Get Categories API
editGet Categories API
editRetrieves job results for one or more categories.
Request
editGET _xpack/ml/anomaly_detectors/<job_id>/results/categories
GET _xpack/ml/anomaly_detectors/<job_id>/results/categories/<category_id>
Description
editFor more information about categories, see Categorizing log messages.
Path Parameters
edit-
job_id
- (string) Identifier for the job.
-
category_id
- (long) Identifier for the category. If you do not specify this optional parameter, the API returns information about all categories in the job.
Request Body
edit-
page
-
-
from
- (integer) Skips the specified number of categories.
-
size
- (integer) Specifies the maximum number of categories to obtain.
-
Results
editThe API returns the following information:
-
categories
- (array) An array of category objects. For more information, see Categories.
Authorization
editYou must have monitor_ml
, monitor
, manage_ml
, or manage
cluster
privileges to use this API. You also need read
index privilege on the index
that stores the results. The machine_learning_admin
and machine_learning_user
roles provide these privileges. For more information, see
Security privileges and
Built-in roles.
Examples
editThe following example gets information about one category for the
it_ops_new_logs
job:
GET _xpack/ml/anomaly_detectors/it_ops_new_logs/results/categories { "page":{ "size": 1 } }
In this example, the API returns the following information:
{ "count": 11, "categories": [ { "job_id": "it_ops_new_logs", "category_id": 1, "terms": "Actual Transaction Already Voided Reversed hostname dbserver.acme.com physicalhost esxserver1.acme.com vmhost app1.acme.com", "regex": ".*?Actual.+?Transaction.+?Already.+?Voided.+?Reversed.+?hostname.+?dbserver.acme.com.+?physicalhost.+?esxserver1.acme.com.+?vmhost.+?app1.acme.com.*", "max_matching_length": 137, "examples": [ "Actual Transaction Already Voided / Reversed;hostname=dbserver.acme.com;physicalhost=esxserver1.acme.com;vmhost=app1.acme.com" ] } ] }