unit and "-1" to indicate an unspecified value. -
Advanced configuration option. Contains custom meta data about the job. For example, it can contain custom URL information as shown in Adding custom URLs to machine learning results.
-
A description of the job.
-
Hide model_plot_config attributes Show model_plot_config attributes object
-
If true, enables calculation and storage of the model change annotations for each entity that is being analyzed.
-
If true, enables calculation and storage of the model bounds for each entity that is being analyzed.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
A duration. Units can be
nanos,micros,ms(milliseconds),s(seconds),m(minutes),h(hours) andd(days). Also accepts "0" without a unit and "-1" to indicate an unspecified value. -
Advanced configuration option, which affects the automatic removal of old model snapshots for this job. It specifies a period of time (in days) after which only the first snapshot per day is retained. This period is relative to the timestamp of the most recent snapshot for this job. Valid values range from 0 to
model_snapshot_retention_days. For jobs created before version 7.8.0, the default value matchesmodel_snapshot_retention_days. -
Advanced configuration option, which affects the automatic removal of old model snapshots for this job. It specifies the maximum period of time (in days) that snapshots are retained. This period is relative to the timestamp of the most recent snapshot for this job.
-
Advanced configuration option. The period over which adjustments to the score are applied, as new data is seen.
-
Advanced configuration option. The period of time (in days) that results are retained. Age is calculated relative to the timestamp of the latest bucket result. If this property has a non-null value, once per day at 00:30 (server time), results that are the specified number of days older than the latest bucket result are deleted from Elasticsearch. The default value is null, which means all results are retained.
-
A list of job groups. A job can belong to no groups or many.
-
An array of detector update objects.
Hide detectors attributes Show detectors attributes object
-
A unique identifier for the detector. This identifier is based on the order of the detectors in the
analysis_config, starting at zero. -
A description of the detector.
-
An array of custom rule objects, which enable you to customize the way detectors operate. For example, a rule may dictate to the detector conditions under which results should be skipped. Kibana refers to custom rules as job rules.
Hide custom_rules attributes Show custom_rules attributes object
-
The set of actions to be triggered when the rule applies. If more than one action is specified the effects of all actions are combined.
Values are
skip_resultorskip_model_update. -
An array of numeric conditions when the rule applies. A rule must either have a non-empty scope or at least one condition. Multiple conditions are combined together with a logical AND.
-
A scope of series where the rule applies. A rule must either have a non-empty scope or at least one condition. By default, the scope includes all series. Scoping is allowed for any of the fields that are also specified in
by_field_name,over_field_name, orpartition_field_name.
-
-
-
Hide per_partition_categorization attributes Show per_partition_categorization attributes object
-
To enable this setting, you must also set the
partition_field_nameproperty to the same value in every detector that uses the keywordmlcategory. Otherwise, job creation fails. -
This setting can be set to true only if per-partition categorization is enabled. If true, both categorization and subsequent anomaly detection stops for partitions where the categorization status changes to warn. This setting makes it viable to have a job where it is expected that categorization works well for some partitions but not others; you do not pay the cost of bad categorization forever in the partitions where it works badly.
-
Responses
-
Hide response attributes Show response attributes object
-
Hide analysis_config attributes Show analysis_config attributes object
-
A duration. Units can be
nanos,micros,ms(milliseconds),s(seconds),m(minutes),h(hours) andd(days). Also accepts "0" without a unit and "-1" to indicate an unspecified value. categorization_analyzer
string | object One of: Hide attributes Show attributes
-
One or more character filters. In addition to the built-in character filters, other plugins can provide more character filters. If this property is not specified, no character filters are applied prior to categorization. If you are customizing some other aspect of the analyzer and you need to achieve the equivalent of
categorization_filters(which are not permitted when some other aspect of the analyzer is customized), add them here as pattern replace character filters. -
One or more token filters. In addition to the built-in token filters, other plugins can provide more token filters. If this property is not specified, no token filters are applied prior to categorization.
-
External documentation
-
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
If
categorization_field_nameis specified, you can also define optional filters. This property expects an array of regular expressions. The expressions are used to filter out matching sequences from the categorization field values. -
An array of detector configuration objects. Detector configuration objects specify which data fields a job analyzes. They also specify which analytical functions are used. You can specify multiple detectors for a job.
Hide detectors attributes Show detectors attributes object
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
An array of custom rule objects, which enable you to customize the way detectors operate. For example, a rule may dictate to the detector conditions under which results should be skipped. Kibana refers to custom rules as job rules.
Hide custom_rules attributes Show custom_rules attributes object
-
The set of actions to be triggered when the rule applies. If more than one action is specified the effects of all actions are combined.
Values are
skip_resultorskip_model_update. -
An array of numeric conditions when the rule applies. A rule must either have a non-empty scope or at least one condition. Multiple conditions are combined together with a logical AND.
-
A scope of series where the rule applies. A rule must either have a non-empty scope or at least one condition. By default, the scope includes all series. Scoping is allowed for any of the fields that are also specified in
by_field_name,over_field_name, orpartition_field_name.
-
-
A description of the detector.
-
A unique identifier for the detector. This identifier is based on the order of the detectors in the
analysis_config, starting at zero. -
Values are
all,none,by, orover. -
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
The analysis function that is used. For example,
count,rare,mean,min,max, andsum. -
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
Defines whether a new series is used as the null series when there is no value for the by or partition fields.
-
-
A comma separated list of influencer field names. Typically these can be the by, over, or partition fields that are used in the detector configuration. You might also want to use a field name that is not specifically named in a detector, but is available as part of the input data. When you use multiple detectors, the use of influencers is recommended as it aggregates results for each influencer entity.
-
A duration. Units can be
nanos,micros,ms(milliseconds),s(seconds),m(minutes),h(hours) andd(days). Also accepts "0" without a unit and "-1" to indicate an unspecified value. -
A duration. Units can be
nanos,micros,ms(milliseconds),s(seconds),m(minutes),h(hours) andd(days). Also accepts "0" without a unit and "-1" to indicate an unspecified value. -
This functionality is reserved for internal use. It is not supported for use in customer environments and is not subject to the support SLA of official GA features. If set to
true, the analysis will automatically find correlations between metrics for a given by field value and report anomalies when those correlations cease to hold. -
Hide per_partition_categorization attributes Show per_partition_categorization attributes object
-
To enable this setting, you must also set the
partition_field_nameproperty to the same value in every detector that uses the keywordmlcategory. Otherwise, job creation fails. -
This setting can be set to true only if per-partition categorization is enabled. If true, both categorization and subsequent anomaly detection stops for partitions where the categorization status changes to warn. This setting makes it viable to have a job where it is expected that categorization works well for some partitions but not others; you do not pay the cost of bad categorization forever in the partitions where it works badly.
-
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
Hide analysis_limits attributes Show analysis_limits attributes object
-
The maximum number of examples stored per category in memory and in the results data store. If you increase this value, more examples are available, however it requires that you have more storage available. If you set this value to 0, no examples are stored. NOTE: The
categorization_examples_limitapplies only to analysis that uses categorization.
-
-
A duration. Units can be
nanos,micros,ms(milliseconds),s(seconds),m(minutes),h(hours) andd(days). Also accepts "0" without a unit and "-1" to indicate an unspecified value. -
Time unit for milliseconds
-
Time unit for milliseconds
-
Hide data_description attributes Show data_description attributes object
-
Only JSON format is supported at this time.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
The time format, which can be
epoch,epoch_ms, or a custom pattern. The valueepochrefers to UNIX or Epoch time (the number of seconds since 1 Jan 1970). The valueepoch_msindicates that time is measured in milliseconds since the epoch. Theepochandepoch_mstime formats accept either integer or real values. Custom patterns must conform to the Java DateTimeFormatter class. When you use date-time formatting patterns, it is recommended that you provide the full date, time and time zone. For example:yyyy-MM-dd'T'HH:mm:ssX. If the pattern that you specify is not sufficient to produce a complete timestamp, job creation fails.
-
-
Hide datafeed_config attributes Show datafeed_config attributes object
-
Hide authorization attributes Show authorization attributes object
-
If a user ID was used for the most recent update to the datafeed, its roles at the time of the update are listed in the response.
-
If a service account was used for the most recent update to the datafeed, the account name is listed in the response.
-
Hide chunking_config attributes Show chunking_config attributes object
-
A duration. Units can be
nanos,micros,ms(milliseconds),s(seconds),m(minutes),h(hours) andd(days). Also accepts "0" without a unit and "-1" to indicate an unspecified value. -
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
External documentation Hide query attributes Show query attributes object
-
Hide bool attributes Show bool attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
-
Hide boosting attributes Show boosting attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
Floating point number between 0 and 1.0 used to decrease the relevance scores of documents matching the
negativequery. -
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
-
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
-
-
Hide combined_fields attributes Show combined_fields attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
List of fields to search. Field wildcard patterns are allowed. Only
textfields are supported, and they must all have the same searchanalyzer. -
Text to search for in the provided
fields. Thecombined_fieldsquery analyzes the provided text before performing a search. -
If true, match phrase queries are automatically created for multi-term synonyms.
-
Values are
ororand. -
Values are
noneorall.
-
-
Hide constant_score attributes Show constant_score attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
-
-
Hide dis_max attributes Show dis_max attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
One or more query clauses. Returned documents must match one or more of these queries. If a document matches multiple queries, Elasticsearch uses the highest relevance score.
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
-
Floating point number between 0 and 1.0 used to increase the relevance scores of documents matching multiple query clauses.
-
-
Hide exists attributes Show exists attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
Hide function_score attributes Show function_score attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
Values are
multiply,replace,sum,avg,max, ormin. -
One or more functions that compute a new score for each document returned by the query.
-
Restricts the new score to not exceed the provided limit.
-
Excludes documents that do not meet the provided score threshold.
-
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
-
Values are
multiply,sum,avg,first,max, ormin.
-
-
Returns documents that contain terms similar to the search term, as measured by a Levenshtein edit distance.
External documentation -
Hide geo_bounding_box attributes Show geo_bounding_box attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
Values are
memoryorindexed. -
Values are
coerce,ignore_malformed, orstrict. -
Set to
trueto ignore an unmapped field and not match any documents for this query. Set tofalseto throw an exception if the field is not mapped.
-
-
Hide geo_distance attributes Show geo_distance attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
Values are
arcorplane. -
Values are
coerce,ignore_malformed, orstrict. -
Set to
trueto ignore an unmapped field and not match any documents for this query. Set tofalseto throw an exception if the field is not mapped.
-
-
Matches
geo_pointandgeo_shapevalues that intersect a grid cell from a GeoGrid aggregation. -
Hide geo_polygon attributes Show geo_polygon attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
Values are
coerce,ignore_malformed, orstrict.
-
-
Hide geo_shape attributes Show geo_shape attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
Set to
trueto ignore an unmapped field and not match any documents for this query. Set tofalseto throw an exception if the field is not mapped.
-
-
Hide has_child attributes Show has_child attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
Indicates whether to ignore an unmapped
typeand not return any documents instead of an error. -
Hide inner_hits attributes Show inner_hits attributes object
-
The maximum number of hits to return per
inner_hits. -
Inner hit starting document offset.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
Maximum number of child documents that match the query allowed for a returned parent document. If the parent document exceeds this limit, it is excluded from the search results.
-
Minimum number of child documents that match the query required to match the query for a returned parent document. If the parent document does not meet this limit, it is excluded from the search results.
-
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
-
Values are
none,avg,sum,max, ormin.
-
-
Hide has_parent attributes Show has_parent attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
Indicates whether to ignore an unmapped
parent_typeand not return any documents instead of an error. You can use this parameter to query multiple indices that may not contain theparent_type. -
Hide inner_hits attributes Show inner_hits attributes object
-
The maximum number of hits to return per
inner_hits. -
Inner hit starting document offset.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
-
Indicates whether the relevance score of a matching parent document is aggregated into its child documents.
-
-
Hide ids attributes Show ids attributes object
-
Returns documents based on the order and proximity of matching terms.
External documentation -
Hide knn attributes Show knn attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
The number of nearest neighbor candidates to consider per shard
-
The final number of nearest neighbors to return as top hits
-
The minimum similarity for a vector to be considered a match
-
-
Returns documents that match a provided text, number, date or boolean value. The provided text is analyzed before matching.
External documentation -
Hide match_all attributes Show match_all attributes object
-
Analyzes its input and constructs a
boolquery from the terms. Each term except the last is used in atermquery. The last term is used in a prefix query.External documentation -
Hide match_none attributes Show match_none attributes object
-
Analyzes the text and creates a phrase query out of the analyzed text.
External documentation -
Returns documents that contain the words of a provided text, in the same order as provided. The last term of the provided text is treated as a prefix, matching any words that begin with that term.
External documentation -
Hide more_like_this attributes Show more_like_this attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
The analyzer that is used to analyze the free form text. Defaults to the analyzer associated with the first field in fields.
External documentation -
Each term in the formed query could be further boosted by their tf-idf score. This sets the boost factor to use when using this feature. Defaults to deactivated (0).
-
Controls whether the query should fail (throw an exception) if any of the specified fields are not of the supported types (
textorkeyword). -
A list of fields to fetch and analyze the text from. Defaults to the
index.query.default_fieldindex setting, which has a default value of*. -
Specifies whether the input documents should also be included in the search results returned.
-
The maximum document frequency above which the terms are ignored from the input document.
-
The maximum number of query terms that can be selected.
-
The maximum word length above which the terms are ignored. Defaults to unbounded (
0). -
The minimum document frequency below which the terms are ignored from the input document.
-
The minimum term frequency below which the terms are ignored from the input document.
-
The minimum word length below which the terms are ignored.
stop_words
string | array[string] Language value, such as arabic or thai. Defaults to english. Each language value corresponds to a predefined list of stop words in Lucene. See Stop words by language for supported language values and their stop words. Also accepts an array of stop words.
One of: Values are
_arabic_,_armenian_,_basque_,_bengali_,_brazilian_,_bulgarian_,_catalan_,_cjk_,_czech_,_danish_,_dutch_,_english_,_estonian_,_finnish_,_french_,_galician_,_german_,_greek_,_hindi_,_hungarian_,_indonesian_,_irish_,_italian_,_latvian_,_lithuanian_,_norwegian_,_persian_,_portuguese_,_romanian_,_russian_,_serbian_,_sorani_,_spanish_,_swedish_,_thai_,_turkish_, or_none_.-
Values are
internal,external,external_gte, orforce.
-
-
Hide multi_match attributes Show multi_match attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
Analyzer used to convert the text in the query value into tokens.
-
If
true, match phrase queries are automatically created for multi-term synonyms. -
If
true, edits for fuzzy matching include transpositions of two adjacent characters (for example,abtoba). Can be applied to the term subqueries constructed for all terms but the final term. -
If
true, format-based errors, such as providing a text query value for a numeric field, are ignored. -
Maximum number of terms to which the query will expand.
-
Values are
and,AND,or, orOR. -
Number of beginning characters left unchanged for fuzzy matching.
-
Text, number, boolean value or date you wish to find in the provided field.
-
Maximum number of positions allowed between matching tokens.
-
Determines how scores for each per-term blended query and scores across groups are combined.
-
Values are
best_fields,most_fields,cross_fields,phrase,phrase_prefix, orbool_prefix. -
Values are
allornone.
-
-
Hide nested attributes Show nested attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
Indicates whether to ignore an unmapped path and not return any documents instead of an error.
-
Hide inner_hits attributes Show inner_hits attributes object
-
The maximum number of hits to return per
inner_hits. -
Inner hit starting document offset.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
-
Values are
none,avg,sum,max, ormin.
-
-
Hide parent_id attributes Show parent_id attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
Indicates whether to ignore an unmapped
typeand not return any documents instead of an error.
-
-
Hide percolate attributes Show percolate attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
The source of the document being percolated.
-
An array of sources of the documents being percolated.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
The suffix used for the
_percolator_document_slotfield when multiplepercolatequeries are specified. -
Preference used to fetch document to percolate.
-
-
Hide pinned attributes Show pinned attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
-
Document IDs listed in the order they are to appear in results. Required if
docsis not specified. -
Documents listed in the order they are to appear in results. Required if
idsis not specified.
-
-
Returns documents that contain a specific prefix in a provided field.
External documentation -
Hide query_string attributes Show query_string attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
If
true, the wildcard characters*and?are allowed as the first character of the query string. -
Analyzer used to convert text in the query string into tokens.
-
If
true, the query attempts to analyze wildcard terms in the query string. -
If
true, match phrase queries are automatically created for multi-term synonyms. -
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
Values are
and,AND,or, orOR. -
If
true, enable position increments in queries constructed from aquery_stringsearch. -
Array of fields to search. Supports wildcards (
*). -
Maximum number of terms to which the query expands for fuzzy matching.
-
Number of beginning characters left unchanged for fuzzy matching.
-
If
true, edits for fuzzy matching include transpositions of two adjacent characters (for example,abtoba). -
If
true, format-based errors, such as providing a text value for a numeric field, are ignored. -
Maximum number of automaton states required for the query.
-
Maximum number of positions allowed between matching tokens for phrases.
-
Query string you wish to parse and use for search.
-
Analyzer used to convert quoted text in the query string into tokens. For quoted text, this parameter overrides the analyzer specified in the
analyzerparameter. -
Suffix appended to quoted text in the query string. You can use this suffix to use a different analysis method for exact matches.
-
How to combine the queries generated from the individual search terms in the resulting
dis_maxquery. -
Values are
best_fields,most_fields,cross_fields,phrase,phrase_prefix, orbool_prefix.
-
-
Returns documents that contain terms within a provided range.
External documentation -
Hide rank_feature attributes Show rank_feature attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
Returns documents that contain terms matching a regular expression.
External documentation -
Hide rule attributes Show rule attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
-
-
Hide script attributes Show script attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
-
Hide script_score attributes Show script_score attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
Documents with a score lower than this floating point number are excluded from the search results.
-
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
-
-
Hide semantic attributes Show semantic attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
The field to query, which must be a semantic_text field type
-
The query text
-
-
Hide shape attributes Show shape attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
When set to
truethe query ignores an unmapped field and will not match any documents.
-
-
Hide simple_query_string attributes Show simple_query_string attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
Analyzer used to convert text in the query string into tokens.
-
If
true, the query attempts to analyze wildcard terms in the query string. -
If
true, the parser creates a match_phrase query for each multi-position token. -
Values are
and,AND,or, orOR. -
Array of fields you wish to search. Accepts wildcard expressions. You also can boost relevance scores for matches to particular fields using a caret (
^) notation. Defaults to theindex.query.default_field indexsetting, which has a default value of*. -
Maximum number of terms to which the query expands for fuzzy matching.
-
Number of beginning characters left unchanged for fuzzy matching.
-
If
true, edits for fuzzy matching include transpositions of two adjacent characters (for example,abtoba). -
If
true, format-based errors, such as providing a text value for a numeric field, are ignored. -
Query string in the simple query string syntax you wish to parse and use for search.
-
Suffix appended to quoted text in the query string.
-
-
Hide span_containing attributes Show span_containing attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
-
Hide span_field_masking attributes Show span_field_masking attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
-
Hide span_first attributes Show span_first attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
Controls the maximum end position permitted in a match.
-
-
Hide span_multi attributes Show span_multi attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
An Elasticsearch Query DSL (Domain Specific Language) object that defines a query.
-
-
Hide span_near attributes Show span_near attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
Array of one or more other span type queries.
-
Controls whether matches are required to be in-order.
-
Controls the maximum number of intervening unmatched positions permitted.
-
-
Hide span_not attributes Show span_not attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
The number of tokens from within the include span that can’t have overlap with the exclude span. Equivalent to setting both
preandpost. -
The number of tokens after the include span that can’t have overlap with the exclude span.
-
The number of tokens before the include span that can’t have overlap with the exclude span.
-
-
Hide span_or attributes Show span_or attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
Array of one or more other span type queries.
-
-
Matches spans containing a term.
External documentation -
Hide span_within attributes Show span_within attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
-
Hide sparse_vector attributes Show sparse_vector attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
The query text you want to use for search. If inference_id is specified, query must also be specified.
-
Whether to perform pruning, omitting the non-significant tokens from the query to improve query performance. If prune is true but the pruning_config is not specified, pruning will occur but default values will be used. Default: false
-
Dictionary of precomputed sparse vectors and their associated weights. Only one of inference_id or query_vector may be supplied in a request.
-
-
Returns documents that contain an exact term in a provided field. To return a document, the query term must exactly match the queried field's value, including whitespace and capitalization.
External documentation -
Hide terms attributes Show terms attributes object
-
Returns documents that contain a minimum number of exact terms in a provided field. To return a document, a required number of terms must exactly match the field values, including whitespace and capitalization.
External documentation -
Uses a natural language processing model to convert the query text into a list of token-weight pairs which are then used in a query against a sparse vector or rank features field.
External documentation -
Supports returning text_expansion query results by sending in precomputed tokens with the query.
External documentation -
Returns documents that contain terms matching a wildcard pattern.
External documentation -
Hide wrapper attributes Show wrapper attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
A base64 encoded query. The binary data format can be any of JSON, YAML, CBOR or SMILE encodings
-
-
Hide type attributes Show type attributes object
-
Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.
-
-
-
A duration. Units can be
nanos,micros,ms(milliseconds),s(seconds),m(minutes),h(hours) andd(days). Also accepts "0" without a unit and "-1" to indicate an unspecified value. -
Hide script_fields attribute Show script_fields attribute object
-
Hide * attributes Show * attributes object
-
-
Hide delayed_data_check_config attributes Show delayed_data_check_config attributes object
-
Hide runtime_mappings attribute Show runtime_mappings attribute object
-
Hide * attributes Show * attributes object
-
For type
composite -
For type
lookup -
A custom format for
datetype runtime fields. -
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
Hide script attributes Show script attributes object
-
Values are
boolean,composite,date,double,geo_point,geo_shape,ip,keyword,long, orlookup.
-
-
-
Hide indices_options attributes Show indices_options attributes object
-
If false, the request returns an error if any wildcard expression, index alias, or
_allvalue targets only missing or closed indices. This behavior applies even if the request targets other open indices. For example, a request targetingfoo*,bar*returns an error if an index starts withfoobut no index starts withbar. -
If true, missing or closed indices are not included in the response.
-
If true, concrete, expanded or aliased indices are ignored when frozen.
-
-
Hide model_plot_config attributes Show model_plot_config attributes object
-
If true, enables calculation and storage of the model change annotations for each entity that is being analyzed.
-
If true, enables calculation and storage of the model bounds for each entity that is being analyzed.
-
Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.
-
POST _ml/anomaly_detectors/low_request_rate/_update
{
"description":"An updated job",
"detectors": {
"detector_index": 0,
"description": "An updated detector description"
},
"groups": ["kibana_sample_data","kibana_sample_web_logs"],
"model_plot_config": {
"enabled": true
},
"renormalization_window_days": 30,
"background_persist_interval": "2h",
"model_snapshot_retention_days": 7,
"results_retention_days": 60
}curl \
--request POST 'http://api.example.com/_ml/anomaly_detectors/{job_id}/_update' \
--header "Content-Type: application/json" \
--data '"{\n \"description\":\"An updated job\",\n \"detectors\": {\n \"detector_index\": 0,\n \"description\": \"An updated detector description\"\n },\n \"groups\": [\"kibana_sample_data\",\"kibana_sample_web_logs\"],\n \"model_plot_config\": {\n \"enabled\": true\n },\n \"renormalization_window_days\": 30,\n \"background_persist_interval\": \"2h\",\n \"model_snapshot_retention_days\": 7,\n \"results_retention_days\": 60\n}"'{
"description":"An updated job",
"detectors": {
"detector_index": 0,
"description": "An updated detector description"
},
"groups": ["kibana_sample_data","kibana_sample_web_logs"],
"model_plot_config": {
"enabled": true
},
"renormalization_window_days": 30,
"background_persist_interval": "2h",
"model_snapshot_retention_days": 7,
"results_retention_days": 60
}