Get anomaly detection jobs API

edit

Retrieves configuration information for anomaly detection jobs.

Request

edit

GET _ml/anomaly_detectors/<job_id>

GET _ml/anomaly_detectors/<job_id>,<job_id>

GET _ml/anomaly_detectors/

GET _ml/anomaly_detectors/_all

Prerequisites

edit

Description

edit

You can get information for multiple anomaly detection jobs in a single API request by using a group name, a comma-separated list of jobs, or a wildcard expression. You can get information for all anomaly detection jobs by using _all, by specifying * as the <job_id>, or by omitting the <job_id>.

This API returns a maximum of 10,000 jobs.

Path parameters

edit
<job_id>
(Optional, string) Identifier for the anomaly detection job. It can be a job identifier, a group name, or a wildcard expression. If you do not specify one of these options, the API returns information for all anomaly detection jobs.

Query parameters

edit
allow_no_jobs
(Optional, Boolean) [7.10] Deprecated in 7.10. Use allow_no_match instead.
allow_no_match

(Optional, Boolean) Specifies what to do when the request:

  • Contains wildcard expressions and there are no jobs that match.
  • Contains the _all string or no identifiers and there are no matches.
  • Contains wildcard expressions and there are only partial matches.

The default value is true, which returns an empty jobs array when there are no matches and the subset of results when there are partial matches. If this parameter is false, the request returns a 404 status code when there are no matches or only partial matches.

Response body

edit

The API returns an array of anomaly detection job resources. For the full list of properties, see create anomaly detection jobs API.

create_time
(string) The time the job was created. For example, 1491007356077. This property is informational; you cannot change its value.
finished_time
(string) If the job closed or failed, this is the time the job finished. Otherwise, it is null. This property is informational; you cannot change its value.
job_type
(string) Reserved for future use, currently set to anomaly_detector.
job_version
(string) The version of Elasticsearch that existed on the node when the job was created.
model_snapshot_id
(string) A numerical character string that uniquely identifies the model snapshot.

Response codes

edit
404 (Missing resources)
If allow_no_match is false, this code indicates that there are no resources that match the request or only partial matches for the request.

Examples

edit
GET _ml/anomaly_detectors/high_sum_total_sales

The API returns the following results:

{
  "count": 1,
  "jobs": [
    {
      "job_id" : "high_sum_total_sales",
      "job_type" : "anomaly_detector",
      "job_version" : "7.5.0",
      "groups" : [
        "kibana_sample_data",
        "kibana_sample_ecommerce"
      ],
      "description" : "Find customers spending an unusually high amount in an hour",
      "create_time" : 1577221534700,
      "analysis_config" : {
        "bucket_span" : "1h",
        "detectors" : [
          {
            "detector_description" : "High total sales",
            "function" : "high_sum",
            "field_name" : "taxful_total_price",
            "over_field_name" : "customer_full_name.keyword",
            "detector_index" : 0
          }
        ],
        "influencers" : [
          "customer_full_name.keyword",
          "category.keyword"
        ]
      },
      "analysis_limits" : {
        "model_memory_limit" : "10mb",
        "categorization_examples_limit" : 4
      },
      "data_description" : {
        "time_field" : "order_date",
        "time_format" : "epoch_ms"
      },
      "model_plot_config" : {
        "enabled" : true
      },
      "model_snapshot_retention_days" : 10,
      "daily_model_snapshot_retention_after_days" : 1,
      "custom_settings" : {
        "created_by" : "ml-module-sample",
        ...
      },
      "model_snapshot_id" : "1575402237",
      "results_index_name" : "shared",
      "allow_lazy_open" : false
    }
  ]
}