Change point aggregation
editChange point aggregation
editThis functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
A sibling pipeline that detects, spikes, dips, and change points in a metric. Given a distribution of values provided by the sibling multi-bucket aggregation, this aggregation indicates the bucket of any spike or dip and/or the bucket at which the largest change in the distribution of values, if they are statistically significant.
Parameters
edit-
buckets_path
-
(Required, string)
Path to the buckets that contain one set of values in which to detect a change point. There must be at least 22 bucketed
values. Fewer than 1,000 is preferred.
For syntax, see
buckets_path
Syntax.
Syntax
editA change_point
aggregation looks like this in isolation:
Response body
edit-
bucket
-
(Optional, object) Values of the bucket that indicates the discovered change point. Not returned if no change point was found. All the aggregations in the bucket are returned as well.
Properties of bucket
-
key
- (value) The key of the bucket matched. Could be string or numeric.
-
doc_count
- (number) The document count of the bucket.
-
-
type
-
(object) The found change point type and its related values. Possible types:
-
dip
: a significant dip occurs at this change point -
distribution_change
: the overall distribution of the values has changed significantly -
non_stationary
: there is no change point, but the values are not from a stationary distribution -
spike
: a significant spike occurs at this point -
stationary
: no change point found -
step_change
: the change indicates a statistically significant step up or down in value distribution -
trend_change
: there is an overall trend change occurring at this point
-