Preview a datafeed

GET /_ml/datafeeds/{datafeed_id}/_preview

This API returns the first "page" of search results from a datafeed. You can preview an existing datafeed or provide configuration details for a datafeed and anomaly detection job in the API. The preview shows the structure of the data that will be passed to the anomaly detection engine. IMPORTANT: When Elasticsearch security features are enabled, the preview uses the credentials of the user that called the API. However, when the datafeed starts it uses the roles of the last user that created or updated the datafeed. To get a preview that accurately reflects the behavior of the datafeed, use the appropriate credentials. You can also use secondary authorization headers to supply the credentials.

Path parameters

  • datafeed_id string Required

    A numerical character string that uniquely identifies the datafeed. This identifier can contain lowercase alphanumeric characters (a-z and 0-9), hyphens, and underscores. It must start and end with alphanumeric characters. NOTE: If you use this path parameter, you cannot provide datafeed or anomaly detection job configuration details in the request body.

Query parameters

  • start string | number

    The start time from where the datafeed preview should begin

  • end string | number

    The end time when the datafeed preview should stop

application/json

Body

  • datafeed_config object
    Hide datafeed_config attributes Show datafeed_config attributes object
    • aggregations object

      If set, the datafeed performs aggregation searches. Support for aggregations is limited and should be used only with low cardinality data.

    • chunking_config object
      Hide chunking_config attributes Show chunking_config attributes object
      • mode string Required

        Values are auto, manual, or off.

      • time_span string

        A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

    • datafeed_id string
    • delayed_data_check_config object
      Hide delayed_data_check_config attributes Show delayed_data_check_config attributes object
      • check_window string

        A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

      • enabled boolean Required

        Specifies whether the datafeed periodically checks for delayed data.

    • frequency string

      A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

    • indices string | array[string]
    • indices_options object
      Hide indices_options attributes Show indices_options attributes object
      • allow_no_indices boolean

        If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices. This behavior applies even if the request targets other open indices. For example, a request targeting foo*,bar* returns an error if an index starts with foo but no index starts with bar.

      • expand_wildcards string | array[string]
      • ignore_unavailable boolean

        If true, missing or closed indices are not included in the response.

      • ignore_throttled boolean

        If true, concrete, expanded or aliased indices are ignored when frozen.

    • job_id string
    • max_empty_searches number

      If a real-time datafeed has never seen any data (including during any initial training period) then it will automatically stop itself and close its associated job after this many real-time searches that return no documents. In other words, it will stop after frequency times max_empty_searches of real-time operation. If not set then a datafeed with no end time that sees no data will remain started until it is explicitly stopped.

    • query object
      Hide query attributes Show query attributes object
      • bool object
        Hide bool attributes Show bool attributes object
      • boosting object
        Hide boosting attributes Show boosting attributes object
        • boost number

          Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

        • _name string
        • negative_boost number Required

          Floating point number between 0 and 1.0 used to decrease the relevance scores of documents matching the negative query.

        • negative object Required
        • positive object Required
      • common object Deprecated
      • combined_fields object
        Hide combined_fields attributes Show combined_fields attributes object
      • constant_score object
        Hide constant_score attributes Show constant_score attributes object
        • boost number

          Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

        • _name string
        • filter object Required
      • dis_max object
        Hide dis_max attributes Show dis_max attributes object
        • boost number

          Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

        • _name string
        • queries array[object] Required

          One or more query clauses. Returned documents must match one or more of these queries. If a document matches multiple queries, Elasticsearch uses the highest relevance score.

        • tie_breaker number

          Floating point number between 0 and 1.0 used to increase the relevance scores of documents matching multiple query clauses.

      • distance_feature object

        One of:
        query_dsl:UntypedDistanceFeatureQuery object query_dsl:GeoDistanceFeatureQuery object query_dsl:DateDistanceFeatureQuery object
      • exists object
        Hide exists attributes Show exists attributes object
        • boost number

          Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

        • _name string
        • field string Required

          Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

      • function_score object
        Hide function_score attributes Show function_score attributes object
        • boost number

          Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

        • _name string
        • boost_mode string

          Values are multiply, replace, sum, avg, max, or min.

        • functions array[object]

          One or more functions that compute a new score for each document returned by the query.

        • max_boost number

          Restricts the new score to not exceed the provided limit.

        • min_score number

          Excludes documents that do not meet the provided score threshold.

        • query object
        • score_mode string

          Values are multiply, sum, avg, first, max, or min.

      • fuzzy object

        Returns documents that contain terms similar to the search term, as measured by a Levenshtein edit distance.

      • geo_bounding_box object
        Hide geo_bounding_box attributes Show geo_bounding_box attributes object
        • boost number

          Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

        • _name string
        • type string

          Values are memory or indexed.

        • validation_method string

          Values are coerce, ignore_malformed, or strict.

        • ignore_unmapped boolean

          Set to true to ignore an unmapped field and not match any documents for this query. Set to false to throw an exception if the field is not mapped.

      • geo_distance object
        Hide geo_distance attributes Show geo_distance attributes object
        • boost number

          Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

        • _name string
        • distance string Required
        • distance_type string

          Values are arc or plane.

        • validation_method string

          Values are coerce, ignore_malformed, or strict.

        • ignore_unmapped boolean

          Set to true to ignore an unmapped field and not match any documents for this query. Set to false to throw an exception if the field is not mapped.

      • geo_polygon object
        Hide geo_polygon attributes Show geo_polygon attributes object
        • boost number

          Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

        • _name string
        • validation_method string

          Values are coerce, ignore_malformed, or strict.

        • ignore_unmapped boolean
      • geo_shape object
        Hide geo_shape attributes Show geo_shape attributes object
        • boost number

          Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

        • _name string
        • ignore_unmapped boolean

          Set to true to ignore an unmapped field and not match any documents for this query. Set to false to throw an exception if the field is not mapped.

      • has_child object
        Hide has_child attributes Show has_child attributes object
      • has_parent object
        Hide has_parent attributes Show has_parent attributes object
      • ids object
        Hide ids attributes Show ids attributes object
      • intervals object

        Returns documents based on the order and proximity of matching terms.

      • knn object
        Hide knn attributes Show knn attributes object
        • boost number

          Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

        • _name string
        • field string Required

          Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

        • query_vector array[number]
        • query_vector_builder object
          Hide query_vector_builder attribute Show query_vector_builder attribute object
        • num_candidates number

          The number of nearest neighbor candidates to consider per shard

        • k number

          The final number of nearest neighbors to return as top hits

        • filter object | array[object]

          Filters for the kNN search query

          One of:
          query_dsl:QueryContainer object array-2 array[object]
        • similarity number

          The minimum similarity for a vector to be considered a match

      • match object

        Returns documents that match a provided text, number, date or boolean value. The provided text is analyzed before matching.

      • match_all object
        Hide match_all attributes Show match_all attributes object
        • boost number

          Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

        • _name string
      • match_bool_prefix object

        Analyzes its input and constructs a bool query from the terms. Each term except the last is used in a term query. The last term is used in a prefix query.

      • match_none object
        Hide match_none attributes Show match_none attributes object
        • boost number

          Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

        • _name string
      • match_phrase object

        Analyzes the text and creates a phrase query out of the analyzed text.

      • match_phrase_prefix object

        Returns documents that contain the words of a provided text, in the same order as provided. The last term of the provided text is treated as a prefix, matching any words that begin with that term.

      • more_like_this object
        Hide more_like_this attributes Show more_like_this attributes object
      • multi_match object
        Hide multi_match attributes Show multi_match attributes object
      • nested object
        Hide nested attributes Show nested attributes object
      • parent_id object
        Hide parent_id attributes Show parent_id attributes object
        • boost number

          Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

        • _name string
        • id string
        • ignore_unmapped boolean

          Indicates whether to ignore an unmapped type and not return any documents instead of an error.

        • type string
      • percolate object
        Hide percolate attributes Show percolate attributes object
        • boost number

          Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

        • _name string
        • document object

          The source of the document being percolated.

        • documents array[object]

          An array of sources of the documents being percolated.

        • field string Required

          Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

        • id string
        • index string
        • name string

          The suffix used for the _percolator_document_slot field when multiple percolate queries are specified.

        • preference string

          Preference used to fetch document to percolate.

        • routing string
        • version number
      • pinned object
        Hide pinned attributes Show pinned attributes object
        • boost number

          Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

        • _name string
        • organic object Required
        • ids array[string]

          Document IDs listed in the order they are to appear in results. Required if docs is not specified.

        • docs array[object]

          Documents listed in the order they are to appear in results. Required if ids is not specified.

      • prefix object

        Returns documents that contain a specific prefix in a provided field.

      • query_string object
        Hide query_string attributes Show query_string attributes object
      • range object

        Returns documents that contain terms within a provided range.

      • rank_feature object
        Hide rank_feature attributes Show rank_feature attributes object
        • boost number

          Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

        • _name string
        • field string Required

          Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

        • saturation object
          Hide saturation attribute Show saturation attribute object
          • pivot number

            Configurable pivot value so that the result will be less than 0.5.

        • log object
          Hide log attribute Show log attribute object
        • linear object
        • sigmoid object
          Hide sigmoid attributes Show sigmoid attributes object
          • pivot number Required

            Configurable pivot value so that the result will be less than 0.5.

          • exponent number Required

            Configurable Exponent.

      • regexp object

        Returns documents that contain terms matching a regular expression.

      • rule object
        Hide rule attributes Show rule attributes object
        • boost number

          Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

        • _name string
        • organic object Required
        • ruleset_ids array[string] Required
        • match_criteria object Required
      • script object
        Hide script attributes Show script attributes object
      • script_score object
        Hide script_score attributes Show script_score attributes object
        • boost number

          Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

        • _name string
        • min_score number

          Documents with a score lower than this floating point number are excluded from the search results.

        • query object Required
        • script object Required
          Hide script attributes Show script attributes object
      • semantic object
        Hide semantic attributes Show semantic attributes object
        • boost number

          Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

        • _name string
        • field string Required

          The field to query, which must be a semantic_text field type

        • query string Required

          The query text

      • shape object
        Hide shape attributes Show shape attributes object
        • boost number

          Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

        • _name string
        • ignore_unmapped boolean

          When set to true the query ignores an unmapped field and will not match any documents.

      • simple_query_string object
        Hide simple_query_string attributes Show simple_query_string attributes object
        • boost number

          Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

        • _name string
        • analyzer string

          Analyzer used to convert text in the query string into tokens.

        • analyze_wildcard boolean

          If true, the query attempts to analyze wildcard terms in the query string.

        • auto_generate_synonyms_phrase_query boolean

          If true, the parser creates a match_phrase query for each multi-position token.

        • default_operator string

          Values are and, AND, or, or OR.

        • fields array[string]

          Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

        • flags string

          Query flags can be either a single flag or a combination of flags, e.g. OR|AND|PREFIX

          One of:
          query_dsl:SimpleQueryStringFlags string query_dsl:SimpleQueryStringFlags string

          Query flags can be either a single flag or a combination of flags, e.g. OR|AND|PREFIX

          Values are NONE, AND, NOT, OR, PREFIX, PHRASE, PRECEDENCE, ESCAPE, WHITESPACE, FUZZY, NEAR, SLOP, or ALL.

          Query flags can be either a single flag or a combination of flags, e.g. OR|AND|PREFIX

        • fuzzy_max_expansions number

          Maximum number of terms to which the query expands for fuzzy matching.

        • fuzzy_prefix_length number

          Number of beginning characters left unchanged for fuzzy matching.

        • fuzzy_transpositions boolean

          If true, edits for fuzzy matching include transpositions of two adjacent characters (for example, ab to ba).

        • lenient boolean

          If true, format-based errors, such as providing a text value for a numeric field, are ignored.

        • minimum_should_match number | string

          The minimum number of terms that should match as integer, percentage or range

          One of:
          _types:MinimumShouldMatch number _types:MinimumShouldMatch string
        • query string Required

          Query string in the simple query string syntax you wish to parse and use for search.

        • quote_field_suffix string

          Suffix appended to quoted text in the query string.

      • span_containing object
        Hide span_containing attributes Show span_containing attributes object
      • span_field_masking object
        Hide span_field_masking attributes Show span_field_masking attributes object
      • span_first object
        Hide span_first attributes Show span_first attributes object
      • span_multi object
        Hide span_multi attributes Show span_multi attributes object
        • boost number

          Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

        • _name string
        • match object Required
      • span_near object
        Hide span_near attributes Show span_near attributes object
        • boost number

          Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

        • _name string
        • clauses array[object] Required

          Array of one or more other span type queries.

          Hide clauses attributes Show clauses attributes object
        • in_order boolean

          Controls whether matches are required to be in-order.

        • slop number

          Controls the maximum number of intervening unmatched positions permitted.

      • span_not object
        Hide span_not attributes Show span_not attributes object
      • span_or object
        Hide span_or attributes Show span_or attributes object
      • span_term object

        Matches spans containing a term.

      • span_within object
        Hide span_within attributes Show span_within attributes object
      • sparse_vector object
        Hide sparse_vector attributes Show sparse_vector attributes object
        • boost number

          Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

        • _name string
        • field string Required

          Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

        • query string

          The query text you want to use for search. If inference_id is specified, query must also be specified.

        • prune boolean

          Whether to perform pruning, omitting the non-significant tokens from the query to improve query performance. If prune is true but the pruning_config is not specified, pruning will occur but default values will be used. Default: false

        • pruning_config object
          Hide pruning_config attributes Show pruning_config attributes object
          • tokens_freq_ratio_threshold number

            Tokens whose frequency is more than this threshold times the average frequency of all tokens in the specified field are considered outliers and pruned.

          • tokens_weight_threshold number

            Tokens whose weight is less than this threshold are considered nonsignificant and pruned.

          • only_score_pruned_tokens boolean

            Whether to only score pruned tokens, vs only scoring kept tokens.

        • query_vector object

          Dictionary of precomputed sparse vectors and their associated weights. Only one of inference_id or query_vector may be supplied in a request.

          Hide query_vector attributes Show query_vector attributes object
        • inference_id string
      • term object

        Returns documents that contain an exact term in a provided field. To return a document, the query term must exactly match the queried field's value, including whitespace and capitalization.

      • terms object
        Hide terms attributes Show terms attributes object
        • boost number

          Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

        • _name string
      • terms_set object

        Returns documents that contain a minimum number of exact terms in a provided field. To return a document, a required number of terms must exactly match the field values, including whitespace and capitalization.

      • text_expansion object Deprecated

        Uses a natural language processing model to convert the query text into a list of token-weight pairs which are then used in a query against a sparse vector or rank features field.

      • weighted_tokens object Deprecated

        Supports returning text_expansion query results by sending in precomputed tokens with the query.

      • wildcard object

        Returns documents that contain terms matching a wildcard pattern.

      • wrapper object
        Hide wrapper attributes Show wrapper attributes object
        • boost number

          Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

        • _name string
        • query string Required

          A base64 encoded query. The binary data format can be any of JSON, YAML, CBOR or SMILE encodings

      • type object
        Hide type attributes Show type attributes object
        • boost number

          Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

        • _name string
        • value string Required
    • query_delay string

      A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

    • runtime_mappings object
      Hide runtime_mappings attributes Show runtime_mappings attributes object
    • script_fields object
      Hide script_fields attributes Show script_fields attributes object
    • scroll_size number

      The size parameter that is used in Elasticsearch searches when the datafeed does not use aggregations. The maximum value is the value of index.max_result_window, which is 10,000 by default.

  • job_config object
    Hide job_config attributes Show job_config attributes object
    • allow_lazy_open boolean

      Advanced configuration option. Specifies whether this job can open when there is insufficient machine learning node capacity for it to be immediately assigned to a node.

    • analysis_config object Required
      Hide analysis_config attributes Show analysis_config attributes object
      • bucket_span string

        A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

      • categorization_analyzer string | object

        One of:
        _types:CategorizationAnalyzer string _types:CategorizationAnalyzerDefinition object
      • categorization_field_name string

        Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

      • categorization_filters array[string]

        If categorization_field_name is specified, you can also define optional filters. This property expects an array of regular expressions. The expressions are used to filter out matching sequences from the categorization field values. You can use this functionality to fine tune the categorization by excluding sequences from consideration when categories are defined. For example, you can exclude SQL statements that appear in your log files. This property cannot be used at the same time as categorization_analyzer. If you only want to define simple regular expression filters that are applied prior to tokenization, setting this property is the easiest method. If you also want to customize the tokenizer or post-tokenization filtering, use the categorization_analyzer property instead and include the filters as pattern_replace character filters. The effect is exactly the same.

      • detectors array[object] Required

        Detector configuration objects specify which data fields a job analyzes. They also specify which analytical functions are used. You can specify multiple detectors for a job. If the detectors array does not contain at least one detector, no analysis can occur and an error is returned.

        Hide detectors attributes Show detectors attributes object
        • by_field_name string

          Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

        • custom_rules array[object]

          Custom rules enable you to customize the way detectors operate. For example, a rule may dictate conditions under which results should be skipped. Kibana refers to custom rules as job rules.

          Hide custom_rules attributes Show custom_rules attributes object
          • actions array[string]

            The set of actions to be triggered when the rule applies. If more than one action is specified the effects of all actions are combined.

            Values are skip_result or skip_model_update.

          • conditions array[object]

            An array of numeric conditions when the rule applies. A rule must either have a non-empty scope or at least one condition. Multiple conditions are combined together with a logical AND.

          • scope
        • detector_description string

          A description of the detector.

        • detector_index number

          A unique identifier for the detector. This identifier is based on the order of the detectors in the analysis_config, starting at zero. If you specify a value for this property, it is ignored.

        • exclude_frequent string

          Values are all, none, by, or over.

        • field_name string

          Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

        • function string

          The analysis function that is used. For example, count, rare, mean, min, max, or sum.

        • over_field_name string

          Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

        • partition_field_name string

          Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

        • use_null boolean

          Defines whether a new series is used as the null series when there is no value for the by or partition fields.

      • influencers array[string]

        Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

      • latency string

        A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

      • model_prune_window string

        A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

      • multivariate_by_fields boolean

        This functionality is reserved for internal use. It is not supported for use in customer environments and is not subject to the support SLA of official GA features. If set to true, the analysis will automatically find correlations between metrics for a given by field value and report anomalies when those correlations cease to hold. For example, suppose CPU and memory usage on host A is usually highly correlated with the same metrics on host B. Perhaps this correlation occurs because they are running a load-balanced application. If you enable this property, anomalies will be reported when, for example, CPU usage on host A is high and the value of CPU usage on host B is low. That is to say, you’ll see an anomaly when the CPU of host A is unusual given the CPU of host B. To use the multivariate_by_fields property, you must also specify by_field_name in your detector.

      • per_partition_categorization object
        Hide per_partition_categorization attributes Show per_partition_categorization attributes object
        • enabled boolean

          To enable this setting, you must also set the partition_field_name property to the same value in every detector that uses the keyword mlcategory. Otherwise, job creation fails.

        • stop_on_warn boolean

          This setting can be set to true only if per-partition categorization is enabled. If true, both categorization and subsequent anomaly detection stops for partitions where the categorization status changes to warn. This setting makes it viable to have a job where it is expected that categorization works well for some partitions but not others; you do not pay the cost of bad categorization forever in the partitions where it works badly.

      • summary_count_field_name string

        Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

    • analysis_limits object
      Hide analysis_limits attributes Show analysis_limits attributes object
      • categorization_examples_limit number

        The maximum number of examples stored per category in memory and in the results data store. If you increase this value, more examples are available, however it requires that you have more storage available. If you set this value to 0, no examples are stored. NOTE: The categorization_examples_limit applies only to analysis that uses categorization.

      • model_memory_limit string

        The approximate maximum amount of memory resources that are required for analytical processing. Once this limit is approached, data pruning becomes more aggressive. Upon exceeding this limit, new entities are not modeled. If the xpack.ml.max_model_memory_limit setting has a value greater than 0 and less than 1024mb, that value is used instead of the default. The default value is relatively small to ensure that high resource usage is a conscious decision. If you have jobs that are expected to analyze high cardinality fields, you will likely need to use a higher value. If you specify a number instead of a string, the units are assumed to be MiB. Specifying a string is recommended for clarity. If you specify a byte size unit of b or kb and the number does not equate to a discrete number of megabytes, it is rounded down to the closest MiB. The minimum valid value is 1 MiB. If you specify a value less than 1 MiB, an error occurs. If you specify a value for the xpack.ml.max_model_memory_limit setting, an error occurs when you try to create jobs that have model_memory_limit values greater than that setting value.

    • background_persist_interval string

      A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

    • custom_settings object

      Custom metadata about the job

    • daily_model_snapshot_retention_after_days number

      Advanced configuration option, which affects the automatic removal of old model snapshots for this job. It specifies a period of time (in days) after which only the first snapshot per day is retained. This period is relative to the timestamp of the most recent snapshot for this job.

    • data_description object Required
      Hide data_description attributes Show data_description attributes object
      • format string

        Only JSON format is supported at this time.

      • time_field string

        Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

      • time_format string

        The time format, which can be epoch, epoch_ms, or a custom pattern. The value epoch refers to UNIX or Epoch time (the number of seconds since 1 Jan 1970). The value epoch_ms indicates that time is measured in milliseconds since the epoch. The epoch and epoch_ms time formats accept either integer or real values. Custom patterns must conform to the Java DateTimeFormatter class. When you use date-time formatting patterns, it is recommended that you provide the full date, time and time zone. For example: yyyy-MM-dd'T'HH:mm:ssX. If the pattern that you specify is not sufficient to produce a complete timestamp, job creation fails.

      • field_delimiter string
    • datafeed_config object
      Hide datafeed_config attributes Show datafeed_config attributes object
      • aggregations object

        If set, the datafeed performs aggregation searches. Support for aggregations is limited and should be used only with low cardinality data.

      • chunking_config object
        Hide chunking_config attributes Show chunking_config attributes object
        • mode string Required

          Values are auto, manual, or off.

        • time_span string

          A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

      • datafeed_id string
      • delayed_data_check_config object
        Hide delayed_data_check_config attributes Show delayed_data_check_config attributes object
        • check_window string

          A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

        • enabled boolean Required

          Specifies whether the datafeed periodically checks for delayed data.

      • frequency string

        A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

      • indices string | array[string]
      • indices_options object
        Hide indices_options attributes Show indices_options attributes object
        • allow_no_indices boolean

          If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices. This behavior applies even if the request targets other open indices. For example, a request targeting foo*,bar* returns an error if an index starts with foo but no index starts with bar.

        • expand_wildcards string | array[string]
        • ignore_unavailable boolean

          If true, missing or closed indices are not included in the response.

        • ignore_throttled boolean

          If true, concrete, expanded or aliased indices are ignored when frozen.

      • job_id string
      • max_empty_searches number

        If a real-time datafeed has never seen any data (including during any initial training period) then it will automatically stop itself and close its associated job after this many real-time searches that return no documents. In other words, it will stop after frequency times max_empty_searches of real-time operation. If not set then a datafeed with no end time that sees no data will remain started until it is explicitly stopped.

      • query object
        Hide query attributes Show query attributes object
        • bool object
          Hide bool attributes Show bool attributes object
        • boosting object
          Hide boosting attributes Show boosting attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • negative_boost number Required

            Floating point number between 0 and 1.0 used to decrease the relevance scores of documents matching the negative query.

          • negative object Required
          • positive object Required
        • common object Deprecated
        • combined_fields object
          Hide combined_fields attributes Show combined_fields attributes object
        • constant_score object
          Hide constant_score attributes Show constant_score attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • filter object Required
        • dis_max object
          Hide dis_max attributes Show dis_max attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • queries array[object] Required

            One or more query clauses. Returned documents must match one or more of these queries. If a document matches multiple queries, Elasticsearch uses the highest relevance score.

          • tie_breaker number

            Floating point number between 0 and 1.0 used to increase the relevance scores of documents matching multiple query clauses.

        • distance_feature object

          One of:
          query_dsl:UntypedDistanceFeatureQuery object query_dsl:GeoDistanceFeatureQuery object query_dsl:DateDistanceFeatureQuery object
        • exists object
          Hide exists attributes Show exists attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • field string Required

            Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

        • function_score object
          Hide function_score attributes Show function_score attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • boost_mode string

            Values are multiply, replace, sum, avg, max, or min.

          • functions array[object]

            One or more functions that compute a new score for each document returned by the query.

          • max_boost number

            Restricts the new score to not exceed the provided limit.

          • min_score number

            Excludes documents that do not meet the provided score threshold.

          • query object
          • score_mode string

            Values are multiply, sum, avg, first, max, or min.

        • fuzzy object

          Returns documents that contain terms similar to the search term, as measured by a Levenshtein edit distance.

        • geo_bounding_box object
          Hide geo_bounding_box attributes Show geo_bounding_box attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • type string

            Values are memory or indexed.

          • validation_method string

            Values are coerce, ignore_malformed, or strict.

          • ignore_unmapped boolean

            Set to true to ignore an unmapped field and not match any documents for this query. Set to false to throw an exception if the field is not mapped.

        • geo_distance object
          Hide geo_distance attributes Show geo_distance attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • distance string Required
          • distance_type string

            Values are arc or plane.

          • validation_method string

            Values are coerce, ignore_malformed, or strict.

          • ignore_unmapped boolean

            Set to true to ignore an unmapped field and not match any documents for this query. Set to false to throw an exception if the field is not mapped.

        • geo_polygon object
          Hide geo_polygon attributes Show geo_polygon attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • validation_method string

            Values are coerce, ignore_malformed, or strict.

          • ignore_unmapped boolean
        • geo_shape object
          Hide geo_shape attributes Show geo_shape attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • ignore_unmapped boolean

            Set to true to ignore an unmapped field and not match any documents for this query. Set to false to throw an exception if the field is not mapped.

        • has_child object
          Hide has_child attributes Show has_child attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • ignore_unmapped boolean

            Indicates whether to ignore an unmapped type and not return any documents instead of an error.

          • inner_hits object
            Hide inner_hits attributes Show inner_hits attributes object
          • max_children number

            Maximum number of child documents that match the query allowed for a returned parent document. If the parent document exceeds this limit, it is excluded from the search results.

          • min_children number

            Minimum number of child documents that match the query required to match the query for a returned parent document. If the parent document does not meet this limit, it is excluded from the search results.

          • query object Required
          • score_mode string

            Values are none, avg, sum, max, or min.

          • type string Required
        • has_parent object
          Hide has_parent attributes Show has_parent attributes object
        • ids object
          Hide ids attributes Show ids attributes object
        • intervals object

          Returns documents based on the order and proximity of matching terms.

        • knn object
          Hide knn attributes Show knn attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • field string Required

            Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

          • query_vector array[number]
          • query_vector_builder object
            Hide query_vector_builder attribute Show query_vector_builder attribute object
          • num_candidates number

            The number of nearest neighbor candidates to consider per shard

          • k number

            The final number of nearest neighbors to return as top hits

          • filter object | array[object]

            Filters for the kNN search query

            One of:
            query_dsl:QueryContainer object array-2 array[object]
          • similarity number

            The minimum similarity for a vector to be considered a match

        • match object

          Returns documents that match a provided text, number, date or boolean value. The provided text is analyzed before matching.

        • match_all object
          Hide match_all attributes Show match_all attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
        • match_bool_prefix object

          Analyzes its input and constructs a bool query from the terms. Each term except the last is used in a term query. The last term is used in a prefix query.

        • match_none object
          Hide match_none attributes Show match_none attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
        • match_phrase object

          Analyzes the text and creates a phrase query out of the analyzed text.

        • match_phrase_prefix object

          Returns documents that contain the words of a provided text, in the same order as provided. The last term of the provided text is treated as a prefix, matching any words that begin with that term.

        • more_like_this object
          Hide more_like_this attributes Show more_like_this attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • analyzer string

            The analyzer that is used to analyze the free form text. Defaults to the analyzer associated with the first field in fields.

          • boost_terms number

            Each term in the formed query could be further boosted by their tf-idf score. This sets the boost factor to use when using this feature. Defaults to deactivated (0).

          • fail_on_unsupported_field boolean

            Controls whether the query should fail (throw an exception) if any of the specified fields are not of the supported types (text or keyword).

          • fields array[string]

            Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

          • include boolean

            Specifies whether the input documents should also be included in the search results returned.

          • like array[string | object] Required
          • max_doc_freq number

            The maximum document frequency above which the terms are ignored from the input document.

          • max_query_terms number

            The maximum number of query terms that can be selected.

          • max_word_length number

            The maximum word length above which the terms are ignored. Defaults to unbounded (0).

          • min_doc_freq number

            The minimum document frequency below which the terms are ignored from the input document.

          • minimum_should_match number | string

            The minimum number of terms that should match as integer, percentage or range

            One of:
            _types:MinimumShouldMatch number _types:MinimumShouldMatch string
          • min_term_freq number

            The minimum term frequency below which the terms are ignored from the input document.

          • min_word_length number

            The minimum word length below which the terms are ignored.

          • routing string

          • stop_words string | array[string]

            Language value, such as arabic or thai. Defaults to english. Each language value corresponds to a predefined list of stop words in Lucene. See Stop words by language for supported language values and their stop words. Also accepts an array of stop words.

            One of:
            analysis:StopWords string analysis:StopWords array[string]
          • unlike array[string | object]
          • version number
          • version_type string

            Values are internal, external, external_gte, or force.

        • multi_match object
          Hide multi_match attributes Show multi_match attributes object
        • nested object
          Hide nested attributes Show nested attributes object
        • parent_id object
          Hide parent_id attributes Show parent_id attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • id string
          • ignore_unmapped boolean

            Indicates whether to ignore an unmapped type and not return any documents instead of an error.

          • type string
        • percolate object
          Hide percolate attributes Show percolate attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • document object

            The source of the document being percolated.

          • documents array[object]

            An array of sources of the documents being percolated.

          • field string Required

            Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

          • id string
          • index string
          • name string

            The suffix used for the _percolator_document_slot field when multiple percolate queries are specified.

          • preference string

            Preference used to fetch document to percolate.

          • routing string
          • version number
        • pinned object
          Hide pinned attributes Show pinned attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • organic object Required
          • ids array[string]

            Document IDs listed in the order they are to appear in results. Required if docs is not specified.

          • docs array[object]

            Documents listed in the order they are to appear in results. Required if ids is not specified.

        • prefix object

          Returns documents that contain a specific prefix in a provided field.

        • query_string object
          Hide query_string attributes Show query_string attributes object
        • range object

          Returns documents that contain terms within a provided range.

        • rank_feature object
          Hide rank_feature attributes Show rank_feature attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • field string Required

            Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

          • saturation object
          • log object
          • linear object
          • sigmoid object
        • regexp object

          Returns documents that contain terms matching a regular expression.

        • rule object
          Hide rule attributes Show rule attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • organic object Required
          • ruleset_ids array[string] Required
          • match_criteria object Required
        • script object
          Hide script attributes Show script attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • script object Required
            Hide script attributes Show script attributes object
            • source string

              The script source.

            • id string
            • params object

              Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.

            • lang
            • options object
        • script_score object
          Hide script_score attributes Show script_score attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • min_score number

            Documents with a score lower than this floating point number are excluded from the search results.

          • query object Required
          • script object Required
            Hide script attributes Show script attributes object
            • source string

              The script source.

            • id string
            • params object

              Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.

            • lang
            • options object
        • semantic object
          Hide semantic attributes Show semantic attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • field string Required

            The field to query, which must be a semantic_text field type

          • query string Required

            The query text

        • shape object
          Hide shape attributes Show shape attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • ignore_unmapped boolean

            When set to true the query ignores an unmapped field and will not match any documents.

        • simple_query_string object
          Hide simple_query_string attributes Show simple_query_string attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • analyzer string

            Analyzer used to convert text in the query string into tokens.

          • analyze_wildcard boolean

            If true, the query attempts to analyze wildcard terms in the query string.

          • auto_generate_synonyms_phrase_query boolean

            If true, the parser creates a match_phrase query for each multi-position token.

          • default_operator string

            Values are and, AND, or, or OR.

          • fields array[string]

            Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

          • flags
          • fuzzy_max_expansions number

            Maximum number of terms to which the query expands for fuzzy matching.

          • fuzzy_prefix_length number

            Number of beginning characters left unchanged for fuzzy matching.

          • fuzzy_transpositions boolean

            If true, edits for fuzzy matching include transpositions of two adjacent characters (for example, ab to ba).

          • lenient boolean

            If true, format-based errors, such as providing a text value for a numeric field, are ignored.

          • minimum_should_match number | string

            The minimum number of terms that should match as integer, percentage or range

            One of:
            _types:MinimumShouldMatch number _types:MinimumShouldMatch string
          • query string Required

            Query string in the simple query string syntax you wish to parse and use for search.

          • quote_field_suffix string

            Suffix appended to quoted text in the query string.

        • span_containing object
          Hide span_containing attributes Show span_containing attributes object
        • span_field_masking object
          Hide span_field_masking attributes Show span_field_masking attributes object
        • span_first object
          Hide span_first attributes Show span_first attributes object
        • span_multi object
          Hide span_multi attributes Show span_multi attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • match object Required
        • span_near object
          Hide span_near attributes Show span_near attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • clauses array[object] Required

            Array of one or more other span type queries.

          • in_order boolean

            Controls whether matches are required to be in-order.

          • slop number

            Controls the maximum number of intervening unmatched positions permitted.

        • span_not object
          Hide span_not attributes Show span_not attributes object
        • span_or object
          Hide span_or attributes Show span_or attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • clauses array[object] Required

            Array of one or more other span type queries.

        • span_term object

          Matches spans containing a term.

        • span_within object
          Hide span_within attributes Show span_within attributes object
        • sparse_vector object
          Hide sparse_vector attributes Show sparse_vector attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • field string Required

            Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

          • query string

            The query text you want to use for search. If inference_id is specified, query must also be specified.

          • prune boolean

            Whether to perform pruning, omitting the non-significant tokens from the query to improve query performance. If prune is true but the pruning_config is not specified, pruning will occur but default values will be used. Default: false

          • pruning_config object
          • query_vector object

            Dictionary of precomputed sparse vectors and their associated weights. Only one of inference_id or query_vector may be supplied in a request.

          • inference_id string
        • term object

          Returns documents that contain an exact term in a provided field. To return a document, the query term must exactly match the queried field's value, including whitespace and capitalization.

        • terms object
          Hide terms attributes Show terms attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
        • terms_set object

          Returns documents that contain a minimum number of exact terms in a provided field. To return a document, a required number of terms must exactly match the field values, including whitespace and capitalization.

        • text_expansion object Deprecated

          Uses a natural language processing model to convert the query text into a list of token-weight pairs which are then used in a query against a sparse vector or rank features field.

        • weighted_tokens object Deprecated

          Supports returning text_expansion query results by sending in precomputed tokens with the query.

        • wildcard object

          Returns documents that contain terms matching a wildcard pattern.

        • wrapper object
          Hide wrapper attributes Show wrapper attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • query string Required

            A base64 encoded query. The binary data format can be any of JSON, YAML, CBOR or SMILE encodings

        • type object
          Hide type attributes Show type attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • value string Required
      • query_delay string

        A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

      • runtime_mappings object
        Hide runtime_mappings attributes Show runtime_mappings attributes object
      • script_fields object
        Hide script_fields attributes Show script_fields attributes object
      • scroll_size number

        The size parameter that is used in Elasticsearch searches when the datafeed does not use aggregations. The maximum value is the value of index.max_result_window, which is 10,000 by default.

    • description string

      A description of the job.

    • groups array[string]

      A list of job groups. A job can belong to no groups or many.

    • job_id string
    • job_type string

      Reserved for future use, currently set to anomaly_detector.

    • model_plot_config object
      Hide model_plot_config attributes Show model_plot_config attributes object
      • annotations_enabled boolean

        If true, enables calculation and storage of the model change annotations for each entity that is being analyzed.

      • enabled boolean

        If true, enables calculation and storage of the model bounds for each entity that is being analyzed.

      • terms string

        Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

    • model_snapshot_retention_days number

      Advanced configuration option, which affects the automatic removal of old model snapshots for this job. It specifies the maximum period of time (in days) that snapshots are retained. This period is relative to the timestamp of the most recent snapshot for this job. The default value is 10, which means snapshots ten days older than the newest snapshot are deleted.

    • renormalization_window_days number

      Advanced configuration option. The period over which adjustments to the score are applied, as new data is seen. The default value is the longer of 30 days or 100 bucket_spans.

    • results_index_name string
    • results_retention_days number

      Advanced configuration option. The period of time (in days) that results are retained. Age is calculated relative to the timestamp of the latest bucket result. If this property has a non-null value, once per day at 00:30 (server time), results that are the specified number of days older than the latest bucket result are deleted from Elasticsearch. The default value is null, which means all results are retained. Annotations generated by the system also count as results for retention purposes; they are deleted after the same number of days as results. Annotations added by users are retained forever.

Responses

GET /_ml/datafeeds/{datafeed_id}/_preview 
curl \
 -X GET http://api.example.com/_ml/datafeeds/{datafeed_id}/_preview \
 -H "Content-Type: application/json" \
 -d '{"datafeed_config":{"aggregations":{},"chunking_config":{"mode":"auto","time_span":"string"},"datafeed_id":"string","delayed_data_check_config":{"check_window":"string","enabled":true},"frequency":"string","indices":"string","indices_options":{"allow_no_indices":true,"expand_wildcards":"string","ignore_unavailable":true,"ignore_throttled":true},"job_id":"string","max_empty_searches":42.0,"query":{"":{"boost":42.0,"_name":"string","value":"string"},"common":{},"fuzzy":{},"intervals":{},"match":{},"match_bool_prefix":{},"match_phrase":{},"match_phrase_prefix":{},"prefix":{},"range":{},"regexp":{},"span_term":{},"term":{},"terms_set":{},"text_expansion":{},"weighted_tokens":{},"wildcard":{}},"query_delay":"string","":{"fields":{"type":"boolean"},"fetch_fields":[{"field":"string","format":"string"}],"format":"string","input_field":"string","target_field":"string","target_index":"string","script":{"source":"string","id":"string","params":{"key":{}},"":"painless","options":{"key":"string"}},"type":"boolean"},"script_fields":{"script":{"source":"string","id":"string","params":{"key":{}},"":"painless","options":{"key":"string"}},"ignore_failure":true},"scroll_size":42.0},"job_config":{"allow_lazy_open":true,"analysis_config":{"bucket_span":"string","":"string","categorization_field_name":"string","categorization_filters":["string"],"detectors":[{"by_field_name":"string","custom_rules":[{"actions":["skip_result"],"conditions":[{}]}],"detector_description":"string","detector_index":42.0,"exclude_frequent":"all","field_name":"string","function":"string","over_field_name":"string","partition_field_name":"string","use_null":true}],"influencers":["string"],"latency":"string","model_prune_window":"string","multivariate_by_fields":true,"per_partition_categorization":{"enabled":true,"stop_on_warn":true},"summary_count_field_name":"string"},"analysis_limits":{"categorization_examples_limit":42.0,"model_memory_limit":"string"},"background_persist_interval":"string","custom_settings":{},"daily_model_snapshot_retention_after_days":42.0,"data_description":{"format":"string","time_field":"string","time_format":"string","field_delimiter":"string"},"datafeed_config":{"aggregations":{},"chunking_config":{"mode":"auto","time_span":"string"},"datafeed_id":"string","delayed_data_check_config":{"check_window":"string","enabled":true},"frequency":"string","indices":"string","indices_options":{"allow_no_indices":true,"expand_wildcards":"string","ignore_unavailable":true,"ignore_throttled":true},"job_id":"string","max_empty_searches":42.0,"query":{"":{"boost":42.0,"_name":"string","value":"string"},"common":{},"fuzzy":{},"intervals":{},"match":{},"match_bool_prefix":{},"match_phrase":{},"match_phrase_prefix":{},"prefix":{},"range":{},"regexp":{},"span_term":{},"term":{},"terms_set":{},"text_expansion":{},"weighted_tokens":{},"wildcard":{}},"query_delay":"string","":{"fields":{"type":"boolean"},"fetch_fields":[{"field":"string","format":"string"}],"format":"string","input_field":"string","target_field":"string","target_index":"string","script":{"source":"string","id":"string","params":{"key":{}},"":"painless","options":{"key":"string"}},"type":"boolean"},"script_fields":{"script":{"source":"string","id":"string","params":{"key":{}},"":"painless","options":{"key":"string"}},"ignore_failure":true},"scroll_size":42.0},"description":"string","groups":["string"],"job_id":"string","job_type":"string","model_plot_config":{"annotations_enabled":true,"enabled":true,"terms":"string"},"model_snapshot_retention_days":42.0,"renormalization_window_days":42.0,"results_index_name":"string","results_retention_days":42.0}}'