IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Get calendars API Get overall buckets API »
Elastic Docs Elasticsearch Guide [7.2] X-Pack APIs Machine learning APIs

Get buckets API

edit

Get buckets API

edit

Retrieves anomaly detection job results for one or more buckets.

Request

edit

GET _ml/anomaly_detectors/<job_id>/results/buckets

GET _ml/anomaly_detectors/<job_id>/results/buckets/<timestamp>

Prerequisites

edit
  • You must have monitor_ml, monitor, manage_ml, or manage cluster privileges to use this API. You also need read index privilege on the index that stores the results. The machine_learning_admin and machine_learning_user roles provide these privileges. For more information, see Security privileges and Built-in roles.

Description

edit

The get buckets API presents a chronological view of the records, grouped by bucket.

Path parameters

edit
<job_id>
(Required, string) Identifier for the anomaly detection job.
timestamp
(string) The timestamp of a single bucket result. If you do not specify this optional parameter, the API returns information about all buckets.

Request body

edit
anomaly_score
(double) Returns buckets with anomaly scores greater or equal than this value.
desc
(boolean) If true, the buckets are sorted in descending order.
end
(string) Returns buckets with timestamps earlier than this time.
exclude_interim
(boolean) If true, the output excludes interim results. By default, interim results are included.
expand
(boolean) If true, the output includes anomaly records.
page
from
(integer) Skips the specified number of buckets.
size
(integer) Specifies the maximum number of buckets to obtain.
sort
(string) Specifies the sort field for the requested buckets. By default, the buckets are sorted by the timestamp field.
start
(string) Returns buckets with timestamps after this time.

Response body

edit

The API returns the following information:

buckets
(array) An array of bucket objects. For more information, see Buckets.

Examples

edit

The following example gets bucket information for the it-ops-kpi job:

GET _ml/anomaly_detectors/it-ops-kpi/results/buckets
{
  "anomaly_score": 80,
  "start": "1454530200001"
}

In this example, the API returns a single result that matches the specified score and time constraints:

{
  "count": 1,
  "buckets": [
    {
      "job_id": "it-ops-kpi",
      "timestamp": 1454943900000,
      "anomaly_score": 94.1706,
      "bucket_span": 300,
      "initial_anomaly_score": 94.1706,
      "event_count": 153,
      "is_interim": false,
      "bucket_influencers": [
        {
          "job_id": "it-ops-kpi",
          "result_type": "bucket_influencer",
          "influencer_field_name": "bucket_time",
          "initial_anomaly_score": 94.1706,
          "anomaly_score": 94.1706,
          "raw_anomaly_score": 2.32119,
          "probability": 0.00000575042,
          "timestamp": 1454943900000,
          "bucket_span": 300,
          "is_interim": false
        }
      ],
      "processing_time_ms": 2,
      "partition_scores": [],
      "result_type": "bucket"
    }
  ]
}
« Get calendars API Get overall buckets API »