Get buckets API

edit

Retrieves job results for one or more buckets.

Request

edit

GET _xpack/ml/anomaly_detectors/<job_id>/results/buckets

GET _xpack/ml/anomaly_detectors/<job_id>/results/buckets/<timestamp>

Description

edit

The get buckets API presents a chronological view of the records, grouped by bucket.

Path Parameters

edit
job_id
(string) Identifier for the job
timestamp
(string) The timestamp of a single bucket result. If you do not specify this optional parameter, the API returns information about all buckets.

Request Body

edit
anomaly_score
(double) Returns buckets with anomaly scores greater or equal than this value.
desc
(boolean) If true, the buckets are sorted in descending order.
end
(string) Returns buckets with timestamps earlier than this time.
exclude_interim
(boolean) If true, the output excludes interim results. By default, interim results are included.
expand
(boolean) If true, the output includes anomaly records.
page
from
(integer) Skips the specified number of buckets.
size
(integer) Specifies the maximum number of buckets to obtain.
sort
(string) Specifies the sort field for the requested buckets. By default, the buckets are sorted by the timestamp field.
start
(string) Returns buckets with timestamps after this time.

Results

edit

The API returns the following information:

buckets
(array) An array of bucket objects. For more information, see Buckets.

Authorization

edit

You must have monitor_ml, monitor, manage_ml, or manage cluster privileges to use this API. You also need read index privilege on the index that stores the results. The machine_learning_admin and machine_learning_user roles provide these privileges. For more information, see Security privileges and Built-in roles.

Examples

edit

The following example gets bucket information for the it-ops-kpi job:

GET _xpack/ml/anomaly_detectors/it-ops-kpi/results/buckets
{
  "anomaly_score": 80,
  "start": "1454530200001"
}

In this example, the API returns a single result that matches the specified score and time constraints:

{
  "count": 1,
  "buckets": [
    {
      "job_id": "it-ops-kpi",
      "timestamp": 1454943900000,
      "anomaly_score": 94.1706,
      "bucket_span": 300,
      "initial_anomaly_score": 94.1706,
      "event_count": 153,
      "is_interim": false,
      "bucket_influencers": [
        {
          "job_id": "it-ops-kpi",
          "result_type": "bucket_influencer",
          "influencer_field_name": "bucket_time",
          "initial_anomaly_score": 94.1706,
          "anomaly_score": 94.1706,
          "raw_anomaly_score": 2.32119,
          "probability": 0.00000575042,
          "timestamp": 1454943900000,
          "bucket_span": 300,
          "is_interim": false
        }
      ],
      "processing_time_ms": 2,
      "partition_scores": [],
      "result_type": "bucket"
    }
  ]
}