WARNING: Version 5.4 of the Elastic Stack has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Get Records
editGet Records
editThe get records API enables you to retrieve anomaly records for a job.
Request
editGET _xpack/ml/anomaly_detectors/<job_id>/results/records
Path Parameters
edit-
job_id
- (string) Identifier for the job.
Request Body
edit-
desc
- (boolean) If true, the results are sorted in descending order.
-
end
- (string) Returns records with timestamps earlier than this time.
-
exclude_interim
- (boolean) If true, the output excludes interim results. By default, interim results are included.
-
page
-
-
from
- (integer) Skips the specified number of records.
-
size
- (integer) Specifies the maximum number of records to obtain.
-
-
record_score
- (double) Returns records with anomaly scores higher than this value.
-
sort
-
(string) Specifies the sort field for the requested records.
By default, the records are sorted by the
anomaly_score
value. -
start
- (string) Returns records with timestamps after this time.
Results
editThe API returns the following information:
-
records
- (array) An array of record objects. For more information, see Records.
Authorization
editYou must have monitor_ml
, monitor
, manage_ml
, or manage
cluster
privileges to use this API. You also need read
index privilege on the index
that stores the results. The machine_learning_admin
and machine_learning_user
roles provide these privileges. For more information, see
Security Privileges and Built-in Roles.
Examples
editThe following example gets record information for the it-ops-kpi
job:
GET _xpack/ml/anomaly_detectors/it-ops-kpi/results/records { "sort": "record_score", "desc": true, "start": "1454944100000" }
In this example, the API returns twelve results for the specified time constraints:
{ "count": 12, "records": [ { "job_id": "it-ops-kpi", "result_type": "record", "probability": 0.00000332668, "record_score": 72.9929, "initial_record_score": 65.7923, "bucket_span": 300, "detector_index": 0, "sequence_num": 1, "is_interim": false, "timestamp": 1454944200000, "function": "low_sum", "function_description": "sum", "typical": [ 1806.48 ], "actual": [ 288 ], "field_name": "events_per_min" }, ... ] }