Validates an anomaly detection detector Added in 5.4.0

POST /_ml/anomaly_detectors/_validate/detector
application/json

Body Required

  • by_field_name string

    Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

  • custom_rules array[object]

    Custom rules enable you to customize the way detectors operate. For example, a rule may dictate conditions under which results should be skipped. Kibana refers to custom rules as job rules.

    Hide custom_rules attributes Show custom_rules attributes object
    • actions array[string]

      The set of actions to be triggered when the rule applies. If more than one action is specified the effects of all actions are combined.

      Values are skip_result or skip_model_update.

    • conditions array[object]

      An array of numeric conditions when the rule applies. A rule must either have a non-empty scope or at least one condition. Multiple conditions are combined together with a logical AND.

      Hide conditions attributes Show conditions attributes object
      • applies_to string Required

        Values are actual, typical, diff_from_typical, or time.

      • operator string Required

        Values are gt, gte, lt, or lte.

      • value number Required

        The value that is compared against the applies_to field using the operator.

    • scope object

      A scope of series where the rule applies. A rule must either have a non-empty scope or at least one condition. By default, the scope includes all series. Scoping is allowed for any of the fields that are also specified in by_field_name, over_field_name, or partition_field_name.

      Hide scope attribute Show scope attribute object
      • * object Additional properties

        Additional properties are allowed.

        Hide * attributes Show * attributes object
  • detector_description string

    A description of the detector.

  • detector_index number

    A unique identifier for the detector. This identifier is based on the order of the detectors in the analysis_config, starting at zero. If you specify a value for this property, it is ignored.

  • exclude_frequent string

    Values are all, none, by, or over.

  • field_name string

    Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

  • function string

    The analysis function that is used. For example, count, rare, mean, min, max, or sum.

  • over_field_name string

    Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

  • partition_field_name string

    Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

  • use_null boolean

    Defines whether a new series is used as the null series when there is no value for the by or partition fields.

Responses

  • 200 application/json
    Hide response attribute Show response attribute object
    • acknowledged boolean Required

      For a successful response, this value is always true. On failure, an exception is returned instead.
POST /_ml/anomaly_detectors/_validate/detector 
curl \
 -X POST http://api.example.com/_ml/anomaly_detectors/_validate/detector \
 -H "Content-Type: application/json" \
 -d '{"by_field_name":"string","custom_rules":[{"actions":["skip_result"],"conditions":[{"applies_to":"actual","operator":"gt","value":42.0}],"scope":{"additionalProperty1":{"filter_id":"string","filter_type":"include"},"additionalProperty2":{"filter_id":"string","filter_type":"include"}}}],"detector_description":"string","detector_index":42.0,"exclude_frequent":"all","field_name":"string","function":"string","over_field_name":"string","partition_field_name":"string","use_null":true}'
Request examples 
{
  "by_field_name": "string",
  "custom_rules": [
    {
      "actions": [
        "skip_result"
      ],
      "conditions": [
        {
          "applies_to": "actual",
          "operator": "gt",
          "value": 42.0
        }
      ],
      "scope": {
        "additionalProperty1": {
          "filter_id": "string",
          "filter_type": "include"
        },
        "additionalProperty2": {
          "filter_id": "string",
          "filter_type": "include"
        }
      }
    }
  ],
  "detector_description": "string",
  "detector_index": 42.0,
  "exclude_frequent": "all",
  "field_name": "string",
  "function": "string",
  "over_field_name": "string",
  "partition_field_name": "string",
  "use_null": true
}
Response examples (200) 
{
  "acknowledged": true
}