- Elasticsearch Guide: other versions:
- What is Elasticsearch?
- What’s new in 7.10
- Getting started with Elasticsearch
- Set up Elasticsearch
- Installing Elasticsearch
- Configuring Elasticsearch
- Setting JVM options
- Secure settings
- Auditing settings
- Circuit breaker settings
- Cluster-level shard allocation and routing settings
- Cross-cluster replication settings
- Discovery and cluster formation settings
- Field data cache settings
- HTTP
- Index lifecycle management settings
- Index management settings
- Index recovery settings
- Indexing buffer settings
- License settings
- Local gateway settings
- Logging
- Machine learning settings
- Monitoring settings
- Node
- Network settings
- Node query cache settings
- Search settings
- Security settings
- Shard request cache settings
- Snapshot lifecycle management settings
- Transforms settings
- Transport
- Thread pools
- Watcher settings
- Important Elasticsearch configuration
- Important System Configuration
- Bootstrap Checks
- Heap size check
- File descriptor check
- Memory lock check
- Maximum number of threads check
- Max file size check
- Maximum size virtual memory check
- Maximum map count check
- Client JVM check
- Use serial collector check
- System call filter check
- OnError and OnOutOfMemoryError checks
- Early-access check
- G1GC check
- All permission check
- Discovery configuration check
- Bootstrap Checks for X-Pack
- Starting Elasticsearch
- Stopping Elasticsearch
- Discovery and cluster formation
- Add and remove nodes in your cluster
- Full-cluster restart and rolling restart
- Remote clusters
- Set up X-Pack
- Configuring X-Pack Java Clients
- Plugins
- Upgrade Elasticsearch
- Index modules
- Mapping
- Text analysis
- Overview
- Concepts
- Configure text analysis
- Built-in analyzer reference
- Tokenizer reference
- Token filter reference
- Apostrophe
- ASCII folding
- CJK bigram
- CJK width
- Classic
- Common grams
- Conditional
- Decimal digit
- Delimited payload
- Dictionary decompounder
- Edge n-gram
- Elision
- Fingerprint
- Flatten graph
- Hunspell
- Hyphenation decompounder
- Keep types
- Keep words
- Keyword marker
- Keyword repeat
- KStem
- Length
- Limit token count
- Lowercase
- MinHash
- Multiplexer
- N-gram
- Normalization
- Pattern capture
- Pattern replace
- Phonetic
- Porter stem
- Predicate script
- Remove duplicates
- Reverse
- Shingle
- Snowball
- Stemmer
- Stemmer override
- Stop
- Synonym
- Synonym graph
- Trim
- Truncate
- Unique
- Uppercase
- Word delimiter
- Word delimiter graph
- Character filters reference
- Normalizers
- Index templates
- Data streams
- Ingest node
- Search your data
- Query DSL
- Aggregations
- Bucket aggregations
- Adjacency matrix
- Auto-interval date histogram
- Children
- Composite
- Date histogram
- Date range
- Diversified sampler
- Filter
- Filters
- Geo-distance
- Geohash grid
- Geotile grid
- Global
- Histogram
- IP range
- Missing
- Nested
- Parent
- Range
- Rare terms
- Reverse nested
- Sampler
- Significant terms
- Significant text
- Terms
- Variable width histogram
- Subtleties of bucketing range fields
- Metrics aggregations
- Pipeline aggregations
- Bucket aggregations
- EQL
- SQL access
- Overview
- Getting Started with SQL
- Conventions and Terminology
- Security
- SQL REST API
- SQL Translate API
- SQL CLI
- SQL JDBC
- SQL ODBC
- SQL Client Applications
- SQL Language
- Functions and Operators
- Comparison Operators
- Logical Operators
- Math Operators
- Cast Operators
- LIKE and RLIKE Operators
- Aggregate Functions
- Grouping Functions
- Date/Time and Interval Functions and Operators
- Full-Text Search Functions
- Mathematical Functions
- String Functions
- Type Conversion Functions
- Geo Functions
- Conditional Functions And Expressions
- System Functions
- Reserved keywords
- SQL Limitations
- Scripting
- Data management
- ILM: Manage the index lifecycle
- Overview
- Concepts
- Automate rollover
- Manage Filebeat time-based indices
- Index lifecycle actions
- Configure a lifecycle policy
- Migrate index allocation filters to node roles
- Resolve lifecycle policy execution errors
- Start and stop index lifecycle management
- Manage existing indices
- Skip rollover
- Restore a managed data stream or index
- Monitor a cluster
- Frozen indices
- Roll up or transform your data
- Set up a cluster for high availability
- Snapshot and restore
- Secure a cluster
- Overview
- Configuring security
- User authentication
- Built-in users
- Internal users
- Token-based authentication services
- Realms
- Realm chains
- Active Directory user authentication
- File-based user authentication
- LDAP user authentication
- Native user authentication
- OpenID Connect authentication
- PKI user authentication
- SAML authentication
- Kerberos authentication
- Integrating with other authentication systems
- Enabling anonymous access
- Controlling the user cache
- Configuring SAML single-sign-on on the Elastic Stack
- Configuring single sign-on to the Elastic Stack using OpenID Connect
- User authorization
- Built-in roles
- Defining roles
- Granting access to Stack Management features
- Security privileges
- Document level security
- Field level security
- Granting privileges for data streams and index aliases
- Mapping users and groups to roles
- Setting up field and document level security
- Submitting requests on behalf of other users
- Configuring authorization delegation
- Customizing roles and authorization
- Enabling audit logging
- Encrypting communications
- Restricting connections with IP filtering
- Cross cluster search, clients, and integrations
- Tutorial: Getting started with security
- Tutorial: Encrypting communications
- Troubleshooting
- Some settings are not returned via the nodes settings API
- Authorization exceptions
- Users command fails due to extra arguments
- Users are frequently locked out of Active Directory
- Certificate verification fails for curl on Mac
- SSLHandshakeException causes connections to fail
- Common SSL/TLS exceptions
- Common Kerberos exceptions
- Common SAML issues
- Internal Server Error in Kibana
- Setup-passwords command fails due to connection failure
- Failures due to relocation of the configuration files
- Limitations
- Watch for cluster and index events
- Command line tools
- How To
- Glossary of terms
- REST APIs
- API conventions
- Compact and aligned text (CAT) APIs
- cat aliases
- cat allocation
- cat anomaly detectors
- cat count
- cat data frame analytics
- cat datafeeds
- cat fielddata
- cat health
- cat indices
- cat master
- cat nodeattrs
- cat nodes
- cat pending tasks
- cat plugins
- cat recovery
- cat repositories
- cat segments
- cat shards
- cat snapshots
- cat task management
- cat templates
- cat thread pool
- cat trained model
- cat transforms
- Cluster APIs
- Cluster allocation explain
- Cluster get settings
- Cluster health
- Cluster reroute
- Cluster state
- Cluster stats
- Cluster update settings
- Nodes feature usage
- Nodes hot threads
- Nodes info
- Nodes reload secure settings
- Nodes stats
- Pending cluster tasks
- Remote cluster info
- Task management
- Voting configuration exclusions
- Cross-cluster replication APIs
- Data stream APIs
- Document APIs
- Enrich APIs
- Graph explore API
- Index APIs
- Add index alias
- Analyze
- Clear cache
- Clone index
- Close index
- Create index
- Delete index
- Delete index alias
- Delete component template
- Delete index template
- Delete index template (legacy)
- Flush
- Force merge
- Freeze index
- Get component template
- Get field mapping
- Get index
- Get index alias
- Get index settings
- Get index template
- Get index template (legacy)
- Get mapping
- Index alias exists
- Index exists
- Index recovery
- Index segments
- Index shard stores
- Index stats
- Index template exists (legacy)
- Open index
- Put index template
- Put index template (legacy)
- Put component template
- Put mapping
- Refresh
- Rollover index
- Shrink index
- Simulate index
- Simulate template
- Split index
- Synced flush
- Type exists
- Unfreeze index
- Update index alias
- Update index settings
- Resolve index
- List dangling indices
- Import dangling index
- Delete dangling index
- Index lifecycle management APIs
- Ingest APIs
- Info API
- Licensing APIs
- Machine learning anomaly detection APIs
- Add events to calendar
- Add jobs to calendar
- Close jobs
- Create jobs
- Create calendars
- Create datafeeds
- Create filters
- Delete calendars
- Delete datafeeds
- Delete events from calendar
- Delete filters
- Delete forecasts
- Delete jobs
- Delete jobs from calendar
- Delete model snapshots
- Delete expired data
- Estimate model memory
- Find file structure
- Flush jobs
- Forecast jobs
- Get buckets
- Get calendars
- Get categories
- Get datafeeds
- Get datafeed statistics
- Get influencers
- Get jobs
- Get job statistics
- Get machine learning info
- Get model snapshots
- Get overall buckets
- Get scheduled events
- Get filters
- Get records
- Open jobs
- Post data to jobs
- Preview datafeeds
- Revert model snapshots
- Set upgrade mode
- Start datafeeds
- Stop datafeeds
- Update datafeeds
- Update filters
- Update jobs
- Update model snapshots
- Machine learning data frame analytics APIs
- Create data frame analytics jobs
- Create trained models
- Update data frame analytics jobs
- Delete data frame analytics jobs
- Delete trained models
- Evaluate data frame analytics
- Explain data frame analytics
- Get data frame analytics jobs
- Get data frame analytics jobs stats
- Get trained models
- Get trained models stats
- Start data frame analytics jobs
- Stop data frame analytics jobs
- Migration APIs
- Reload search analyzers API
- Repositories metering APIs
- Rollup APIs
- Search APIs
- Searchable snapshots APIs
- Security APIs
- Authenticate
- Change passwords
- Clear cache
- Clear roles cache
- Clear privileges cache
- Clear API key cache
- Create API keys
- Create or update application privileges
- Create or update role mappings
- Create or update roles
- Create or update users
- Delegate PKI authentication
- Delete application privileges
- Delete role mappings
- Delete roles
- Delete users
- Disable users
- Enable users
- Get API key information
- Get application privileges
- Get builtin privileges
- Get role mappings
- Get roles
- Get token
- Get users
- Grant API keys
- Has privileges
- Invalidate API key
- Invalidate token
- OpenID Connect prepare authentication
- OpenID Connect authenticate
- OpenID Connect logout
- SAML prepare authentication
- SAML authenticate
- SAML logout
- SAML invalidate
- SSL certificate
- Snapshot and restore APIs
- Snapshot lifecycle management APIs
- Transform APIs
- Usage API
- Watcher APIs
- Definitions
- Migration guide
- Release notes
- Elasticsearch version 7.10.2
- Elasticsearch version 7.10.1
- Elasticsearch version 7.10.0
- Elasticsearch version 7.9.3
- Elasticsearch version 7.9.2
- Elasticsearch version 7.9.1
- Elasticsearch version 7.9.0
- Elasticsearch version 7.8.1
- Elasticsearch version 7.8.0
- Elasticsearch version 7.7.1
- Elasticsearch version 7.7.0
- Elasticsearch version 7.6.2
- Elasticsearch version 7.6.1
- Elasticsearch version 7.6.0
- Elasticsearch version 7.5.2
- Elasticsearch version 7.5.1
- Elasticsearch version 7.5.0
- Elasticsearch version 7.4.2
- Elasticsearch version 7.4.1
- Elasticsearch version 7.4.0
- Elasticsearch version 7.3.2
- Elasticsearch version 7.3.1
- Elasticsearch version 7.3.0
- Elasticsearch version 7.2.1
- Elasticsearch version 7.2.0
- Elasticsearch version 7.1.1
- Elasticsearch version 7.1.0
- Elasticsearch version 7.0.0
- Elasticsearch version 7.0.0-rc2
- Elasticsearch version 7.0.0-rc1
- Elasticsearch version 7.0.0-beta1
- Elasticsearch version 7.0.0-alpha2
- Elasticsearch version 7.0.0-alpha1
- Dependencies and versions
Create data frame analytics jobs API
editCreate data frame analytics jobs API
editInstantiates a data frame analytics job.
This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
Request
editPUT _ml/data_frame/analytics/<data_frame_analytics_id>
Prerequisites
editIf the Elasticsearch security features are enabled, you must have the following built-in roles and privileges:
-
machine_learning_admin
-
source indices:
read
,view_index_metadata
-
destination index:
read
,create_index
,manage
andindex
For more information, see Built-in roles, Security privileges, and Machine learning security privileges.
The data frame analytics job remembers which roles the user who created it had at the time of creation. When you start the job, it performs the analysis using those same roles. If you provide secondary authorization headers, those credentials are used instead.
Description
editThis API creates a data frame analytics job that performs an analysis on the source indices and stores the outcome in a destination index.
If the destination index does not exist, it is created automatically when you start the job. See Start data frame analytics jobs.
If you supply only a subset of the regression or classification parameters, hyperparameter optimization occurs. It determines a value for each of the undefined parameters.
Path parameters
edit-
<data_frame_analytics_id>
- (Required, string) Identifier for the data frame analytics job. This identifier can contain lowercase alphanumeric characters (a-z and 0-9), hyphens, and underscores. It must start and end with alphanumeric characters.
Request body
edit-
allow_lazy_start
-
(Optional, Boolean)
Specifies whether this job can start when there is insufficient machine learning node
capacity for it to be immediately assigned to a node. The default is
false
; if a machine learning node with capacity to run the job cannot immediately be found, the Start data frame analytics jobs API returns an error. However, this is also subject to the cluster-widexpack.ml.max_lazy_ml_nodes
setting. See Advanced machine learning settings. If this option is set totrue
, the API does not return an error and the job waits in thestarting
state until sufficient machine learning node capacity is available.
-
analysis
-
(Required, object) The analysis configuration, which contains the information necessary to perform one of the following types of analysis: classification, outlier detection, or regression.
Properties of
analysis
-
classification
-
(Required*, object) The configuration information necessary to perform classification.
Advanced parameters are for fine-tuning classification analysis. They are set automatically by hyperparameter optimization to give the minimum validation error. It is highly recommended to use the default values unless you fully understand the function of these parameters.
Properties of
classification
-
class_assignment_objective
-
(Optional, string)
Defines the objective to optimize when assigning class labels:
maximize_accuracy
ormaximize_minimum_recall
. When maximizing accuracy, class labels are chosen to maximize the number of correct predictions. When maximizing minimum recall, labels are chosen to maximize the minimum recall for any class. Defaults tomaximize_minimum_recall
. -
dependent_variable
-
(Required, string)
Defines which field of the document is to be predicted. This parameter is supplied by field name and must match one of the fields in the index being used to train. If this field is missing from a document, then that document will not be used for training, but a prediction with the trained model will be generated for it. It is also known as continuous target variable.
The data type of the field must be numeric (
integer
,short
,long
,byte
), categorical (ip
orkeyword
), or boolean. There must be no more than 30 different values in this field. -
eta
- (Optional, double) Advanced configuration option. The shrinkage applied to the weights. Smaller values result in larger forests which have a better generalization error. However, the smaller the value the longer the training will take. For more information, about shrinkage, see this wiki article. By default, this value is calcuated during hyperparameter optimization.
-
feature_bag_fraction
- (Optional, double) Advanced configuration option. Defines the fraction of features that will be used when selecting a random bag for each candidate split. By default, this value is calculated during hyperparameter optimization.
-
feature_processors
-
(Optional, list) Advanced configuration option. A collection of feature preprocessors that modify one or more included fields. The analysis uses the resulting one or more features instead of the original document field. Multiple
feature_processors
entries can refer to the same document fields. Automatic categorical feature encoding still occurs for the fields that are unprocessed by a custom processor or that have categorical values. Only use this if you want to override the automatic feature encoding of the specified fields. Refer to data frame analytics feature processors to learn more.Properties of
feature_processors
-
frequency_encoding
-
(object) The configuration information necessary to perform frequency encoding.
Properties of
frequency_encoding
-
feature_name
- (Required, string) The resulting feature name.
-
field
- (Required, string) The name of the field to encode.
-
frequency_map
-
(Required, object)
The resulting frequency map for the field value. If the field value is missing
from the
frequency_map
, the resulting value is0
.
-
-
n_gram_encoding
-
(object) The configuration information necessary to perform n-gram encoding. Features written out by this encoder have the following name format:
<feature_prefix>.<ngram><string position>
. For example, if thefeature_prefix
isf
, the feature name for the second unigram in a string isf.11
.Properties of
n_gram_encoding
-
feature_prefix
-
(Optional, string)
The feature name prefix. Defaults to
ngram_<start>_<length>
. -
field
- (Required, string) The name of the text field to encode.
-
length
-
(Optional, integer)
Specifies the length of the n-gram substring. Defaults to
50
. Must be greater than0
. -
n_grams
- (Required, array) Specifies which n-grams to gather. It’s an array of integer values where the minimum value is 1, and a maximum value is 5.
-
start
-
(Optional, integer)
Specifies the zero-indexed start of the n-gram substring. Negative values are
allowed for encoding n-grams of string suffixes. Defaults to
0
.
-
-
one_hot_encoding
-
(object) The configuration information necessary to perform one hot encoding.
Properties of
one_hot_encoding
-
field
- (Required, string) The name of the field to encode.
-
hot_map
- (Required, string) The one hot map mapping the field value with the column name.
-
-
target_mean_encoding
-
(object) The configuration information necessary to perform target mean encoding.
Properties of
target_mean_encoding
-
default_value
-
(Required, integer)
The default value if field value is not found in the
target_map
. -
feature_name
- (Required, string) The resulting feature name.
-
field
- (Required, string) The name of the field to encode.
-
target_map
- (Required, object) The field value to target mean transition map.
-
-
-
gamma
- (Optional, double) Advanced configuration option. Regularization parameter to prevent overfitting on the training data set. Multiplies a linear penalty associated with the size of individual trees in the forest. The higher the value the more training will prefer smaller trees. The smaller this parameter the larger individual trees will be and the longer training will take. By default, this value is calculated during hyperparameter optimization.
-
lambda
- (Optional, double) Advanced configuration option. Regularization parameter to prevent overfitting on the training data set. Multiplies an L2 regularisation term which applies to leaf weights of the individual trees in the forest. The higher the value the more training will attempt to keep leaf weights small. This makes the prediction function smoother at the expense of potentially not being able to capture relevant relationships between the features and the dependent variable. The smaller this parameter the larger individual trees will be and the longer training will take. By default, this value is calculated during hyperparameter optimization.
-
max_trees
- (Optional, integer) Advanced configuration option. Defines the maximum number of trees the forest is allowed to contain. The maximum value is 2000. By default, this value is calculated during hyperparameter optimization.
-
num_top_classes
-
(Optional, integer) Defines the number of categories for which the predicted probabilities are reported. It must be non-negative or -1. If it is -1 or greater than the total number of categories, probabilities are reported for all categories; if you have a large number of categories, there could be a significant effect on the size of your destination index. Defaults to 2.
To use the AUC ROC evaluation method,
num_top_classes
must be set to-1
or a value greater than or equal to the total number of categories. -
num_top_feature_importance_values
- (Optional, integer) Advanced configuration option. Specifies the maximum number of feature importance values per document to return. By default, it is zero and no feature importance calculation occurs.
-
prediction_field_name
-
(Optional, string)
Defines the name of the prediction field in the results.
Defaults to
<dependent_variable>_prediction
. -
randomize_seed
-
(Optional, long)
Defines the seed to the random generator that is used to pick
which documents will be used for training. By default it is randomly generated.
Set it to a specific value to ensure the same documents are used for training
assuming other related parameters (e.g.
source
,analyzed_fields
, etc.) are the same. -
training_percent
-
(Optional, integer)
Defines what percentage of the eligible documents that will
be used for training. Documents that are ignored by the analysis (for example
those that contain arrays with more than one value) won’t be included in the
calculation for used percentage. Defaults to
100
.
-
-
outlier_detection
-
(Required*, object) The configuration information necessary to perform outlier detection:
Properties of
outlier_detection
-
compute_feature_influence
-
(Optional, Boolean)
Specifies whether the feature influence calculation is enabled. Defaults to
true
. -
feature_influence_threshold
-
(Optional, double)
The minimum outlier score that a document needs to have to calculate its feature
influence score. Value range: 0-1 (
0.1
by default). -
method
-
(Optional, string)
The method that outlier detection uses. Available methods are
lof
,ldof
,distance_kth_nn
,distance_knn
, andensemble
. The default value isensemble
, which means that outlier detection uses an ensemble of different methods and normalises and combines their individual outlier scores to obtain the overall outlier score. -
n_neighbors
- (Optional, integer) Defines the value for how many nearest neighbors each method of outlier detection uses to calculate its outlier score. When the value is not set, different values are used for different ensemble members. This deafault behavior helps improve the diversity in the ensemble; only override it if you are confident that the value you choose is appropriate for the data set.
-
outlier_fraction
- (Optional, double) The proportion of the data set that is assumed to be outlying prior to outlier detection. For example, 0.05 means it is assumed that 5% of values are real outliers and 95% are inliers.
-
standardization_enabled
-
(Optional, Boolean)
If
true
, the following operation is performed on the columns before computing outlier scores: (x_i - mean(x_i)) / sd(x_i). Defaults totrue
. For more information about this concept, see Wikipedia.
-
-
regression
-
(Required*, object) The configuration information necessary to perform regression.
Advanced parameters are for fine-tuning regression analysis. They are set automatically by hyperparameter optimization to give minimum validation error. It is highly recommended to use the default values unless you fully understand the function of these parameters.
Properties of
regression
-
dependent_variable
-
(Required, string)
Defines which field of the document is to be predicted. This parameter is supplied by field name and must match one of the fields in the index being used to train. If this field is missing from a document, then that document will not be used for training, but a prediction with the trained model will be generated for it. It is also known as continuous target variable.
The data type of the field must be numeric.
-
eta
- (Optional, double) Advanced configuration option. The shrinkage applied to the weights. Smaller values result in larger forests which have a better generalization error. However, the smaller the value the longer the training will take. For more information, about shrinkage, see this wiki article. By default, this value is calcuated during hyperparameter optimization.
-
feature_bag_fraction
- (Optional, double) Advanced configuration option. Defines the fraction of features that will be used when selecting a random bag for each candidate split. By default, this value is calculated during hyperparameter optimization.
-
feature_processors
-
(Optional, list)
Advanced configuration option.
A collection of feature preprocessors that modify one or more included fields.
The analysis uses the resulting one or more features instead of the
original document field. Multiple
feature_processors
entries can refer to the same document fields. Automatic categorical feature encoding still occurs for the fields that are unprocessed by a custom processor or that have categorical values. Only use this if you want to override the automatic feature encoding of the specified fields. Refer to data frame analytics feature processors to learn more. -
gamma
- (Optional, double) Advanced configuration option. Regularization parameter to prevent overfitting on the training data set. Multiplies a linear penalty associated with the size of individual trees in the forest. The higher the value the more training will prefer smaller trees. The smaller this parameter the larger individual trees will be and the longer training will take. By default, this value is calculated during hyperparameter optimization.
-
lambda
- (Optional, double) Advanced configuration option. Regularization parameter to prevent overfitting on the training data set. Multiplies an L2 regularisation term which applies to leaf weights of the individual trees in the forest. The higher the value the more training will attempt to keep leaf weights small. This makes the prediction function smoother at the expense of potentially not being able to capture relevant relationships between the features and the dependent variable. The smaller this parameter the larger individual trees will be and the longer training will take. By default, this value is calculated during hyperparameter optimization.
-
loss_function
-
(Optional, string)
The loss function used during regression. Available options are
mse
(mean squared error),msle
(mean squared logarithmic error),huber
(Pseudo-Huber loss). Defaults tomse
. Refer to Loss functions for regression analyses to learn more. -
loss_function_parameter
-
(Optional, double)
A positive number that is used as a parameter to the
loss_function
. -
max_trees
- (Optional, integer) Advanced configuration option. Defines the maximum number of trees the forest is allowed to contain. The maximum value is 2000. By default, this value is calculated during hyperparameter optimization.
-
num_top_feature_importance_values
- (Optional, integer) Advanced configuration option. Specifies the maximum number of feature importance values per document to return. By default, it is zero and no feature importance calculation occurs.
-
prediction_field_name
-
(Optional, string)
Defines the name of the prediction field in the results.
Defaults to
<dependent_variable>_prediction
. -
randomize_seed
-
(Optional, long)
Defines the seed to the random generator that is used to pick
which documents will be used for training. By default it is randomly generated.
Set it to a specific value to ensure the same documents are used for training
assuming other related parameters (e.g.
source
,analyzed_fields
, etc.) are the same. -
training_percent
-
(Optional, integer)
Defines what percentage of the eligible documents that will
be used for training. Documents that are ignored by the analysis (for example
those that contain arrays with more than one value) won’t be included in the
calculation for used percentage. Defaults to
100
.
-
-
-
analyzed_fields
-
(Optional, object) Specify
includes
and/orexcludes
patterns to select which fields will be included in the analysis. The patterns specified inexcludes
are applied last, thereforeexcludes
takes precedence. In other words, if the same field is specified in bothincludes
andexcludes
, then the field will not be included in the analysis.The supported fields for each type of analysis are as follows:
-
Outlier detection requires numeric or boolean data to analyze. The algorithms
don’t support missing values therefore fields that have data types other than
numeric or boolean are ignored. Documents where included fields contain missing
values, null values, or an array are also ignored. Therefore the
dest
index may contain documents that don’t have an outlier score. -
Regression supports fields that are numeric,
boolean
,text
,keyword
, andip
. It is also tolerant of missing values. Fields that are supported are included in the analysis, other fields are ignored. Documents where included fields contain an array with two or more values are also ignored. Documents in thedest
index that don’t contain a results field are not included in the regression analysis. -
Classification supports fields that are numeric,
boolean
,text
,keyword
, andip
. It is also tolerant of missing values. Fields that are supported are included in the analysis, other fields are ignored. Documents where included fields contain an array with two or more values are also ignored. Documents in thedest
index that don’t contain a results field are not included in the classification analysis. Classification analysis can be improved by mapping ordinal variable values to a single number. For example, in case of age ranges, you can model the values as "0-14" = 0, "15-24" = 1, "25-34" = 2, and so on.
If
analyzed_fields
is not set, only the relevant fields will be included. For example, all the numeric fields for outlier detection. For more information about field selection, see Explain data frame analytics.Properties of
analyzed_fields
-
excludes
-
(Optional, array)
An array of strings that defines the fields that will be excluded from the
analysis. You do not need to add fields with unsupported data types to
excludes
, these fields are excluded from the analysis automatically. -
includes
- (Optional, array) An array of strings that defines the fields that will be included in the analysis.
-
Outlier detection requires numeric or boolean data to analyze. The algorithms
don’t support missing values therefore fields that have data types other than
numeric or boolean are ignored. Documents where included fields contain missing
values, null values, or an array are also ignored. Therefore the
-
description
- (Optional, string) A description of the job.
-
dest
-
(Required, object) The destination configuration, consisting of
index
and optionallyresults_field
(ml
by default).Properties of
dest
-
index
- (Required, string) Defines the destination index to store the results of the data frame analytics job.
-
results_field
-
(Optional, string) Defines the name of the field in which to store the results
of the analysis. Defaults to
ml
.
-
-
max_num_threads
-
(Optional, integer)
The maximum number of threads to be used by the analysis.
The default value is
1
. Using more threads may decrease the time necessary to complete the analysis at the cost of using more CPU. Note that the process may use additional threads for operational functionality other than the analysis itself. -
model_memory_limit
-
(Optional, string)
The approximate maximum amount of memory resources that are permitted for
analytical processing. The default value for data frame analytics jobs is
1gb
. If yourelasticsearch.yml
file contains anxpack.ml.max_model_memory_limit
setting, an error occurs when you try to create data frame analytics jobs that havemodel_memory_limit
values greater than that setting. For more information, see Machine learning settings. -
source
-
(object) The configuration of how to source the analysis data. It requires an
index
. Optionally,query
and_source
may be specified.Properties of
source
-
index
-
(Required, string or array) Index or indices on which to perform the analysis. It can be a single index or index pattern as well as an array of indices or patterns.
If your source indices contain documents with the same IDs, only the document that is indexed last appears in the destination index.
-
query
-
(Optional, object) The Elasticsearch query domain-specific language (DSL).
This value corresponds to the query object in an Elasticsearch search POST body. All the
options that are supported by Elasticsearch can be used, as this object is passed
verbatim to Elasticsearch. By default, this property has the following value:
{"match_all": {}}
. -
_source
-
(Optional, object) Specify
includes
and/orexcludes
patterns to select which fields will be present in the destination. Fields that are excluded cannot be included in the analysis.Properties of
_source
-
includes
- (array) An array of strings that defines the fields that will be included in the destination.
-
excludes
- (array) An array of strings that defines the fields that will be excluded from the destination.
-
-
Examples
editPreprocessing actions example
editThe following example shows how to limit the scope of the analysis to certain fields, specify excluded fields in the destination index, and use a query to filter your data before analysis.
PUT _ml/data_frame/analytics/model-flight-delays-pre { "source": { "index": [ "kibana_sample_data_flights" ], "query": { "range": { "DistanceKilometers": { "gt": 0 } } }, "_source": { "includes": [], "excludes": [ "FlightDelay", "FlightDelayType" ] } }, "dest": { "index": "df-flight-delays", "results_field": "ml-results" }, "analysis": { "regression": { "dependent_variable": "FlightDelayMin", "training_percent": 90 } }, "analyzed_fields": { "includes": [], "excludes": [ "FlightNum" ] }, "model_memory_limit": "100mb" }
Source index to analyze. |
|
This query filters out entire documents that will not be present in the destination index. |
|
The |
|
Defines the destination index that contains the results of the analysis and
the fields of the source index specified in the |
|
Specifies fields to be included in or excluded from the analysis. This does not affect whether the fields will be present in the destination index, only affects whether they are used in the analysis. |
In this example, we can see that all the fields of the source index are included
in the destination index except FlightDelay
and FlightDelayType
because
these are defined as excluded fields by the excludes
parameter of the
_source
object. The FlightNum
field is included in the destination index,
however it is not included in the analysis because it is explicitly specified as
excluded field by the excludes
parameter of the analyzed_fields
object.
Outlier detection example
editThe following example creates the loganalytics
data frame analytics job, the analysis
type is outlier_detection
:
PUT _ml/data_frame/analytics/loganalytics { "description": "Outlier detection on log data", "source": { "index": "logdata" }, "dest": { "index": "logdata_out" }, "analysis": { "outlier_detection": { "compute_feature_influence": true, "outlier_fraction": 0.05, "standardization_enabled": true } } }
The API returns the following result:
{ "id": "loganalytics", "description": "Outlier detection on log data", "source": { "index": ["logdata"], "query": { "match_all": {} } }, "dest": { "index": "logdata_out", "results_field": "ml" }, "analysis": { "outlier_detection": { "compute_feature_influence": true, "outlier_fraction": 0.05, "standardization_enabled": true } }, "model_memory_limit": "1gb", "create_time" : 1562265491319, "version" : "7.6.0", "allow_lazy_start" : false, "max_num_threads": 1 }
Regression examples
editThe following example creates the house_price_regression_analysis
data frame analytics job, the analysis type is regression
:
PUT _ml/data_frame/analytics/house_price_regression_analysis { "source": { "index": "houses_sold_last_10_yrs" }, "dest": { "index": "house_price_predictions" }, "analysis": { "regression": { "dependent_variable": "price" } } }
The API returns the following result:
{ "id" : "house_price_regression_analysis", "source" : { "index" : [ "houses_sold_last_10_yrs" ], "query" : { "match_all" : { } } }, "dest" : { "index" : "house_price_predictions", "results_field" : "ml" }, "analysis" : { "regression" : { "dependent_variable" : "price", "training_percent" : 100 } }, "model_memory_limit" : "1gb", "create_time" : 1567168659127, "version" : "8.0.0", "allow_lazy_start" : false }
The following example creates a job and specifies a training percent:
PUT _ml/data_frame/analytics/student_performance_mathematics_0.3 { "source": { "index": "student_performance_mathematics" }, "dest": { "index":"student_performance_mathematics_reg" }, "analysis": { "regression": { "dependent_variable": "G3", "training_percent": 70, "randomize_seed": 19673948271 } } }
The percentage of the data set that is used for training the model. |
|
The seed that is used to randomly pick which data is used for training. |
The following example uses custom feature processors to transform the
categorical values for DestWeather
into numerical values using one-hot,
target-mean, and frequency encoding techniques:
PUT _ml/data_frame/analytics/flight_prices { "source": { "index": [ "kibana_sample_data_flights" ] }, "dest": { "index": "kibana_sample_flight_prices" }, "analysis": { "regression": { "dependent_variable": "AvgTicketPrice", "num_top_feature_importance_values": 2, "feature_processors": [ { "frequency_encoding": { "field": "DestWeather", "feature_name": "DestWeather_frequency", "frequency_map": { "Rain": 0.14604811155570188, "Heavy Fog": 0.14604811155570188, "Thunder & Lightning": 0.14604811155570188, "Cloudy": 0.14604811155570188, "Damaging Wind": 0.14604811155570188, "Hail": 0.14604811155570188, "Sunny": 0.14604811155570188, "Clear": 0.14604811155570188 } } }, { "target_mean_encoding": { "field": "DestWeather", "feature_name": "DestWeather_targetmean", "target_map": { "Rain": 626.5588814585794, "Heavy Fog": 626.5588814585794, "Thunder & Lightning": 626.5588814585794, "Hail": 626.5588814585794, "Damaging Wind": 626.5588814585794, "Cloudy": 626.5588814585794, "Clear": 626.5588814585794, "Sunny": 626.5588814585794 }, "default_value": 624.0249512020454 } }, { "one_hot_encoding": { "field": "DestWeather", "hot_map": { "Rain": "DestWeather_Rain", "Heavy Fog": "DestWeather_Heavy Fog", "Thunder & Lightning": "DestWeather_Thunder & Lightning", "Cloudy": "DestWeather_Cloudy", "Damaging Wind": "DestWeather_Damaging Wind", "Hail": "DestWeather_Hail", "Clear": "DestWeather_Clear", "Sunny": "DestWeather_Sunny" } } } ] } }, "analyzed_fields": { "includes": [ "AvgTicketPrice", "Cancelled", "DestWeather", "FlightDelayMin", "DistanceMiles" ] }, "model_memory_limit": "30mb" }
These custom feature processors are optional; automatic feature encoding still occurs for all categorical features.
Classification example
editThe following example creates the loan_classification
data frame analytics job, the
analysis type is classification
:
PUT _ml/data_frame/analytics/loan_classification { "source" : { "index": "loan-applicants" }, "dest" : { "index": "loan-applicants-classified" }, "analysis" : { "classification": { "dependent_variable": "label", "training_percent": 75, "num_top_classes": 2 } } }
On this page