Get Categories API

edit

Retrieves job results for one or more categories.

Request

edit

GET _xpack/ml/anomaly_detectors/<job_id>/results/categories

GET _xpack/ml/anomaly_detectors/<job_id>/results/categories/<category_id>

Description

edit

For more information about categories, see Categorizing log messages.

Path Parameters

edit
job_id
(string) Identifier for the job.
category_id
(long) Identifier for the category. If you do not specify this optional parameter, the API returns information about all categories in the job.

Request Body

edit
page
from
(integer) Skips the specified number of categories.
size
(integer) Specifies the maximum number of categories to obtain.

Results

edit

The API returns the following information:

categories
(array) An array of category objects. For more information, see Categories.

Authorization

edit

You must have monitor_ml, monitor, manage_ml, or manage cluster privileges to use this API. You also need read index privilege on the index that stores the results. The machine_learning_admin and machine_learning_user roles provide these privileges. For more information, see Security privileges and Built-in roles.

Examples

edit

The following example gets information about one category for the it_ops_new_logs job:

GET _xpack/ml/anomaly_detectors/it_ops_new_logs/results/categories
{
  "page":{
    "size": 1
  }
}

In this example, the API returns the following information:

{
  "count": 11,
  "categories": [
    {
      "job_id": "it_ops_new_logs",
      "category_id": 1,
      "terms": "Actual Transaction Already Voided Reversed hostname dbserver.acme.com physicalhost esxserver1.acme.com vmhost app1.acme.com",
      "regex": ".*?Actual.+?Transaction.+?Already.+?Voided.+?Reversed.+?hostname.+?dbserver.acme.com.+?physicalhost.+?esxserver1.acme.com.+?vmhost.+?app1.acme.com.*",
      "max_matching_length": 137,
      "examples": [
        "Actual Transaction Already Voided / Reversed;hostname=dbserver.acme.com;physicalhost=esxserver1.acme.com;vmhost=app1.acme.com"
      ]
    }
  ]
}