Update an anomaly detection job

POST /_ml/anomaly_detectors/{job_id}/_update

Updates certain properties of an anomaly detection job.

Path parameters

  • job_id string Required

    Identifier for the job.

application/json

Body Required

  • allow_lazy_open boolean

    Advanced configuration option. Specifies whether this job can open when there is insufficient machine learning node capacity for it to be immediately assigned to a node. If false and a machine learning node with capacity to run the job cannot immediately be found, the open anomaly detection jobs API returns an error. However, this is also subject to the cluster-wide xpack.ml.max_lazy_ml_nodes setting. If this option is set to true, the open anomaly detection jobs API does not return an error and the job waits in the opening state until sufficient machine learning node capacity is available.

  • analysis_limits object
    Hide analysis_limits attribute Show analysis_limits attribute object
    • model_memory_limit string Required

      Limits can be applied for the resources required to hold the mathematical models in memory. These limits are approximate and can be set per job. They do not control the memory used by other processes, for example the Elasticsearch Java processes.

  • background_persist_interval string

    A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

  • custom_settings object

    Advanced configuration option. Contains custom meta data about the job. For example, it can contain custom URL information as shown in Adding custom URLs to machine learning results.

    Hide custom_settings attributes Show custom_settings attributes object
  • categorization_filters array[string]
  • description string

    A description of the job.

  • model_plot_config object
    Hide model_plot_config attributes Show model_plot_config attributes object
    • annotations_enabled boolean

      If true, enables calculation and storage of the model change annotations for each entity that is being analyzed.

    • enabled boolean

      If true, enables calculation and storage of the model bounds for each entity that is being analyzed.

    • terms string

      Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

  • model_prune_window string

    A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

  • daily_model_snapshot_retention_after_days number

    Advanced configuration option, which affects the automatic removal of old model snapshots for this job. It specifies a period of time (in days) after which only the first snapshot per day is retained. This period is relative to the timestamp of the most recent snapshot for this job. Valid values range from 0 to model_snapshot_retention_days. For jobs created before version 7.8.0, the default value matches model_snapshot_retention_days.

  • model_snapshot_retention_days number

    Advanced configuration option, which affects the automatic removal of old model snapshots for this job. It specifies the maximum period of time (in days) that snapshots are retained. This period is relative to the timestamp of the most recent snapshot for this job.

  • renormalization_window_days number

    Advanced configuration option. The period over which adjustments to the score are applied, as new data is seen.

  • results_retention_days number

    Advanced configuration option. The period of time (in days) that results are retained. Age is calculated relative to the timestamp of the latest bucket result. If this property has a non-null value, once per day at 00:30 (server time), results that are the specified number of days older than the latest bucket result are deleted from Elasticsearch. The default value is null, which means all results are retained.

  • groups array[string]

    A list of job groups. A job can belong to no groups or many.

  • detectors array[object]

    An array of detector update objects.

    Hide detectors attributes Show detectors attributes object
    • by_field_name string

      Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

    • custom_rules array[object]

      Custom rules enable you to customize the way detectors operate. For example, a rule may dictate conditions under which results should be skipped. Kibana refers to custom rules as job rules.

      Hide custom_rules attributes Show custom_rules attributes object
      • actions array[string]

        The set of actions to be triggered when the rule applies. If more than one action is specified the effects of all actions are combined.

        Values are skip_result or skip_model_update.

      • conditions array[object]

        An array of numeric conditions when the rule applies. A rule must either have a non-empty scope or at least one condition. Multiple conditions are combined together with a logical AND.

        Hide conditions attributes Show conditions attributes object
        • applies_to string Required

          Values are actual, typical, diff_from_typical, or time.

        • operator string Required

          Values are gt, gte, lt, or lte.

        • value number Required

          The value that is compared against the applies_to field using the operator.

      • scope object
        Hide scope attributes Show scope attributes object
    • detector_description string

      A description of the detector.

    • detector_index number

      A unique identifier for the detector. This identifier is based on the order of the detectors in the analysis_config, starting at zero. If you specify a value for this property, it is ignored.

    • exclude_frequent string

      Values are all, none, by, or over.

    • field_name string

      Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

    • function string

      The analysis function that is used. For example, count, rare, mean, min, max, or sum.

    • over_field_name string

      Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

    • partition_field_name string

      Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

    • use_null boolean

      Defines whether a new series is used as the null series when there is no value for the by or partition fields.

  • per_partition_categorization object
    Hide per_partition_categorization attributes Show per_partition_categorization attributes object
    • enabled boolean

      To enable this setting, you must also set the partition_field_name property to the same value in every detector that uses the keyword mlcategory. Otherwise, job creation fails.

    • stop_on_warn boolean

      This setting can be set to true only if per-partition categorization is enabled. If true, both categorization and subsequent anomaly detection stops for partitions where the categorization status changes to warn. This setting makes it viable to have a job where it is expected that categorization works well for some partitions but not others; you do not pay the cost of bad categorization forever in the partitions where it works badly.

Responses

  • 200 application/json
    Hide response attributes Show response attributes object
    • allow_lazy_open boolean Required
    • analysis_config object Required
      Hide analysis_config attributes Show analysis_config attributes object
      • bucket_span string Required

        A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

      • categorization_analyzer string | object

        One of:
        _types:CategorizationAnalyzer string _types:CategorizationAnalyzerDefinition object
      • categorization_field_name string

        Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

      • categorization_filters array[string]

        If categorization_field_name is specified, you can also define optional filters. This property expects an array of regular expressions. The expressions are used to filter out matching sequences from the categorization field values.

      • detectors array[object] Required

        An array of detector configuration objects. Detector configuration objects specify which data fields a job analyzes. They also specify which analytical functions are used. You can specify multiple detectors for a job.

        Hide detectors attributes Show detectors attributes object
        • by_field_name string

          Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

        • custom_rules array[object]

          An array of custom rule objects, which enable you to customize the way detectors operate. For example, a rule may dictate to the detector conditions under which results should be skipped. Kibana refers to custom rules as job rules.

          Hide custom_rules attributes Show custom_rules attributes object
          • actions array[string]

            The set of actions to be triggered when the rule applies. If more than one action is specified the effects of all actions are combined.

            Values are skip_result or skip_model_update.

          • conditions array[object]

            An array of numeric conditions when the rule applies. A rule must either have a non-empty scope or at least one condition. Multiple conditions are combined together with a logical AND.

          • scope
        • detector_description string

          A description of the detector.

        • detector_index number

          A unique identifier for the detector. This identifier is based on the order of the detectors in the analysis_config, starting at zero.

        • exclude_frequent string

          Values are all, none, by, or over.

        • field_name string

          Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

        • function string Required

          The analysis function that is used. For example, count, rare, mean, min, max, and sum.

        • over_field_name string

          Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

        • partition_field_name string

          Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

        • use_null boolean

          Defines whether a new series is used as the null series when there is no value for the by or partition fields.

      • influencers array[string] Required

        Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

      • model_prune_window string

        A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

      • latency string

        A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

      • multivariate_by_fields boolean

        This functionality is reserved for internal use. It is not supported for use in customer environments and is not subject to the support SLA of official GA features. If set to true, the analysis will automatically find correlations between metrics for a given by field value and report anomalies when those correlations cease to hold.

      • per_partition_categorization object
        Hide per_partition_categorization attributes Show per_partition_categorization attributes object
        • enabled boolean

          To enable this setting, you must also set the partition_field_name property to the same value in every detector that uses the keyword mlcategory. Otherwise, job creation fails.

        • stop_on_warn boolean

          This setting can be set to true only if per-partition categorization is enabled. If true, both categorization and subsequent anomaly detection stops for partitions where the categorization status changes to warn. This setting makes it viable to have a job where it is expected that categorization works well for some partitions but not others; you do not pay the cost of bad categorization forever in the partitions where it works badly.

      • summary_count_field_name string

        Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

    • analysis_limits object Required
      Hide analysis_limits attributes Show analysis_limits attributes object
      • categorization_examples_limit number

        The maximum number of examples stored per category in memory and in the results data store. If you increase this value, more examples are available, however it requires that you have more storage available. If you set this value to 0, no examples are stored. NOTE: The categorization_examples_limit applies only to analysis that uses categorization.

      • model_memory_limit string

        The approximate maximum amount of memory resources that are required for analytical processing. Once this limit is approached, data pruning becomes more aggressive. Upon exceeding this limit, new entities are not modeled. If the xpack.ml.max_model_memory_limit setting has a value greater than 0 and less than 1024mb, that value is used instead of the default. The default value is relatively small to ensure that high resource usage is a conscious decision. If you have jobs that are expected to analyze high cardinality fields, you will likely need to use a higher value. If you specify a number instead of a string, the units are assumed to be MiB. Specifying a string is recommended for clarity. If you specify a byte size unit of b or kb and the number does not equate to a discrete number of megabytes, it is rounded down to the closest MiB. The minimum valid value is 1 MiB. If you specify a value less than 1 MiB, an error occurs. If you specify a value for the xpack.ml.max_model_memory_limit setting, an error occurs when you try to create jobs that have model_memory_limit values greater than that setting value.

    • background_persist_interval string

      A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

    • create_time number

      Time unit for milliseconds

    • finished_time number

      Time unit for milliseconds

    • custom_settings object
      Hide custom_settings attributes Show custom_settings attributes object
    • daily_model_snapshot_retention_after_days number Required
    • data_description object Required
      Hide data_description attributes Show data_description attributes object
      • format string

        Only JSON format is supported at this time.

      • time_field string

        Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

      • time_format string

        The time format, which can be epoch, epoch_ms, or a custom pattern. The value epoch refers to UNIX or Epoch time (the number of seconds since 1 Jan 1970). The value epoch_ms indicates that time is measured in milliseconds since the epoch. The epoch and epoch_ms time formats accept either integer or real values. Custom patterns must conform to the Java DateTimeFormatter class. When you use date-time formatting patterns, it is recommended that you provide the full date, time and time zone. For example: yyyy-MM-dd'T'HH:mm:ssX. If the pattern that you specify is not sufficient to produce a complete timestamp, job creation fails.

      • field_delimiter string
    • datafeed_config object
      Hide datafeed_config attributes Show datafeed_config attributes object
      • aggregations object
      • authorization object
        Hide authorization attributes Show authorization attributes object
        • api_key object
          Hide api_key attributes Show api_key attributes object
          • id string Required

            The identifier for the API key.

          • name string Required

            The name of the API key.

        • roles array[string]

          If a user ID was used for the most recent update to the datafeed, its roles at the time of the update are listed in the response.

        • service_account string

          If a service account was used for the most recent update to the datafeed, the account name is listed in the response.

      • chunking_config object
        Hide chunking_config attributes Show chunking_config attributes object
        • mode string Required

          Values are auto, manual, or off.

        • time_span string

          A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

      • datafeed_id string Required
      • frequency string

        A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

      • indices array[string] Required
      • indexes array[string]
      • job_id string Required
      • max_empty_searches number
      • query object Required
        Hide query attributes Show query attributes object
        • bool object
          Hide bool attributes Show bool attributes object
        • boosting object
          Hide boosting attributes Show boosting attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • negative_boost number Required

            Floating point number between 0 and 1.0 used to decrease the relevance scores of documents matching the negative query.

          • negative object Required
          • positive object Required
        • common object Deprecated
        • combined_fields object
          Hide combined_fields attributes Show combined_fields attributes object
        • constant_score object
          Hide constant_score attributes Show constant_score attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • filter object Required
        • dis_max object
          Hide dis_max attributes Show dis_max attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • queries array[object] Required

            One or more query clauses. Returned documents must match one or more of these queries. If a document matches multiple queries, Elasticsearch uses the highest relevance score.

          • tie_breaker number

            Floating point number between 0 and 1.0 used to increase the relevance scores of documents matching multiple query clauses.

        • distance_feature object

          One of:
          query_dsl:UntypedDistanceFeatureQuery object query_dsl:GeoDistanceFeatureQuery object query_dsl:DateDistanceFeatureQuery object
        • exists object
          Hide exists attributes Show exists attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • field string Required

            Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

        • function_score object
          Hide function_score attributes Show function_score attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • boost_mode string

            Values are multiply, replace, sum, avg, max, or min.

          • functions array[object]

            One or more functions that compute a new score for each document returned by the query.

          • max_boost number

            Restricts the new score to not exceed the provided limit.

          • min_score number

            Excludes documents that do not meet the provided score threshold.

          • query object
          • score_mode string

            Values are multiply, sum, avg, first, max, or min.

        • fuzzy object

          Returns documents that contain terms similar to the search term, as measured by a Levenshtein edit distance.

        • geo_bounding_box object
          Hide geo_bounding_box attributes Show geo_bounding_box attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • type string

            Values are memory or indexed.

          • validation_method string

            Values are coerce, ignore_malformed, or strict.

          • ignore_unmapped boolean

            Set to true to ignore an unmapped field and not match any documents for this query. Set to false to throw an exception if the field is not mapped.

        • geo_distance object
          Hide geo_distance attributes Show geo_distance attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • distance string Required
          • distance_type string

            Values are arc or plane.

          • validation_method string

            Values are coerce, ignore_malformed, or strict.

          • ignore_unmapped boolean

            Set to true to ignore an unmapped field and not match any documents for this query. Set to false to throw an exception if the field is not mapped.

        • geo_polygon object
          Hide geo_polygon attributes Show geo_polygon attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • validation_method string

            Values are coerce, ignore_malformed, or strict.

          • ignore_unmapped boolean
        • geo_shape object
          Hide geo_shape attributes Show geo_shape attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • ignore_unmapped boolean

            Set to true to ignore an unmapped field and not match any documents for this query. Set to false to throw an exception if the field is not mapped.

        • has_child object
          Hide has_child attributes Show has_child attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • ignore_unmapped boolean

            Indicates whether to ignore an unmapped type and not return any documents instead of an error.

          • inner_hits object
            Hide inner_hits attributes Show inner_hits attributes object
          • max_children number

            Maximum number of child documents that match the query allowed for a returned parent document. If the parent document exceeds this limit, it is excluded from the search results.

          • min_children number

            Minimum number of child documents that match the query required to match the query for a returned parent document. If the parent document does not meet this limit, it is excluded from the search results.

          • query object Required
          • score_mode string

            Values are none, avg, sum, max, or min.

          • type string Required
        • has_parent object
          Hide has_parent attributes Show has_parent attributes object
        • ids object
          Hide ids attributes Show ids attributes object
        • intervals object

          Returns documents based on the order and proximity of matching terms.

        • knn object
          Hide knn attributes Show knn attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • field string Required

            Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

          • query_vector array[number]
          • query_vector_builder object
            Hide query_vector_builder attribute Show query_vector_builder attribute object
          • num_candidates number

            The number of nearest neighbor candidates to consider per shard

          • k number

            The final number of nearest neighbors to return as top hits

          • filter object | array[object]

            Filters for the kNN search query

            One of:
            query_dsl:QueryContainer object array-2 array[object]
          • similarity number

            The minimum similarity for a vector to be considered a match

        • match object

          Returns documents that match a provided text, number, date or boolean value. The provided text is analyzed before matching.

        • match_all object
          Hide match_all attributes Show match_all attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
        • match_bool_prefix object

          Analyzes its input and constructs a bool query from the terms. Each term except the last is used in a term query. The last term is used in a prefix query.

        • match_none object
          Hide match_none attributes Show match_none attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
        • match_phrase object

          Analyzes the text and creates a phrase query out of the analyzed text.

        • match_phrase_prefix object

          Returns documents that contain the words of a provided text, in the same order as provided. The last term of the provided text is treated as a prefix, matching any words that begin with that term.

        • more_like_this object
          Hide more_like_this attributes Show more_like_this attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • analyzer string

            The analyzer that is used to analyze the free form text. Defaults to the analyzer associated with the first field in fields.

          • boost_terms number

            Each term in the formed query could be further boosted by their tf-idf score. This sets the boost factor to use when using this feature. Defaults to deactivated (0).

          • fail_on_unsupported_field boolean

            Controls whether the query should fail (throw an exception) if any of the specified fields are not of the supported types (text or keyword).

          • fields array[string]

            Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

          • include boolean

            Specifies whether the input documents should also be included in the search results returned.

          • like array[string | object] Required
          • max_doc_freq number

            The maximum document frequency above which the terms are ignored from the input document.

          • max_query_terms number

            The maximum number of query terms that can be selected.

          • max_word_length number

            The maximum word length above which the terms are ignored. Defaults to unbounded (0).

          • min_doc_freq number

            The minimum document frequency below which the terms are ignored from the input document.

          • minimum_should_match number | string

            The minimum number of terms that should match as integer, percentage or range

            One of:
            _types:MinimumShouldMatch number _types:MinimumShouldMatch string
          • min_term_freq number

            The minimum term frequency below which the terms are ignored from the input document.

          • min_word_length number

            The minimum word length below which the terms are ignored.

          • routing string

          • stop_words string | array[string]

            Language value, such as arabic or thai. Defaults to english. Each language value corresponds to a predefined list of stop words in Lucene. See Stop words by language for supported language values and their stop words. Also accepts an array of stop words.

            One of:
            analysis:StopWords string analysis:StopWords array[string]
          • unlike array[string | object]
          • version number
          • version_type string

            Values are internal, external, external_gte, or force.

        • multi_match object
          Hide multi_match attributes Show multi_match attributes object
        • nested object
          Hide nested attributes Show nested attributes object
        • parent_id object
          Hide parent_id attributes Show parent_id attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • id string
          • ignore_unmapped boolean

            Indicates whether to ignore an unmapped type and not return any documents instead of an error.

          • type string
        • percolate object
          Hide percolate attributes Show percolate attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • document object

            The source of the document being percolated.

          • documents array[object]

            An array of sources of the documents being percolated.

          • field string Required

            Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

          • id string
          • index string
          • name string

            The suffix used for the _percolator_document_slot field when multiple percolate queries are specified.

          • preference string

            Preference used to fetch document to percolate.

          • routing string
          • version number
        • pinned object
          Hide pinned attributes Show pinned attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • organic object Required
          • ids array[string]

            Document IDs listed in the order they are to appear in results. Required if docs is not specified.

          • docs array[object]

            Documents listed in the order they are to appear in results. Required if ids is not specified.

        • prefix object

          Returns documents that contain a specific prefix in a provided field.

        • query_string object
          Hide query_string attributes Show query_string attributes object
        • range object

          Returns documents that contain terms within a provided range.

        • rank_feature object
          Hide rank_feature attributes Show rank_feature attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • field string Required

            Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

          • saturation object
          • log object
          • linear object
          • sigmoid object
        • regexp object

          Returns documents that contain terms matching a regular expression.

        • rule object
          Hide rule attributes Show rule attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • organic object Required
          • ruleset_ids array[string] Required
          • match_criteria object Required
        • script object
          Hide script attributes Show script attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • script object Required
            Hide script attributes Show script attributes object
            • source string

              The script source.

            • id string
            • params object

              Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.

            • lang
            • options object
        • script_score object
          Hide script_score attributes Show script_score attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • min_score number

            Documents with a score lower than this floating point number are excluded from the search results.

          • query object Required
          • script object Required
            Hide script attributes Show script attributes object
            • source string

              The script source.

            • id string
            • params object

              Specifies any named parameters that are passed into the script as variables. Use parameters instead of hard-coded values to decrease compile time.

            • lang
            • options object
        • semantic object
          Hide semantic attributes Show semantic attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • field string Required

            The field to query, which must be a semantic_text field type

          • query string Required

            The query text

        • shape object
          Hide shape attributes Show shape attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • ignore_unmapped boolean

            When set to true the query ignores an unmapped field and will not match any documents.

        • simple_query_string object
          Hide simple_query_string attributes Show simple_query_string attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • analyzer string

            Analyzer used to convert text in the query string into tokens.

          • analyze_wildcard boolean

            If true, the query attempts to analyze wildcard terms in the query string.

          • auto_generate_synonyms_phrase_query boolean

            If true, the parser creates a match_phrase query for each multi-position token.

          • default_operator string

            Values are and, AND, or, or OR.

          • fields array[string]

            Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

          • flags
          • fuzzy_max_expansions number

            Maximum number of terms to which the query expands for fuzzy matching.

          • fuzzy_prefix_length number

            Number of beginning characters left unchanged for fuzzy matching.

          • fuzzy_transpositions boolean

            If true, edits for fuzzy matching include transpositions of two adjacent characters (for example, ab to ba).

          • lenient boolean

            If true, format-based errors, such as providing a text value for a numeric field, are ignored.

          • minimum_should_match number | string

            The minimum number of terms that should match as integer, percentage or range

            One of:
            _types:MinimumShouldMatch number _types:MinimumShouldMatch string
          • query string Required

            Query string in the simple query string syntax you wish to parse and use for search.

          • quote_field_suffix string

            Suffix appended to quoted text in the query string.

        • span_containing object
          Hide span_containing attributes Show span_containing attributes object
        • span_field_masking object
          Hide span_field_masking attributes Show span_field_masking attributes object
        • span_first object
          Hide span_first attributes Show span_first attributes object
        • span_multi object
          Hide span_multi attributes Show span_multi attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • match object Required
        • span_near object
          Hide span_near attributes Show span_near attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • clauses array[object] Required

            Array of one or more other span type queries.

          • in_order boolean

            Controls whether matches are required to be in-order.

          • slop number

            Controls the maximum number of intervening unmatched positions permitted.

        • span_not object
          Hide span_not attributes Show span_not attributes object
        • span_or object
          Hide span_or attributes Show span_or attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • clauses array[object] Required

            Array of one or more other span type queries.

        • span_term object

          Matches spans containing a term.

        • span_within object
          Hide span_within attributes Show span_within attributes object
        • sparse_vector object
          Hide sparse_vector attributes Show sparse_vector attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • field string Required

            Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

          • query string

            The query text you want to use for search. If inference_id is specified, query must also be specified.

          • prune boolean

            Whether to perform pruning, omitting the non-significant tokens from the query to improve query performance. If prune is true but the pruning_config is not specified, pruning will occur but default values will be used. Default: false

          • pruning_config object
          • query_vector object

            Dictionary of precomputed sparse vectors and their associated weights. Only one of inference_id or query_vector may be supplied in a request.

          • inference_id string
        • term object

          Returns documents that contain an exact term in a provided field. To return a document, the query term must exactly match the queried field's value, including whitespace and capitalization.

        • terms object
          Hide terms attributes Show terms attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
        • terms_set object

          Returns documents that contain a minimum number of exact terms in a provided field. To return a document, a required number of terms must exactly match the field values, including whitespace and capitalization.

        • text_expansion object Deprecated

          Uses a natural language processing model to convert the query text into a list of token-weight pairs which are then used in a query against a sparse vector or rank features field.

        • weighted_tokens object Deprecated

          Supports returning text_expansion query results by sending in precomputed tokens with the query.

        • wildcard object

          Returns documents that contain terms matching a wildcard pattern.

        • wrapper object
          Hide wrapper attributes Show wrapper attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • query string Required

            A base64 encoded query. The binary data format can be any of JSON, YAML, CBOR or SMILE encodings

        • type object
          Hide type attributes Show type attributes object
          • boost number

            Floating point number used to decrease or increase the relevance scores of the query. Boost values are relative to the default value of 1.0. A boost value between 0 and 1.0 decreases the relevance score. A value greater than 1.0 increases the relevance score.

          • _name string
          • value string Required
      • query_delay string

        A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

      • script_fields object
        Hide script_fields attributes Show script_fields attributes object
      • scroll_size number
      • delayed_data_check_config object Required
        Hide delayed_data_check_config attributes Show delayed_data_check_config attributes object
        • check_window string

          A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.

        • enabled boolean Required

          Specifies whether the datafeed periodically checks for delayed data.

      • runtime_mappings object
        Hide runtime_mappings attributes Show runtime_mappings attributes object
      • indices_options object
        Hide indices_options attributes Show indices_options attributes object
        • allow_no_indices boolean

          If false, the request returns an error if any wildcard expression, index alias, or _all value targets only missing or closed indices. This behavior applies even if the request targets other open indices. For example, a request targeting foo*,bar* returns an error if an index starts with foo but no index starts with bar.

        • expand_wildcards string | array[string]
        • ignore_unavailable boolean

          If true, missing or closed indices are not included in the response.

        • ignore_throttled boolean

          If true, concrete, expanded or aliased indices are ignored when frozen.

    • description string
    • groups array[string]
    • job_id string Required
    • job_type string Required
    • job_version string Required
    • model_plot_config object
      Hide model_plot_config attributes Show model_plot_config attributes object
      • annotations_enabled boolean

        If true, enables calculation and storage of the model change annotations for each entity that is being analyzed.

      • enabled boolean

        If true, enables calculation and storage of the model bounds for each entity that is being analyzed.

      • terms string

        Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

    • model_snapshot_id string
    • model_snapshot_retention_days number Required
    • renormalization_window_days number
    • results_index_name string Required
    • results_retention_days number
POST /_ml/anomaly_detectors/{job_id}/_update 
curl \
 -X POST http://api.example.com/_ml/anomaly_detectors/{job_id}/_update \
 -H "Content-Type: application/json" \
 -d '{"allow_lazy_open":true,"analysis_limits":{"model_memory_limit":"string"},"background_persist_interval":"string","custom_settings":{"key":{}},"categorization_filters":["string"],"description":"string","model_plot_config":{"annotations_enabled":true,"enabled":true,"terms":"string"},"model_prune_window":"string","daily_model_snapshot_retention_after_days":42.0,"model_snapshot_retention_days":42.0,"renormalization_window_days":42.0,"results_retention_days":42.0,"groups":["string"],"detectors":[{"by_field_name":"string","custom_rules":[{"actions":["skip_result"],"conditions":[{"applies_to":"actual","operator":"gt","value":42.0}],"scope":{"filter_id":"string","filter_type":"include"}}],"detector_description":"string","detector_index":42.0,"exclude_frequent":"all","field_name":"string","function":"string","over_field_name":"string","partition_field_name":"string","use_null":true}],"per_partition_categorization":{"enabled":true,"stop_on_warn":true}}'