- X-Pack Reference for 6.0-6.2 and 5.x:
- Introduction
- Installing X-Pack
- Migrating to X-Pack
- Breaking Changes
- Securing Elasticsearch and Kibana
- Monitoring the Elastic Stack
- Alerting on Cluster and Index Events
- Reporting from Kibana
- Graphing Connections in Your Data
- Profiling your Queries and Aggregations
- Machine Learning in the Elastic Stack
- X-Pack Settings
- X-Pack APIs
- Info API
- Security APIs
- Watcher APIs
- Graph APIs
- Machine Learning APIs
- Close Jobs
- Create Datafeeds
- Create Jobs
- Delete Datafeeds
- Delete Jobs
- Delete Model Snapshots
- Flush Jobs
- Get Buckets
- Get Categories
- Get Datafeeds
- Get Datafeed Statistics
- Get Influencers
- Get Jobs
- Get Job Statistics
- Get Model Snapshots
- Get Records
- Open Jobs
- Post Data to Jobs
- Preview Datafeeds
- Revert Model Snapshots
- Start Datafeeds
- Stop Datafeeds
- Update Datafeeds
- Update Jobs
- Update Model Snapshots
- Validate Detectors
- Validate Jobs
- Definitions
- Troubleshooting
- Limitations
- License Management
- Release Notes
WARNING: Version 5.4 of the Elastic Stack has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Post Data to Jobs
editPost Data to Jobs
editThe post data API enables you to send data to an anomaly detection job for analysis.
Request
editPOST _xpack/ml/anomaly_detectors/<job_id>/_data
Description
editThe job must have a state of open to receive and process the data.
The data that you send to the job must use the JSON format. Multiple JSON
documents can be sent, either adjacent with no separator in between them or
whitespace separated. Newline delimited JSON (NDJSON) is a possible whitespace
separated format, and for this the Content-Type header should be set to
application/x-ndjson.
Upload sizes are limited to the Elasticsearch HTTP receive buffer size (default 100 Mb). If your data is larger, split it into multiple chunks and upload each one separately in sequential time order. When running in real time, it is generally recommended that you perform many small uploads, rather than queueing data to upload larger files.
When uploading data, check the job data counts for progress. The following records will not be processed:
- Records not in chronological order and outside the latency window
- Records with an invalid timestamp
For each job, data can only be accepted from a single connection at a time. It is not currently possible to post data to multiple jobs using wildcards or a comma-separated list.
Path Parameters
edit-
job_id(required) - (string) Identifier for the job
Query Parameters
edit-
reset_start - (string) Specifies the start of the bucket resetting range
-
reset_end - (string) Specifies the end of the bucket resetting range
Request Body
editA sequence of one or more JSON documents containing the data to be analyzed. Only whitespace characters are permitted in between the documents.
Authorization
editYou must have manage_ml, or manage cluster privileges to use this API.
For more information, see Cluster Privileges.
Examples
editThe following example posts data from the it_ops_new_kpi.json file to the it_ops_new_kpi job:
$ curl -s -H "Content-type: application/json" -X POST http:\/\/localhost:9200/_xpack/ml/anomaly_detectors/it_ops_new_kpi/_data --data-binary @it_ops_new_kpi.json
When the data is sent, you receive information about the operational progress of the job. For example:
{ "job_id":"it_ops_new_kpi", "processed_record_count":21435, "processed_field_count":64305, "input_bytes":2589063, "input_field_count":85740, "invalid_date_count":0, "missing_field_count":0, "out_of_order_timestamp_count":0, "empty_bucket_count":16, "sparse_bucket_count":0, "bucket_count":2165, "earliest_record_timestamp":1454020569000, "latest_record_timestamp":1455318669000, "last_data_time":1491952300658, "latest_empty_bucket_timestamp":1454541600000, "input_record_count":21435 }
For more information about these properties, see Job Stats.