New

The executive guide to generative AI

Read more
About usPartnersSupport|Login
IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Get calendars API Get overall buckets API »
Elastic Docs Elasticsearch Guide [6.7] X-Pack APIs Machine learning APIs

Get buckets API

edit

Get buckets API

edit

Retrieves job results for one or more buckets.

Request

edit

GET _xpack/ml/anomaly_detectors/<job_id>/results/buckets

GET _xpack/ml/anomaly_detectors/<job_id>/results/buckets/<timestamp>

Description

edit

The get buckets API presents a chronological view of the records, grouped by bucket.

Path Parameters

edit
job_id
(string) Identifier for the job
timestamp
(string) The timestamp of a single bucket result. If you do not specify this optional parameter, the API returns information about all buckets.

Request Body

edit
anomaly_score
(double) Returns buckets with anomaly scores greater or equal than this value.
desc
(boolean) If true, the buckets are sorted in descending order.
end
(string) Returns buckets with timestamps earlier than this time.
exclude_interim
(boolean) If true, the output excludes interim results. By default, interim results are included.
expand
(boolean) If true, the output includes anomaly records.
page
from
(integer) Skips the specified number of buckets.
size
(integer) Specifies the maximum number of buckets to obtain.
sort
(string) Specifies the sort field for the requested buckets. By default, the buckets are sorted by the timestamp field.
start
(string) Returns buckets with timestamps after this time.

Results

edit

The API returns the following information:

buckets
(array) An array of bucket objects. For more information, see Buckets.

Authorization

edit

You must have monitor_ml, monitor, manage_ml, or manage cluster privileges to use this API. You also need read index privilege on the index that stores the results. The machine_learning_admin and machine_learning_user roles provide these privileges. For more information, see Security privileges and Built-in roles.

Examples

edit

The following example gets bucket information for the it-ops-kpi job:

GET _xpack/ml/anomaly_detectors/it-ops-kpi/results/buckets
{
  "anomaly_score": 80,
  "start": "1454530200001"
}
Copy as curlTry in Elastic 

In this example, the API returns a single result that matches the specified score and time constraints:

{
  "count": 1,
  "buckets": [
    {
      "job_id": "it-ops-kpi",
      "timestamp": 1454943900000,
      "anomaly_score": 94.1706,
      "bucket_span": 300,
      "initial_anomaly_score": 94.1706,
      "event_count": 153,
      "is_interim": false,
      "bucket_influencers": [
        {
          "job_id": "it-ops-kpi",
          "result_type": "bucket_influencer",
          "influencer_field_name": "bucket_time",
          "initial_anomaly_score": 94.1706,
          "anomaly_score": 94.1706,
          "raw_anomaly_score": 2.32119,
          "probability": 0.00000575042,
          "timestamp": 1454943900000,
          "bucket_span": 300,
          "is_interim": false
        }
      ],
      "processing_time_ms": 2,
      "partition_scores": [],
      "result_type": "bucket"
    }
  ]
}
« Get calendars API Get overall buckets API »
Was this helpful?
Feedback