WARNING: Version 5.4 of the Elastic Stack has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Get Categories
editGet Categories
editThe get categories API enables you to retrieve job results for one or more categories.
Request
editGET _xpack/ml/anomaly_detectors/<job_id>/results/categories
GET _xpack/ml/anomaly_detectors/<job_id>/results/categories/<category_id>
Description
editFor more information about categories, see Categorizing log messages.
Path Parameters
edit-
job_id
- (string) Identifier for the job.
-
category_id
- (long) Identifier for the category. If you do not specify this optional parameter, the API returns information about all categories in the job.
Request Body
edit-
page
-
-
from
- (integer) Skips the specified number of categories.
-
size
- (integer) Specifies the maximum number of categories to obtain.
-
Results
editThe API returns the following information:
-
categories
- (array) An array of category objects. For more information, see Categories.
Authorization
editYou must have monitor_ml
, monitor
, manage_ml
, or manage
cluster
privileges to use this API. You also need read
index privilege on the index
that stores the results. The machine_learning_admin
and machine_learning_user
roles provide these privileges. For more information, see
Security Privileges and Built-in Roles.
Examples
editThe following example gets information about one category for the
it_ops_new_logs
job:
GET _xpack/ml/anomaly_detectors/it_ops_new_logs/results/categories { "page":{ "size": 1 } }
In this example, the API returns the following information:
{ "count": 11, "categories": [ { "job_id": "it_ops_new_logs", "category_id": 1, "terms": "Actual Transaction Already Voided Reversed hostname dbserver.acme.com physicalhost esxserver1.acme.com vmhost app1.acme.com", "regex": ".*?Actual.+?Transaction.+?Already.+?Voided.+?Reversed.+?hostname.+?dbserver.acme.com.+?physicalhost.+?esxserver1.acme.com.+?vmhost.+?app1.acme.com.*", "max_matching_length": 137, "examples": [ "Actual Transaction Already Voided / Reversed;hostname=dbserver.acme.com;physicalhost=esxserver1.acme.com;vmhost=app1.acme.com" ] } ] }