Create Jobs API

This API enables you to instantiate a job.


PUT _xpack/ml/anomaly_detectors/<job_id>

Path Parameters

job_id (required)
(string) Identifier for the job. This identifier can contain lowercase alphanumeric characters (a-z and 0-9), hyphens, and underscores. It must start and end with alphanumeric characters.

Request Body

(object) The analysis configuration, which specifies how to analyze the data. See analysis configuration objects.
(object) Specifies runtime limits for the job. See analysis limits.
(time units) Advanced configuration option. The time between each periodic persistence of the model. See Job Resources.
(object) Advanced configuration option. Contains custom meta data about the job. See Job Resources.
data_description (required)
(object) Describes the format of the input data. This object is required, but it can be empty ({}). See data description objects.
(string) A description of the job.
(array of strings) A list of job groups. See Job Resources.
(object) Advanced configuration option. Specifies to store model information along with the results. This adds overhead to the performance of the system and is not feasible for jobs with many entities, see Model Plot Config.
(long) The time in days that model snapshots are retained for the job. Older snapshots are deleted. The default value is 1, which means snapshots are retained for one day (twenty-four hours).
(long) Advanced configuration option. The period over which adjustments to the score are applied, as new data is seen. See Job Resources.
(string) A text string that affects the name of the machine learning results index. The default value is shared, which generates an index named .ml-anomalies-shared.
(long) Advanced configuration option. The number of days for which job results are retained. See Job Resources.


You must have manage_ml, or manage cluster privileges to use this API. For more information, see Security Privileges.


The following example creates the total-requests job:

PUT _xpack/ml/anomaly_detectors/total-requests
  "description" : "Total sum of requests",
  "analysis_config" : {
    "detectors": [
        "detector_description": "Sum of total",
        "function": "sum",
        "field_name": "total"
  "data_description" : {
    "time_format": "epoch_ms"

When the job is created, you receive the following results:

  "job_id": "total-requests",
  "job_type": "anomaly_detector",
  "job_version": "6.2.2",
  "description": "Total sum of requests",
  "create_time": 1518550271488,
  "analysis_config": {
    "bucket_span": "10m",
    "detectors": [
        "detector_description": "Sum of total",
        "function": "sum",
        "field_name": "total",
        "rules": [],
        "detector_index": 0
    "influencers": []
  "analysis_limits": {
    "model_memory_limit": "1024mb"
  "data_description": {
    "time_field": "timestamp",
    "time_format": "epoch_ms"
  "model_snapshot_retention_days": 1,
  "results_index_name": "shared"