Get Categories API
editGet Categories API
editRetrieves job results for one or more categories.
Request
editGET _xpack/ml/anomaly_detectors/<job_id>/results/categories
GET _xpack/ml/anomaly_detectors/<job_id>/results/categories/<category_id>
Description
editFor more information about categories, see Categorizing log messages.
Path Parameters
edit-
job_id - (string) Identifier for the job.
-
category_id - (long) Identifier for the category. If you do not specify this optional parameter, the API returns information about all categories in the job.
Request Body
edit-
page -
-
from - (integer) Skips the specified number of categories.
-
size - (integer) Specifies the maximum number of categories to obtain.
-
Results
editThe API returns the following information:
-
categories - (array) An array of category objects. For more information, see Categories.
Authorization
editYou must have monitor_ml, monitor, manage_ml, or manage cluster
privileges to use this API. You also need read index privilege on the index
that stores the results. The machine_learning_admin and machine_learning_user
roles provide these privileges. For more information, see
Security privileges and
Built-in roles.
Examples
editThe following example gets information about one category for the
it_ops_new_logs job:
GET _xpack/ml/anomaly_detectors/it_ops_new_logs/results/categories
{
"page":{
"size": 1
}
}
In this example, the API returns the following information:
{
"count": 11,
"categories": [
{
"job_id": "it_ops_new_logs",
"category_id": 1,
"terms": "Actual Transaction Already Voided Reversed hostname dbserver.acme.com physicalhost esxserver1.acme.com vmhost app1.acme.com",
"regex": ".*?Actual.+?Transaction.+?Already.+?Voided.+?Reversed.+?hostname.+?dbserver.acme.com.+?physicalhost.+?esxserver1.acme.com.+?vmhost.+?app1.acme.com.*",
"max_matching_length": 137,
"examples": [
"Actual Transaction Already Voided / Reversed;hostname=dbserver.acme.com;physicalhost=esxserver1.acme.com;vmhost=app1.acme.com"
]
}
]
}