Accueil Explorer Aide
S'inscrire Connexion
lqb
/
elasticsearch
miroir de https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Fichiers Tickets 0 Wiki
Aborescence: 4e4990c6a0
Branches Tags
elasticsearch
/
docs
/
reference
/
ml
/
anomaly-detection
/
apis
/
datafeedresource.asciidoc

datafeedresource.asciidoc 6.0 KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152 
  1. [role="xpack"]
    2. 

  2. [testenv="platinum"]
    3. 

  3. [[ml-datafeed-resource]]
    4. 

  4. === {dfeed-cap} resources
    5. 

  5. 

  6. A {dfeed} resource has the following properties:
    7. 

  7. 

  8. `aggregations`::
    9. 

  9.   (object) If set, the {dfeed} performs aggregation searches.
    10. 

  10.   Support for aggregations is limited and should only be used with
    11. 

  11.   low cardinality data. For more information, see
    12. 

  12.   {stack-ov}/ml-configuring-aggregation.html[Aggregating Data for Faster Performance].
    13. 

  13. 

  14. `chunking_config`::
    15. 

  15.   (object) Specifies how data searches are split into time chunks.
    16. 

  16.   See <<ml-datafeed-chunking-config>>.
    17. 

  17.   For example: `{"mode": "manual", "time_span": "3h"}`
    18. 

  18. 

  19. `datafeed_id`::
    20. 

  20.  (string) A numerical character string that uniquely identifies the {dfeed}.
    21. 

  21.  This property is informational; you cannot change the identifier for existing
    22. 

  22.  {dfeeds}.
    23. 

  23. 

  24. `frequency`::
    25. 

  25.   (time units) The interval at which scheduled queries are made while the
    26. 

  26.   {dfeed} runs in real time. The default value is either the bucket span for short
    27. 

  27.   bucket spans, or, for longer bucket spans, a sensible fraction of the bucket
    28. 

  28.   span. For example: `150s`.
    29. 

  29. 

  30. `indices`::
    31. 

  31.   (array) An array of index names. For example: `["it_ops_metrics"]`
    32. 

  32. 

  33. `job_id`::
    34. 

  34.  (string) The unique identifier for the job to which the {dfeed} sends data.
    35. 

  35. 

  36. `query`::
    37. 

  37.   (object) The {es} query domain-specific language (DSL). This value
    38. 

  38.   corresponds to the query object in an {es} search POST body. All the
    39. 

  39.   options that are supported by {es} can be used, as this object is
    40. 

  40.   passed verbatim to {es}. By default, this property has the following
    41. 

  41.   value: `{"match_all": {"boost": 1}}`.
    42. 

  42. 

  43. `query_delay`::
    44. 

  44.   (time units) The number of seconds behind real time that data is queried. For
    45. 

  45.   example, if data from 10:04 a.m. might not be searchable in {es} until
    46. 

  46.   10:06 a.m., set this property to 120 seconds. The default value is randomly
    47. 

  47.   selected between `60s` and `120s`. This randomness improves the query
    48. 

  48.   performance when there are multiple jobs running on the same node.
    49. 

  49. 

  50. `script_fields`::
    51. 

  51.   (object) Specifies scripts that evaluate custom expressions and returns
    52. 

  52.   script fields to the {dfeed}.
    53. 

  53.   The <<ml-detectorconfig,detector configuration objects>> in a job can contain
    54. 

  54.   functions that use these script fields.
    55. 

  55.   For more information, see
    56. 

  56.   {stack-ov}/ml-configuring-transform.html[Transforming Data With Script Fields].
    57. 

  57. 

  58. `scroll_size`::
    59. 

  59.   (unsigned integer) The `size` parameter that is used in {es} searches.
    60. 

  60.   The default value is `1000`.
    61. 

  61. 

  62. `delayed_data_check_config`::
    63. 

  63.   (object) Specifies whether the data feed checks for missing data and 
    64. 

  64.   the size of the window. For example:
    65. 

  65.   `{"enabled": true, "check_window": "1h"}` See
    66. 

  66.   <<ml-datafeed-delayed-data-check-config>>.
    67. 

  67. 

  68. [[ml-datafeed-chunking-config]]
    69. 

  69. ==== Chunking configuration objects
    70. 

  70. 

  71. {dfeeds-cap} might be required to search over long time periods, for several months
    72. 

  72. or years. This search is split into time chunks in order to ensure the load
    73. 

  73. on {es} is managed. Chunking configuration controls how the size of these time
    74. 

  74. chunks are calculated and is an advanced configuration option.
    75. 

  75. 

  76. A chunking configuration object has the following properties:
    77. 

  77. 

  78. `mode`::
    79. 

  79.   There are three available modes: +
    80. 

  80.   `auto`::: The chunk size will be dynamically calculated. This is the default
    81. 

  81.   and recommended value.
    82. 

  82.   `manual`::: Chunking will be applied according to the specified `time_span`.
    83. 

  83.   `off`::: No chunking will be applied.
    84. 

  84. 

  85. `time_span`::
    86. 

  86.   (time units) The time span that each search will be querying.
    87. 

  87.   This setting is only applicable when the mode is set to `manual`.
    88. 

  88.   For example: `3h`.
    89. 

  89. 

  90. [[ml-datafeed-delayed-data-check-config]]
    91. 

  91. ==== Delayed data check configuration objects
    92. 

  92. 

  93. The {dfeed} can optionally search over indices that have already been read in
    94. 

  94. an effort to determine whether any data has subsequently been added to the index.
    95. 

  95. If missing data is found, it is a good indication that the `query_delay` option
    96. 

  96. is set too low and the data is being indexed after the {dfeed} has passed that
    97. 

  97. moment in time. See 
    98. 

  98. {stack-ov}/ml-delayed-data-detection.html[Working with delayed data].
    99. 

  99. 

  100. This check runs only on real-time {dfeeds}.
    101. 

  101. 

  102. The configuration object has the following properties:
    103. 

  103. 

  104. `enabled`::
    105. 

  105.   (boolean) Specifies whether the {dfeed} periodically checks for delayed data.
    106. 

  106.   Defaults to `true`.
    107. 

  107. 

  108. `check_window`::
    109. 

  109.   (time units) The window of time that is searched for late data. This window of
    110. 

  110.   time ends with the latest finalized bucket. It defaults to `null`, which
    111. 

  111.   causes an appropriate `check_window` to be calculated when the real-time
    112. 

  112.   {dfeed} runs. In particular, the default `check_window` span calculation is
    113. 

  113.   based on the maximum of `2h` or `8 * bucket_span`.
    114. 

  114. 

  115. [float]
    116. 

  116. [[ml-datafeed-counts]]
    117. 

  117. ==== {dfeed-cap} counts
    118. 

  118. 

  119. The get {dfeed} statistics API provides information about the operational
    120. 

  120. progress of a {dfeed}. All of these properties are informational; you cannot
    121. 

  121. update their values:
    122. 

  122. 

  123. `assignment_explanation`::
    124. 

  124.   (string) For started {dfeeds} only, contains messages relating to the
    125. 

  125.   selection of a node.
    126. 

  126. 

  127. `datafeed_id`::
    128. 

  128.  (string) A numerical character string that uniquely identifies the {dfeed}.
    129. 

  129. 

  130. `node`::
    131. 

  131.   (object) The node upon which the {dfeed} is started. The {dfeed} and job will
    132. 

  132.   be on the same node.
    133. 

  133.   `id`::: The unique identifier of the node. For example,
    134. 

  134.   "0-o0tOoRTwKFZifatTWKNw".
    135. 

  135.   `name`::: The node name. For example, `0-o0tOo`.
    136. 

  136.   `ephemeral_id`::: The node ephemeral ID.
    137. 

  137.   `transport_address`::: The host and port where transport HTTP connections are
    138. 

  138.   accepted. For example, `127.0.0.1:9300`.
    139. 

  139.   `attributes`::: For example, `{"ml.machine_memory": "17179869184"}`.
    140. 

  140. 

  141. `state`::
    142. 

  142.   (string) The status of the {dfeed}, which can be one of the following values: +
    143. 

  143.   `started`::: The {dfeed} is actively receiving data.
    144. 

  144.   `stopped`::: The {dfeed} is stopped and will not receive data until it is
    145. 

  145.   re-started.
    146. 

  146. 

  147. `timing_stats`::
    148. 

  148.   (object) An object that provides statistical information about timing aspect of this datafeed. +
    149. 

  149.   `job_id`::: A numerical character string that uniquely identifies the job.
    150. 

  150.   `search_count`::: Number of searches performed by this datafeed.
    151. 

  151.   `total_search_time_ms`::: Total time the datafeed spent searching in milliseconds.
    152. 

  152.