- Elasticsearch Guide: other versions:
- What is Elasticsearch?
- What’s new in 7.10
- Getting started with Elasticsearch
- Set up Elasticsearch
- Installing Elasticsearch
- Configuring Elasticsearch
- Setting JVM options
- Secure settings
- Auditing settings
- Circuit breaker settings
- Cluster-level shard allocation and routing settings
- Cross-cluster replication settings
- Discovery and cluster formation settings
- Field data cache settings
- HTTP
- Index lifecycle management settings
- Index management settings
- Index recovery settings
- Indexing buffer settings
- License settings
- Local gateway settings
- Logging
- Machine learning settings
- Monitoring settings
- Node
- Network settings
- Node query cache settings
- Search settings
- Security settings
- Shard request cache settings
- Snapshot lifecycle management settings
- Transforms settings
- Transport
- Thread pools
- Watcher settings
- Important Elasticsearch configuration
- Important System Configuration
- Bootstrap Checks
- Heap size check
- File descriptor check
- Memory lock check
- Maximum number of threads check
- Max file size check
- Maximum size virtual memory check
- Maximum map count check
- Client JVM check
- Use serial collector check
- System call filter check
- OnError and OnOutOfMemoryError checks
- Early-access check
- G1GC check
- All permission check
- Discovery configuration check
- Bootstrap Checks for X-Pack
- Starting Elasticsearch
- Stopping Elasticsearch
- Discovery and cluster formation
- Add and remove nodes in your cluster
- Full-cluster restart and rolling restart
- Remote clusters
- Set up X-Pack
- Configuring X-Pack Java Clients
- Plugins
- Upgrade Elasticsearch
- Index modules
- Mapping
- Text analysis
- Overview
- Concepts
- Configure text analysis
- Built-in analyzer reference
- Tokenizer reference
- Token filter reference
- Apostrophe
- ASCII folding
- CJK bigram
- CJK width
- Classic
- Common grams
- Conditional
- Decimal digit
- Delimited payload
- Dictionary decompounder
- Edge n-gram
- Elision
- Fingerprint
- Flatten graph
- Hunspell
- Hyphenation decompounder
- Keep types
- Keep words
- Keyword marker
- Keyword repeat
- KStem
- Length
- Limit token count
- Lowercase
- MinHash
- Multiplexer
- N-gram
- Normalization
- Pattern capture
- Pattern replace
- Phonetic
- Porter stem
- Predicate script
- Remove duplicates
- Reverse
- Shingle
- Snowball
- Stemmer
- Stemmer override
- Stop
- Synonym
- Synonym graph
- Trim
- Truncate
- Unique
- Uppercase
- Word delimiter
- Word delimiter graph
- Character filters reference
- Normalizers
- Index templates
- Data streams
- Ingest node
- Search your data
- Query DSL
- Aggregations
- Bucket aggregations
- Adjacency matrix
- Auto-interval date histogram
- Children
- Composite
- Date histogram
- Date range
- Diversified sampler
- Filter
- Filters
- Geo-distance
- Geohash grid
- Geotile grid
- Global
- Histogram
- IP range
- Missing
- Nested
- Parent
- Range
- Rare terms
- Reverse nested
- Sampler
- Significant terms
- Significant text
- Terms
- Variable width histogram
- Subtleties of bucketing range fields
- Metrics aggregations
- Pipeline aggregations
- Bucket aggregations
- EQL
- SQL access
- Overview
- Getting Started with SQL
- Conventions and Terminology
- Security
- SQL REST API
- SQL Translate API
- SQL CLI
- SQL JDBC
- SQL ODBC
- SQL Client Applications
- SQL Language
- Functions and Operators
- Comparison Operators
- Logical Operators
- Math Operators
- Cast Operators
- LIKE and RLIKE Operators
- Aggregate Functions
- Grouping Functions
- Date/Time and Interval Functions and Operators
- Full-Text Search Functions
- Mathematical Functions
- String Functions
- Type Conversion Functions
- Geo Functions
- Conditional Functions And Expressions
- System Functions
- Reserved keywords
- SQL Limitations
- Scripting
- Data management
- ILM: Manage the index lifecycle
- Overview
- Concepts
- Automate rollover
- Manage Filebeat time-based indices
- Index lifecycle actions
- Configure a lifecycle policy
- Migrate index allocation filters to node roles
- Resolve lifecycle policy execution errors
- Start and stop index lifecycle management
- Manage existing indices
- Skip rollover
- Restore a managed data stream or index
- Monitor a cluster
- Frozen indices
- Roll up or transform your data
- Set up a cluster for high availability
- Snapshot and restore
- Secure a cluster
- Overview
- Configuring security
- User authentication
- Built-in users
- Internal users
- Token-based authentication services
- Realms
- Realm chains
- Active Directory user authentication
- File-based user authentication
- LDAP user authentication
- Native user authentication
- OpenID Connect authentication
- PKI user authentication
- SAML authentication
- Kerberos authentication
- Integrating with other authentication systems
- Enabling anonymous access
- Controlling the user cache
- Configuring SAML single-sign-on on the Elastic Stack
- Configuring single sign-on to the Elastic Stack using OpenID Connect
- User authorization
- Built-in roles
- Defining roles
- Granting access to Stack Management features
- Security privileges
- Document level security
- Field level security
- Granting privileges for data streams and index aliases
- Mapping users and groups to roles
- Setting up field and document level security
- Submitting requests on behalf of other users
- Configuring authorization delegation
- Customizing roles and authorization
- Enabling audit logging
- Encrypting communications
- Restricting connections with IP filtering
- Cross cluster search, clients, and integrations
- Tutorial: Getting started with security
- Tutorial: Encrypting communications
- Troubleshooting
- Some settings are not returned via the nodes settings API
- Authorization exceptions
- Users command fails due to extra arguments
- Users are frequently locked out of Active Directory
- Certificate verification fails for curl on Mac
- SSLHandshakeException causes connections to fail
- Common SSL/TLS exceptions
- Common Kerberos exceptions
- Common SAML issues
- Internal Server Error in Kibana
- Setup-passwords command fails due to connection failure
- Failures due to relocation of the configuration files
- Limitations
- Watch for cluster and index events
- Command line tools
- How To
- Glossary of terms
- REST APIs
- API conventions
- Compact and aligned text (CAT) APIs
- cat aliases
- cat allocation
- cat anomaly detectors
- cat count
- cat data frame analytics
- cat datafeeds
- cat fielddata
- cat health
- cat indices
- cat master
- cat nodeattrs
- cat nodes
- cat pending tasks
- cat plugins
- cat recovery
- cat repositories
- cat segments
- cat shards
- cat snapshots
- cat task management
- cat templates
- cat thread pool
- cat trained model
- cat transforms
- Cluster APIs
- Cluster allocation explain
- Cluster get settings
- Cluster health
- Cluster reroute
- Cluster state
- Cluster stats
- Cluster update settings
- Nodes feature usage
- Nodes hot threads
- Nodes info
- Nodes reload secure settings
- Nodes stats
- Pending cluster tasks
- Remote cluster info
- Task management
- Voting configuration exclusions
- Cross-cluster replication APIs
- Data stream APIs
- Document APIs
- Enrich APIs
- Graph explore API
- Index APIs
- Add index alias
- Analyze
- Clear cache
- Clone index
- Close index
- Create index
- Delete index
- Delete index alias
- Delete component template
- Delete index template
- Delete index template (legacy)
- Flush
- Force merge
- Freeze index
- Get component template
- Get field mapping
- Get index
- Get index alias
- Get index settings
- Get index template
- Get index template (legacy)
- Get mapping
- Index alias exists
- Index exists
- Index recovery
- Index segments
- Index shard stores
- Index stats
- Index template exists (legacy)
- Open index
- Put index template
- Put index template (legacy)
- Put component template
- Put mapping
- Refresh
- Rollover index
- Shrink index
- Simulate index
- Simulate template
- Split index
- Synced flush
- Type exists
- Unfreeze index
- Update index alias
- Update index settings
- Resolve index
- List dangling indices
- Import dangling index
- Delete dangling index
- Index lifecycle management APIs
- Ingest APIs
- Info API
- Licensing APIs
- Machine learning anomaly detection APIs
- Add events to calendar
- Add jobs to calendar
- Close jobs
- Create jobs
- Create calendars
- Create datafeeds
- Create filters
- Delete calendars
- Delete datafeeds
- Delete events from calendar
- Delete filters
- Delete forecasts
- Delete jobs
- Delete jobs from calendar
- Delete model snapshots
- Delete expired data
- Estimate model memory
- Find file structure
- Flush jobs
- Forecast jobs
- Get buckets
- Get calendars
- Get categories
- Get datafeeds
- Get datafeed statistics
- Get influencers
- Get jobs
- Get job statistics
- Get machine learning info
- Get model snapshots
- Get overall buckets
- Get scheduled events
- Get filters
- Get records
- Open jobs
- Post data to jobs
- Preview datafeeds
- Revert model snapshots
- Set upgrade mode
- Start datafeeds
- Stop datafeeds
- Update datafeeds
- Update filters
- Update jobs
- Update model snapshots
- Machine learning data frame analytics APIs
- Create data frame analytics jobs
- Create trained models
- Update data frame analytics jobs
- Delete data frame analytics jobs
- Delete trained models
- Evaluate data frame analytics
- Explain data frame analytics
- Get data frame analytics jobs
- Get data frame analytics jobs stats
- Get trained models
- Get trained models stats
- Start data frame analytics jobs
- Stop data frame analytics jobs
- Migration APIs
- Reload search analyzers API
- Repositories metering APIs
- Rollup APIs
- Search APIs
- Searchable snapshots APIs
- Security APIs
- Authenticate
- Change passwords
- Clear cache
- Clear roles cache
- Clear privileges cache
- Clear API key cache
- Create API keys
- Create or update application privileges
- Create or update role mappings
- Create or update roles
- Create or update users
- Delegate PKI authentication
- Delete application privileges
- Delete role mappings
- Delete roles
- Delete users
- Disable users
- Enable users
- Get API key information
- Get application privileges
- Get builtin privileges
- Get role mappings
- Get roles
- Get token
- Get users
- Grant API keys
- Has privileges
- Invalidate API key
- Invalidate token
- OpenID Connect prepare authentication
- OpenID Connect authenticate
- OpenID Connect logout
- SAML prepare authentication
- SAML authenticate
- SAML logout
- SAML invalidate
- SSL certificate
- Snapshot and restore APIs
- Snapshot lifecycle management APIs
- Transform APIs
- Usage API
- Watcher APIs
- Definitions
- Migration guide
- Release notes
- Elasticsearch version 7.10.2
- Elasticsearch version 7.10.1
- Elasticsearch version 7.10.0
- Elasticsearch version 7.9.3
- Elasticsearch version 7.9.2
- Elasticsearch version 7.9.1
- Elasticsearch version 7.9.0
- Elasticsearch version 7.8.1
- Elasticsearch version 7.8.0
- Elasticsearch version 7.7.1
- Elasticsearch version 7.7.0
- Elasticsearch version 7.6.2
- Elasticsearch version 7.6.1
- Elasticsearch version 7.6.0
- Elasticsearch version 7.5.2
- Elasticsearch version 7.5.1
- Elasticsearch version 7.5.0
- Elasticsearch version 7.4.2
- Elasticsearch version 7.4.1
- Elasticsearch version 7.4.0
- Elasticsearch version 7.3.2
- Elasticsearch version 7.3.1
- Elasticsearch version 7.3.0
- Elasticsearch version 7.2.1
- Elasticsearch version 7.2.0
- Elasticsearch version 7.1.1
- Elasticsearch version 7.1.0
- Elasticsearch version 7.0.0
- Elasticsearch version 7.0.0-rc2
- Elasticsearch version 7.0.0-rc1
- Elasticsearch version 7.0.0-beta1
- Elasticsearch version 7.0.0-alpha2
- Elasticsearch version 7.0.0-alpha1
- Dependencies and versions
Get model snapshots API
editGet model snapshots API
editRetrieves information about model snapshots.
Request
editGET _ml/anomaly_detectors/<job_id>/model_snapshots
GET _ml/anomaly_detectors/<job_id>/model_snapshots/<snapshot_id>
Prerequisites
edit-
If the Elasticsearch security features are enabled, you must have
monitor_ml
,monitor
,manage_ml
, ormanage
cluster privileges to use this API. See Security privileges and Machine learning security privileges.
Path parameters
edit-
<job_id>
- (Required, string) Identifier for the anomaly detection job.
-
<snapshot_id>
-
(Optional, string) A numerical character string that uniquely identifies the model snapshot.
You can multiple snapshots for a single job in a single API request by using a comma-separated list of
<snapshot_id>
or a wildcard expression. You can get all snapshots for all calendars by using_all
, by specifying*
as the<snapshot_id>
, or by omitting the<snapshot_id>
.
Request body
edit-
desc
- (Optional, Boolean) If true, the results are sorted in descending order.
-
end
- (Optional, date) Returns snapshots with timestamps earlier than this time.
-
from
- (Optional, integer) Skips the specified number of snapshots.
-
size
- (Optional, integer) Specifies the maximum number of snapshots to obtain.
-
sort
- (Optional, string) Specifies the sort field for the requested snapshots. By default, the snapshots are sorted by their timestamp.
-
start
- (Optional, string) Returns snapshots with timestamps after this time.
Response body
editThe API returns an array of model snapshot objects, which have the following properties:
-
description
- (string) An optional description of the job.
-
job_id
- (string) A numerical character string that uniquely identifies the job that the snapshot was created for.
-
latest_record_time_stamp
- (date) The timestamp of the latest processed record.
-
latest_result_time_stamp
- (date) The timestamp of the latest bucket result.
-
min_version
- (string) The minimum version required to be able to restore the model snapshot.
-
model_size_stats
-
(object) Summary information describing the model.
Properties of
model_size_stats
-
bucket_allocation_failures_count
- (long) The number of buckets for which entities were not processed due to memory limit constraints.
-
categorized_doc_count
- (long) The number of documents that have had a field categorized.
-
categorization_status
-
(string) The status of categorization for this job. Contains one of the following values.
-
ok
: Categorization is performing acceptably well (or not being used at all). -
warn
: Categorization is detecting a distribution of categories that suggests the input data is inappropriate for categorization. Problems could be that there is only one category, more than 90% of categories are rare, the number of categories is greater than 50% of the number of categorized documents, there are no frequently matched categories, or more than 50% of categories are dead.
-
-
dead_category_count
- (long) The number of categories created by categorization that will never be assigned again because another category’s definition makes it a superset of the dead category. (Dead categories are a side effect of the way categorization has no prior training.)
-
failed_category_count
-
(long)
The number of times that categorization wanted to create a new category but
couldn’t because the job had hit its
model_memory_limit
. This count does not track which specific categories failed to be created. Therefore you cannot use this value to determine the number of unique categories that were missed. -
frequent_category_count
- (long) The number of categories that match more than 1% of categorized documents.
-
job_id
- (string) Identifier for the anomaly detection job.
-
log_time
-
(date) The timestamp that the
model_size_stats
were recorded, according to server-time. -
memory_status
-
(string) The status of the memory in relation to its
model_memory_limit
. Contains one of the following values.-
hard_limit
: The internal models require more space that the configured memory limit. Some incoming data could not be processed. -
ok
: The internal models stayed below the configured value. -
soft_limit
: The internal models require more than 60% of the configured memory limit and more aggressive pruning will be performed in order to try to reclaim space.
-
-
model_bytes
- (long) An approximation of the memory resources required for this analysis.
-
model_bytes_exceeded
- (long) The number of bytes over the high limit for memory usage at the last allocation failure.
-
model_bytes_memory_limit
- (long) The upper limit for memory usage, checked on increasing values.
-
rare_category_count
- (long) The number of categories that match just one categorized document.
-
result_type
-
(string) Internal. This value is always
model_size_stats
. -
timestamp
-
(date) The timestamp that the
model_size_stats
were recorded, according to the bucket timestamp of the data. -
total_by_field_count
- (long) The number of by field values analyzed. Note that these are counted separately for each detector and partition.
-
total_category_count
- (long) The number of categories created by categorization.
-
total_over_field_count
- (long) The number of over field values analyzed. Note that these are counted separately for each detector and partition.
-
total_partition_field_count
- (long) The number of partition field values analyzed.
-
-
retain
-
(Boolean)
If
true
, this snapshot will not be deleted during automatic cleanup of snapshots older thanmodel_snapshot_retention_days
. However, this snapshot will be deleted when the job is deleted. The default value isfalse
. -
snapshot_id
- (string) A numerical character string that uniquely identifies the model snapshot.
-
snapshot_doc_count
- (long) For internal use only.
-
timestamp
- (date) The creation timestamp for the snapshot.
Examples
editGET _ml/anomaly_detectors/high_sum_total_sales/model_snapshots { "start": "1575402236000" }
In this example, the API provides a single result:
{ "count" : 1, "model_snapshots" : [ { "job_id" : "high_sum_total_sales", "min_version" : "6.4.0", "timestamp" : 1575402237000, "description" : "State persisted due to job close at 2019-12-03T19:43:57+0000", "snapshot_id" : "1575402237", "snapshot_doc_count" : 1, "model_size_stats" : { "job_id" : "high_sum_total_sales", "result_type" : "model_size_stats", "model_bytes" : 1638816, "model_bytes_exceeded" : 0, "model_bytes_memory_limit" : 10485760, "total_by_field_count" : 3, "total_over_field_count" : 3320, "total_partition_field_count" : 2, "bucket_allocation_failures_count" : 0, "memory_status" : "ok", "categorized_doc_count" : 0, "total_category_count" : 0, "frequent_category_count" : 0, "rare_category_count" : 0, "dead_category_count" : 0, "categorization_status" : "ok", "log_time" : 1575402237000, "timestamp" : 1576965600000 }, "latest_record_time_stamp" : 1576971072000, "latest_result_time_stamp" : 1576965600000, "retain" : false } ] }