elasticsearch/docs/reference/cat/anomaly-detectors.asciidoc

[role="xpack"]
[[cat-anomaly-detectors]]
=== cat anomaly detectors API
++++
<titleabbrev>cat anomaly detectors</titleabbrev>
++++

[IMPORTANT]
====
cat APIs are only intended for human consumption using the command line or {kib} 
console. They are _not_ intended for use by applications. For application 
consumption, use the 
<<ml-get-job-stats,get anomaly detection job statistics API>>.
====

Returns configuration and usage information about {anomaly-jobs}.

[[cat-anomaly-detectors-request]]
==== {api-request-title}

`GET /_cat/ml/anomaly_detectors/<job_id>` +

`GET /_cat/ml/anomaly_detectors`

[[cat-anomaly-detectors-prereqs]]
==== {api-prereq-title}

* If the {es} {security-features} are enabled, you must have `monitor_ml`,
`monitor`, `manage_ml`, or `manage` cluster privileges to use this API. See
<<security-privileges>> and {ml-docs-setup-privileges}.


[[cat-anomaly-detectors-desc]]
==== {api-description-title}

NOTE: This API returns a maximum of 10,000 jobs.

For more information about {anomaly-detect}, see
{ml-docs}/ml-ad-finding-anomalies.html[Finding anomalies].

[[cat-anomaly-detectors-path-params]]
==== {api-path-parms-title}

`<job_id>`::
(Optional, string)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=job-id-anomaly-detection]

[[cat-anomaly-detectors-query-params]]
==== {api-query-parms-title}

`allow_no_match`::
(Optional, Boolean)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=allow-no-match-jobs]

include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=bytes]

include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=http-format]

include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=cat-h]
+
If you do not specify which columns to include, the API returns the default
columns. If you explicitly specify one or more columns, it returns only the
specified columns.
+
Valid columns are:

`assignment_explanation`, `ae`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=assignment-explanation-anomaly-jobs]

`buckets.count`, `bc`, `bucketsCount`:::
(Default)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=bucket-count-anomaly-jobs]

`buckets.time.exp_avg`, `btea`, `bucketsTimeExpAvg`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=bucket-time-exponential-average]

`buckets.time.exp_avg_hour`, `bteah`, `bucketsTimeExpAvgHour`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=bucket-time-exponential-average-hour]

`buckets.time.max`, `btmax`, `bucketsTimeMax`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=bucket-time-maximum]

`buckets.time.min`, `btmin`, `bucketsTimeMin`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=bucket-time-minimum]

`buckets.time.total`, `btt`, `bucketsTimeTotal`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=bucket-time-total]

`data.buckets`, `db`, `dataBuckets`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=bucket-count]

`data.earliest_record`, `der`, `dataEarliestRecord`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=earliest-record-timestamp]

`data.empty_buckets`, `deb`, `dataEmptyBuckets`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=empty-bucket-count]

`data.input_bytes`, `dib`, `dataInputBytes`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=input-bytes]

`data.input_fields`, `dif`, `dataInputFields`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=input-field-count]

`data.input_records`, `dir`, `dataInputRecords`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=input-record-count]

`data.invalid_dates`, `did`, `dataInvalidDates`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=invalid-date-count]

`data.last`, `dl`, `dataLast`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=last-data-time]

`data.last_empty_bucket`, `dleb`, `dataLastEmptyBucket`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=latest-empty-bucket-timestamp]

`data.last_sparse_bucket`, `dlsb`, `dataLastSparseBucket`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=latest-sparse-record-timestamp]

`data.latest_record`, `dlr`, `dataLatestRecord`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=latest-record-timestamp]

`data.missing_fields`, `dmf`, `dataMissingFields`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=missing-field-count]

`data.out_of_order_timestamps`, `doot`, `dataOutOfOrderTimestamps`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=out-of-order-timestamp-count]

`data.processed_fields`, `dpf`, `dataProcessedFields`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=processed-field-count]

`data.processed_records`, `dpr`, `dataProcessedRecords`:::
(Default)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=processed-record-count]

`data.sparse_buckets`, `dsb`, `dataSparseBuckets`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=sparse-bucket-count]

`forecasts.memory.avg`, `fmavg`, `forecastsMemoryAvg`:::
The average memory usage in bytes for forecasts related to the {anomaly-job}.
  
`forecasts.memory.max`, `fmmax`, `forecastsMemoryMax`:::
The maximum memory usage in bytes for forecasts related to the {anomaly-job}.

`forecasts.memory.min`, `fmmin`, `forecastsMemoryMin`:::
The minimum memory usage in bytes for forecasts related to the {anomaly-job}.

`forecasts.memory.total`, `fmt`, `forecastsMemoryTotal`:::
The total memory usage in bytes for forecasts related to the {anomaly-job}.                      
  
`forecasts.records.avg`, `fravg`, `forecastsRecordsAvg`:::
The average number of `model_forecast` documents written for forecasts related
to the {anomaly-job}.

`forecasts.records.max`, `frmax`, `forecastsRecordsMax`:::
The maximum number of `model_forecast` documents written for forecasts related
to the {anomaly-job}.

`forecasts.records.min`, `frmin`, `forecastsRecordsMin`:::
The minimum number of `model_forecast` documents written for forecasts related
to the {anomaly-job}.

`forecasts.records.total`, `frt`, `forecastsRecordsTotal`:::
The total number of `model_forecast` documents written for forecasts related to
the {anomaly-job}.                         
                                                   
`forecasts.time.avg`, `ftavg`, `forecastsTimeAvg`:::
The average runtime in milliseconds for forecasts related to the {anomaly-job}.

`forecasts.time.max`, `ftmax`, `forecastsTimeMax`:::
The maximum runtime in milliseconds for  forecasts related to the {anomaly-job}.

`forecasts.time.min`, `ftmin`, `forecastsTimeMin`:::
The minimum runtime in milliseconds for forecasts related to the {anomaly-job}.

`forecasts.time.total`, `ftt`, `forecastsTimeTotal`:::
The total runtime in milliseconds for forecasts related to the {anomaly-job}.

`forecasts.total`, `ft`, `forecastsTotal`:::
(Default)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=forecast-total]

`id`:::
(Default)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=job-id-anomaly-detection]

`model.bucket_allocation_failures`, `mbaf`, `modelBucketAllocationFailures`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=bucket-allocation-failures-count]

`model.by_fields`, `mbf`, `modelByFields`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=total-by-field-count]

`model.bytes`, `mb`, `modelBytes`:::
(Default)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=model-bytes]

`model.bytes_exceeded`, `mbe`, `modelBytesExceeded`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=model-bytes-exceeded]

`model.categorization_status`, `mcs`, `modelCategorizationStatus`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=categorization-status]
                         
`model.categorized_doc_count`, `mcdc`, `modelCategorizedDocCount`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=categorized-doc-count]

`model.dead_category_count`, `mdcc`, `modelDeadCategoryCount`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=dead-category-count]

`model.failed_category_count`, `mdcc`, `modelFailedCategoryCount`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=failed-category-count]

`model.frequent_category_count`, `mfcc`, `modelFrequentCategoryCount`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=frequent-category-count]

`model.log_time`, `mlt`, `modelLogTime`:::
The timestamp when the model stats were gathered, according to server time.

`model.memory_limit`, `mml`, `modelMemoryLimit`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=model-memory-limit-anomaly-jobs]

`model.memory_status`, `mms`, `modelMemoryStatus`:::
(Default)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=model-memory-status]

`model.over_fields`, `mof`, `modelOverFields`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=total-over-field-count]

`model.partition_fields`, `mpf`, `modelPartitionFields`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=total-partition-field-count]

`model.rare_category_count`, `mrcc`, `modelRareCategoryCount`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=rare-category-count]

`model.timestamp`, `mt`, `modelTimestamp`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=model-timestamp]
                                                           
`model.total_category_count`, `mtcc`, `modelTotalCategoryCount`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=total-category-count]
                            
`node.address`, `na`, `nodeAddress`:::
The network address of the node.
+
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=node-jobs]

`node.ephemeral_id`, `ne`, `nodeEphemeralId`:::
The ephemeral ID of the node.
+
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=node-jobs]

`node.id`, `ni`, `nodeId`:::
The unique identifier of the node.
+
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=node-jobs]

`node.name`, `nn`, `nodeName`:::
The node name.
+
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=node-jobs]

`opened_time`, `ot`:::
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=open-time]

`state`, `s`:::
(Default)
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=state-anomaly-job] 

include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=help]

include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=cat-s]

include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=time]

include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=cat-v]

[[cat-anomaly-detectors-example]]
==== {api-examples-title}

[source,console]
--------------------------------------------------
GET _cat/ml/anomaly_detectors?h=id,s,dpr,mb&v=true
--------------------------------------------------
// TEST[skip:kibana sample data]

[source,console-result]
----
id                        s dpr   mb
high_sum_total_sales closed 14022 1.5mb
low_request_rate     closed 1216  40.5kb
response_code_rates  closed 28146 132.7kb
url_scanning         closed 28146 501.6kb
----
// TESTRESPONSE[skip:kibana sample data]