Get Records

edit

The get records API enables you to retrieve anomaly records for a job.

Request

edit

GET _xpack/ml/anomaly_detectors/<job_id>/results/records

Path Parameters

edit
job_id
(string) Identifier for the job.

Request Body

edit
desc
(boolean) If true, the results are sorted in descending order.
end
(string) Returns records with timestamps earlier than this time.
exclude_interim
(boolean) If true, the output excludes interim results. By default, interim results are included.
page
from
(integer) Skips the specified number of records.
size
(integer) Specifies the maximum number of records to obtain.
record_score
(double) Returns records with anomaly scores higher than this value.
sort
(string) Specifies the sort field for the requested records. By default, the records are sorted by the anomaly_score value.
start
(string) Returns records with timestamps after this time.

Results

edit

The API returns the following information:

records
(array) An array of record objects. For more information, see Records.

Authorization

edit

You must have monitor_ml, monitor, manage_ml, or manage cluster privileges to use this API. You also need read index privilege on the index that stores the results. The machine_learning_admin and machine_learning_user roles provide these privileges. For more information, see Security Privileges and Built-in Roles.

Examples

edit

The following example gets record information for the it-ops-kpi job:

GET _xpack/ml/anomaly_detectors/it-ops-kpi/results/records
{
  "sort": "record_score",
  "desc": true,
  "start": "1454944100000"
}

In this example, the API returns twelve results for the specified time constraints:

{
  "count": 12,
  "records": [
    {
      "job_id": "it-ops-kpi",
      "result_type": "record",
      "probability": 0.00000332668,
      "record_score": 72.9929,
      "initial_record_score": 65.7923,
      "bucket_span": 300,
      "detector_index": 0,
      "sequence_num": 1,
      "is_interim": false,
      "timestamp": 1454944200000,
      "function": "low_sum",
      "function_description": "sum",
      "typical": [
        1806.48
      ],
      "actual": [
        288
      ],
      "field_name": "events_per_min"
    },
  ...
  ]
}