WARNING: Version 5.4 of the Elastic Stack has passed its EOL date.

This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.

« Get Buckets Get Datafeeds »
Elastic Docs X-Pack for the Elastic Stack [5.4] X-Pack APIs Machine Learning APIs

Get Categories

edit

Get Categories

edit

The get categories API enables you to retrieve job results for one or more categories.

Request

edit

GET _xpack/ml/anomaly_detectors/<job_id>/results/categories

GET _xpack/ml/anomaly_detectors/<job_id>/results/categories/<category_id>

Description

edit

For more information about categories, see Categorizing log messages.

Path Parameters

edit
job_id
(string) Identifier for the job.
category_id
(long) Identifier for the category. If you do not specify this optional parameter, the API returns information about all categories in the job.

Request Body

edit
page
from
(integer) Skips the specified number of categories.
size
(integer) Specifies the maximum number of categories to obtain.

Results

edit

The API returns the following information:

categories
(array) An array of category objects. For more information, see Categories.

Authorization

edit

You must have monitor_ml, monitor, manage_ml, or manage cluster privileges to use this API. You also need read index privilege on the index that stores the results. The machine_learning_admin and machine_learning_user roles provide these privileges. For more information, see Security Privileges and Built-in Roles.

Examples

edit

The following example gets information about one category for the it_ops_new_logs job:

GET _xpack/ml/anomaly_detectors/it_ops_new_logs/results/categories
{
  "page":{
    "size": 1
  }
}

In this example, the API returns the following information:

{
  "count": 11,
  "categories": [
    {
      "job_id": "it_ops_new_logs",
      "category_id": 1,
      "terms": "Actual Transaction Already Voided Reversed hostname dbserver.acme.com physicalhost esxserver1.acme.com vmhost app1.acme.com",
      "regex": ".*?Actual.+?Transaction.+?Already.+?Voided.+?Reversed.+?hostname.+?dbserver.acme.com.+?physicalhost.+?esxserver1.acme.com.+?vmhost.+?app1.acme.com.*",
      "max_matching_length": 137,
      "examples": [
        "Actual Transaction Already Voided / Reversed;hostname=dbserver.acme.com;physicalhost=esxserver1.acme.com;vmhost=app1.acme.com"
      ]
    }
  ]
}
« Get Buckets Get Datafeeds »