lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119
							[role="xpack"]
[testenv="platinum"]
[[ml-get-record]]
=== Get records API
++++
<titleabbrev>Get records</titleabbrev>
++++

Retrieves anomaly records for a job.


==== Request

`GET _ml/anomaly_detectors/<job_id>/results/records`

//===== Description

==== Path Parameters

`job_id`::
  (string) Identifier for the job.


==== Request Body

`desc`::
  (boolean) If true, the results are sorted in descending order.

`end`::
  (string) Returns records with timestamps earlier than this time.

`exclude_interim`::
  (boolean) If true, the output excludes interim results.
  By default, interim results are included.

`page`::
`from`:::
  (integer) Skips the specified number of records.
`size`:::
  (integer) Specifies the maximum number of records to obtain.

`record_score`::
  (double) Returns records with anomaly scores greater or equal than this value.

`sort`::
  (string) Specifies the sort field for the requested records.
  By default, the records are sorted by the `anomaly_score` value.

`start`::
  (string) Returns records with timestamps after this time.


==== Results

The API returns the following information:

`records`::
  (array) An array of record objects. For more information, see
  <<ml-results-records,Records>>.


==== Authorization

You must have `monitor_ml`, `monitor`, `manage_ml`, or `manage` cluster
privileges to use this API. You also need `read` index privilege on the index
that stores the results. The `machine_learning_admin` and `machine_learning_user`
roles provide these privileges. For more information, see
{xpack-ref}/security-privileges.html[Security Privileges] and
{xpack-ref}/built-in-roles.html[Built-in Roles].
//<<security-privileges>> and <<built-in-roles>>.


==== Examples

The following example gets record information for the `it-ops-kpi` job:

[source,js]
--------------------------------------------------
GET _ml/anomaly_detectors/it-ops-kpi/results/records
{
  "sort": "record_score",
  "desc": true,
  "start": "1454944100000"
}
--------------------------------------------------
// CONSOLE
// TEST[skip:todo]

In this example, the API returns twelve results for the specified
time constraints:
[source,js]
----
{
  "count": 12,
  "records": [
    {
      "job_id": "it-ops-kpi",
      "result_type": "record",
      "probability": 0.00000332668,
      "record_score": 72.9929,
      "initial_record_score": 65.7923,
      "bucket_span": 300,
      "detector_index": 0,
      "is_interim": false,
      "timestamp": 1454944200000,
      "function": "low_sum",
      "function_description": "sum",
      "typical": [
        1806.48
      ],
      "actual": [
        288
      ],
      "field_name": "events_per_min"
    },
  ...
  ]
}
----