- Elasticsearch Guide: other versions:
- Getting Started
- Set up Elasticsearch
- Installing Elasticsearch
- Configuring Elasticsearch
- Important Elasticsearch configuration
- Important System Configuration
- Bootstrap Checks
- Heap size check
- File descriptor check
- Memory lock check
- Maximum number of threads check
- Max file size check
- Maximum size virtual memory check
- Maximum map count check
- Client JVM check
- Use serial collector check
- System call filter check
- OnError and OnOutOfMemoryError checks
- Early-access check
- G1GC check
- All permission check
- Starting Elasticsearch
- Stopping Elasticsearch
- Adding nodes to your cluster
- Installing X-Pack
- Set up X-Pack
- Configuring X-Pack Java Clients
- X-Pack Settings
- Bootstrap Checks for X-Pack
- Upgrade Elasticsearch
- API Conventions
- Document APIs
- Search APIs
- Aggregations
- Metrics Aggregations
- Avg Aggregation
- Cardinality Aggregation
- Extended Stats Aggregation
- Geo Bounds Aggregation
- Geo Centroid Aggregation
- Max Aggregation
- Min Aggregation
- Percentiles Aggregation
- Percentile Ranks Aggregation
- Scripted Metric Aggregation
- Stats Aggregation
- Sum Aggregation
- Top Hits Aggregation
- Value Count Aggregation
- Bucket Aggregations
- Adjacency Matrix Aggregation
- Children Aggregation
- Composite Aggregation
- Date Histogram Aggregation
- Date Range Aggregation
- Diversified Sampler Aggregation
- Filter Aggregation
- Filters Aggregation
- Geo Distance Aggregation
- GeoHash grid Aggregation
- Global Aggregation
- Histogram Aggregation
- IP Range Aggregation
- Missing Aggregation
- Nested Aggregation
- Range Aggregation
- Reverse nested Aggregation
- Sampler Aggregation
- Significant Terms Aggregation
- Significant Text Aggregation
- Terms Aggregation
- Pipeline Aggregations
- Avg Bucket Aggregation
- Derivative Aggregation
- Max Bucket Aggregation
- Min Bucket Aggregation
- Sum Bucket Aggregation
- Stats Bucket Aggregation
- Extended Stats Bucket Aggregation
- Percentiles Bucket Aggregation
- Moving Average Aggregation
- Cumulative Sum Aggregation
- Bucket Script Aggregation
- Bucket Selector Aggregation
- Bucket Sort Aggregation
- Serial Differencing Aggregation
- Matrix Aggregations
- Caching heavy aggregations
- Returning only aggregation results
- Aggregation Metadata
- Returning the type of the aggregation
- Metrics Aggregations
- Indices APIs
- Create Index
- Delete Index
- Get Index
- Indices Exists
- Open / Close Index API
- Shrink Index
- Split Index
- Rollover Index
- Put Mapping
- Get Mapping
- Get Field Mapping
- Types Exists
- Index Aliases
- Update Indices Settings
- Get Settings
- Analyze
- Index Templates
- Indices Stats
- Indices Segments
- Indices Recovery
- Indices Shard Stores
- Clear Cache
- Flush
- Refresh
- Force Merge
- cat APIs
- Cluster APIs
- Query DSL
- Mapping
- Analysis
- Anatomy of an analyzer
- Testing analyzers
- Analyzers
- Normalizers
- Tokenizers
- Standard Tokenizer
- Letter Tokenizer
- Lowercase Tokenizer
- Whitespace Tokenizer
- UAX URL Email Tokenizer
- Classic Tokenizer
- Thai Tokenizer
- NGram Tokenizer
- Edge NGram Tokenizer
- Keyword Tokenizer
- Pattern Tokenizer
- Simple Pattern Tokenizer
- Simple Pattern Split Tokenizer
- Path Hierarchy Tokenizer
- Path Hierarchy Tokenizer Examples
- Token Filters
- Standard Token Filter
- ASCII Folding Token Filter
- Flatten Graph Token Filter
- Length Token Filter
- Lowercase Token Filter
- Uppercase Token Filter
- NGram Token Filter
- Edge NGram Token Filter
- Porter Stem Token Filter
- Shingle Token Filter
- Stop Token Filter
- Word Delimiter Token Filter
- Word Delimiter Graph Token Filter
- Stemmer Token Filter
- Stemmer Override Token Filter
- Keyword Marker Token Filter
- Keyword Repeat Token Filter
- KStem Token Filter
- Snowball Token Filter
- Phonetic Token Filter
- Synonym Token Filter
- Synonym Graph Token Filter
- Compound Word Token Filters
- Reverse Token Filter
- Elision Token Filter
- Truncate Token Filter
- Unique Token Filter
- Pattern Capture Token Filter
- Pattern Replace Token Filter
- Trim Token Filter
- Limit Token Count Token Filter
- Hunspell Token Filter
- Common Grams Token Filter
- Normalization Token Filter
- CJK Width Token Filter
- CJK Bigram Token Filter
- Delimited Payload Token Filter
- Keep Words Token Filter
- Keep Types Token Filter
- Classic Token Filter
- Apostrophe Token Filter
- Decimal Digit Token Filter
- Fingerprint Token Filter
- Minhash Token Filter
- Character Filters
- Modules
- Index Modules
- Ingest Node
- Pipeline Definition
- Ingest APIs
- Accessing Data in Pipelines
- Handling Failures in Pipelines
- Processors
- Append Processor
- Convert Processor
- Date Processor
- Date Index Name Processor
- Fail Processor
- Foreach Processor
- Grok Processor
- Gsub Processor
- Join Processor
- JSON Processor
- KV Processor
- Lowercase Processor
- Remove Processor
- Rename Processor
- Script Processor
- Set Processor
- Split Processor
- Sort Processor
- Trim Processor
- Uppercase Processor
- Dot Expander Processor
- URL Decode Processor
- SQL Access
- Monitor a cluster
- Rolling up historical data
- Secure a cluster
- Overview
- Configuring security
- Encrypting communications in Elasticsearch
- Encrypting communications in an Elasticsearch Docker container
- Enabling cipher suites for stronger encryption
- Separating node-to-node and client traffic
- Configuring an Active Directory realm
- Configuring a file realm
- Configuring an LDAP realm
- Configuring a native realm
- Configuring a PKI realm
- Configuring a SAML realm
- Security settings
- Auditing settings
- Getting started with security
- How security works
- User authentication
- Configuring SAML single-sign-on on the Elastic Stack
- User authorization
- Auditing security events
- Encrypting communications
- Restricting connections with IP filtering
- Cross cluster search, tribe, clients, and integrations
- Reference
- Troubleshooting
- Can’t log in after upgrading to 6.3.2
- Some settings are not returned via the nodes settings API
- Authorization exceptions
- Users command fails due to extra arguments
- Users are frequently locked out of Active Directory
- Certificate verification fails for curl on Mac
- SSLHandshakeException causes connections to fail
- Common SSL/TLS exceptions
- Common SAML issues
- Internal Server Error in Kibana
- Setup-passwords command fails due to connection failure
- Failures due to relocation of the configuration files
- Limitations
- Alerting on Cluster and Index Events
- X-Pack APIs
- Info API
- Explore API
- Licensing APIs
- Migration APIs
- Machine Learning APIs
- Add Events to Calendar
- Add Jobs to Calendar
- Close Jobs
- Create Calendar
- Create Datafeeds
- Create Jobs
- Delete Calendar
- Delete Datafeeds
- Delete Events from Calendar
- Delete Jobs
- Delete Jobs from Calendar
- Delete Model Snapshots
- Flush Jobs
- Forecast Jobs
- Get Calendars
- Get Buckets
- Get Overall Buckets
- Get Categories
- Get Datafeeds
- Get Datafeed Statistics
- Get Influencers
- Get Jobs
- Get Job Statistics
- Get Model Snapshots
- Get Scheduled Events
- Get Records
- Open Jobs
- Post Data to Jobs
- Preview Datafeeds
- Revert Model Snapshots
- Start Datafeeds
- Stop Datafeeds
- Update Datafeeds
- Update Jobs
- Update Model Snapshots
- Rollup APIs
- Security APIs
- Authenticate API
- Change passwords API
- Clear Cache API
- Create or update role mappings API
- Clear roles cache API
- Create or update roles API
- Create or update users API
- Delete role mappings API
- Delete roles API
- Delete users API
- Disable users API
- Enable users API
- Get role mappings API
- Get roles API
- Get token API
- Get users API
- Privilege APIs
- Invalidate token API
- SSL Certificate API
- Watcher APIs
- Definitions
- Command line tools
- How To
- Testing
- Glossary of terms
- Release Highlights
- Breaking changes
- Release Notes
- Elasticsearch version 6.3.2
- Elasticsearch version 6.3.1
- Elasticsearch version 6.3.0
- Elasticsearch version 6.2.4
- Elasticsearch version 6.2.3
- Elasticsearch version 6.2.2
- Elasticsearch version 6.2.1
- Elasticsearch version 6.2.0
- Elasticsearch version 6.1.4
- Elasticsearch version 6.1.3
- Elasticsearch version 6.1.2
- Elasticsearch version 6.1.1
- Elasticsearch version 6.1.0
- Elasticsearch version 6.0.1
- Elasticsearch version 6.0.0
- Elasticsearch version 6.0.0-rc2
- Elasticsearch version 6.0.0-rc1
- Elasticsearch version 6.0.0-beta2
- Elasticsearch version 6.0.0-beta1
- Elasticsearch version 6.0.0-alpha2
- Elasticsearch version 6.0.0-alpha1
- Elasticsearch version 6.0.0-alpha1 (Changes previously released in 5.x)
Job Statistics
editJob Statistics
editThe get job statistics API provides information about the operational progress of a job.
-
assignment_explanation
- (string) For open jobs only, contains messages relating to the selection of a node to run the job.
-
data_counts
- (object) An object that describes the number of records processed and any related error counts. See data counts objects.
-
job_id
- (string) A unique identifier for the job.
-
model_size_stats
- (object) An object that provides information about the size and contents of the model. See model size stats objects
-
node
- (object) For open jobs only, contains information about the node where the job runs. See node object.
-
open_time
-
(string) For open jobs only, the elapsed time for which the job has been open.
For example,
28746386s
. -
state
-
(string) The status of the job, which can be one of the following values:
-
opened
- The job is available to receive and process data.
-
closed
- The job finished successfully with its model state persisted. The job must be opened before it can accept further data.
-
closing
- The job close action is in progress and has not yet completed. A closing job cannot accept further data.
-
failed
- The job did not finish successfully due to an error. This situation can occur due to invalid input data. If the job had irrevocably failed, it must be force closed and then deleted. If the datafeed can be corrected, the job can be closed and then re-opened.
-
opening
- The job open action is in progress and has not yet completed.
-
Data Counts Objects
editThe data_counts
object describes the number of records processed
and any related error counts.
The data_count
values are cumulative for the lifetime of a job. If a model snapshot is reverted
or old results are deleted, the job counts are not reset.
-
bucket_count
- (long) The number of bucket results produced by the job.
-
earliest_record_timestamp
- (date) The timestamp of the earliest chronologically input document.
-
empty_bucket_count
-
(long) The number of buckets which did not contain any data. If your data contains many
empty buckets, consider increasing your
bucket_span
or using functions that are tolerant to gaps in data such asmean
,non_null_sum
ornon_zero_count
. -
input_bytes
- (long) The number of raw bytes read by the job.
-
input_field_count
- (long) The total number of record fields read by the job. This count includes fields that are not used in the analysis.
-
input_record_count
- (long) The number of data records read by the job.
-
invalid_date_count
- (long) The number of records with either a missing date field or a date that could not be parsed.
-
job_id
- (string) A unique identifier for the job.
-
last_data_time
- (date) The timestamp at which data was last analyzed, according to server time.
-
latest_empty_bucket_timestamp
- (date) The timestamp of the last bucket that did not contain any data.
-
latest_record_timestamp
- (date) The timestamp of the latest chronologically input document.
-
latest_sparse_bucket_timestamp
- (date) The timestamp of the last bucket that was considered sparse.
-
missing_field_count
-
(long) The number of records that are missing a field that the job is
configured to analyze. Records with missing fields are still processed because
it is possible that not all fields are missing. The value of
processed_record_count
includes this count.
If you are using datafeeds or posting data to the job in JSON format, a
high missing_field_count
is often not an indication of data issues. It is not
necessarily a cause for concern.
-
out_of_order_timestamp_count
- (long) The number of records that are out of time sequence and outside of the latency window. This information is applicable only when you provide data to the job by using the post data API. These out of order records are discarded, since jobs require time series data to be in ascending chronological order.
-
processed_field_count
- (long) The total number of fields in all the records that have been processed by the job. Only fields that are specified in the detector configuration object contribute to this count. The time stamp is not included in this count.
-
processed_record_count
-
(long) The number of records that have been processed by the job.
This value includes records with missing fields, since they are nonetheless
analyzed.
If you use datafeeds and have aggregations in your search query, theprocessed_record_count
will be the number of aggregated records processed, not the number of Elasticsearch documents. -
sparse_bucket_count
-
(long) The number of buckets that contained few data points compared to the
expected number of data points. If your data contains many sparse buckets,
consider using a longer
bucket_span
.
Model Size Stats Objects
editThe model_size_stats
object has the following properties:
-
bucket_allocation_failures_count
-
(long) The number of buckets for which new entities in incoming data were not
processed due to insufficient model memory. This situation is also signified
by a
hard_limit: memory_status
property value. -
job_id
- (string) A numerical character string that uniquely identifies the job.
-
log_time
-
(date) The timestamp of the
model_size_stats
according to server time. -
memory_status
-
(string) The status of the mathematical models. This property can have one of the following values:
-
ok
- The models stayed below the configured value.
-
soft_limit
- The models used more than 60% of the configured memory limit and older unused models will be pruned to free up space.
-
hard_limit
- The models used more space than the configured memory limit. As a result, not all incoming data was processed.
-
-
model_bytes
- (long) The number of bytes of memory used by the models. This is the maximum value since the last time the model was persisted. If the job is closed, this value indicates the latest size.
-
result_type
- (string) For internal use. The type of result.
-
total_by_field_count
-
(long) The number of
by
field values that were analyzed by the models.+
The by
field values are counted separately for each detector and partition.
-
total_over_field_count
-
(long) The number of
over
field values that were analyzed by the models.+
The over
field values are counted separately for each detector and partition.
-
total_partition_field_count
-
(long) The number of
partition
field values that were analyzed by the models. -
timestamp
-
(date) The timestamp of the
model_size_stats
according to the timestamp of the data.
Node Objects
editThe node
objects contains properties for the node that runs the job.
This information is available only for open jobs.
-
id
- (string) The unique identifier of the node.
-
name
- (string) The node name.
-
ephemeral_id
- (string) The ephemeral id of the node.
-
transport_address
- (string) The host and port where transport HTTP connections are accepted.
-
attributes
- (object) For example, {"ml.max_open_jobs": "10"}.
ElasticON events are back!
Learn about the Elastic Search AI Platform from the experts at our live events.
Register now