首頁 探索 說明
註冊 登入
lqb
/
elasticsearch
镜像来自 https://gitee.com/mirrors/elasticsearch.git
1
0
複刻 0
檔案 問題管理 0 Wiki
目錄樹: 823c337e76
分支列表 標籤列表
elasticsearch
/
docs
/
reference
/
ml
/
anomaly-detection
/
apis
/
get-overall-buckets.asciidoc

get-overall-buckets.asciidoc 6.0 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208 
  1. [role="xpack"]
    2. 

  2. [testenv="platinum"]
    3. 

  3. [[ml-get-overall-buckets]]
    4. 

  4. = Get overall buckets API
    5. 

  5. ++++
    6. 

  6. <titleabbrev>Get overall buckets</titleabbrev>
    7. 

  7. ++++
    8. 

  8. 

  9. Retrieves overall bucket results that summarize the bucket results of multiple
    10. 

  10. {anomaly-jobs}.
    11. 

  11. 

  12. [[ml-get-overall-buckets-request]]
    13. 

  13. == {api-request-title}
    14. 

  14. 

  15. `GET _ml/anomaly_detectors/<job_id>/results/overall_buckets` +
    16. 

  16. 

  17. `GET _ml/anomaly_detectors/<job_id>,<job_id>/results/overall_buckets` +
    18. 

  18. 

  19. `GET _ml/anomaly_detectors/_all/results/overall_buckets`
    20. 

  20. 

  21. [[ml-get-overall-buckets-prereqs]]
    22. 

  22. == {api-prereq-title}
    23. 

  23. 

  24. * If the {es} {security-features} are enabled, you must have `monitor_ml`,
    25. 

  25. `monitor`, `manage_ml`, or `manage` cluster privileges to use this API. You also
    26. 

  26. need `read` index privilege on the index that stores the results. The
    27. 

  27. `machine_learning_admin` and `machine_learning_user` roles provide these
    28. 

  28. privileges. See <<security-privileges>> and <<built-in-roles>>.
    29. 

  29. 

  30. [[ml-get-overall-buckets-desc]]
    31. 

  31. == {api-description-title}
    32. 

  32. 

  33. You can summarize the bucket results for all {anomaly-jobs} by using `_all` or
    34. 

  34. by specifying `*` as the `<job_id>`.
    35. 

  35. 

  36. By default, an overall bucket has a span equal to the largest bucket span of the
    37. 

  37. specified {anomaly-jobs}. To override that behavior, use the optional
    38. 

  38. `bucket_span` parameter. To learn more about the concept of buckets, see
    39. 

  39. {ml-docs}/ml-buckets.html[Buckets].
    40. 

  40. 

  41. The `overall_score` is calculated by combining the scores of all the buckets
    42. 

  42. within the overall bucket span. First, the maximum `anomaly_score` per
    43. 

  43. {anomaly-job} in the overall bucket is calculated. Then the `top_n` of those
    44. 

  44. scores are averaged to result in the `overall_score`. This means that you can
    45. 

  45. fine-tune the `overall_score` so that it is more or less sensitive to the number
    46. 

  46. of jobs that detect an anomaly at the same time. For example, if you set `top_n`
    47. 

  47. to `1`, the `overall_score` is the maximum bucket score in the overall bucket.
    48. 

  48. Alternatively, if you set `top_n` to the number of jobs, the `overall_score` is
    49. 

  49. high only when all jobs detect anomalies in that overall bucket.  If you set
    50. 

  50. the `bucket_span` parameter (to a value greater than its default), the
    51. 

  51. `overall_score` is the maximum `overall_score` of the overall buckets that have
    52. 

  52. a span equal to the jobs' largest bucket span.
    53. 

  53. 

  54. [[ml-get-overall-buckets-path-parms]]
    55. 

  55. == {api-path-parms-title}
    56. 

  56. 

  57. `<job_id>`::
    58. 

  58. (Required, string)
    59. 

  59. include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=job-id-anomaly-detection-wildcard-list]
    60. 

  60. 

  61. [[ml-get-overall-buckets-request-body]]
    62. 

  62. == {api-request-body-title}
    63. 

  63. 

  64. `allow_no_jobs`::
    65. 

  65. (Optional, boolean)
    66. 

  66. include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=allow-no-jobs]
    67. 

  67. 

  68. `bucket_span`::
    69. 

  69. (Optional, string) The span of the overall buckets. Must be greater or equal to
    70. 

  70. the largest bucket span of the specified {anomaly-jobs}, which is the default
    71. 

  71. value.
    72. 

  72. 

  73. `end`::
    74. 

  74. (Optional, string) Returns overall buckets with timestamps earlier than this
    75. 

  75. time.
    76. 

  76. 

  77. `exclude_interim`::
    78. 

  78. (Optional, boolean) If `true`, the output excludes interim overall buckets.
    79. 

  79. Overall buckets are interim if any of the job buckets within the overall bucket
    80. 

  80. interval are interim. By default, interim results are included.
    81. 

  81. 

  82. `overall_score`::
    83. 

  83. (Optional, double) Returns overall buckets with overall scores greater or equal
    84. 

  84. than this value.
    85. 

  85. 

  86. `start`::
    87. 

  87. (Optional, string) Returns overall buckets with timestamps after this time.
    88. 

  88. 

  89. `top_n`::
    90. 

  90. (Optional, integer) The number of top {anomaly-job} bucket scores to be used in
    91. 

  91. the `overall_score` calculation. The default value is `1`.
    92. 

  92. 

  93. [[ml-get-overall-buckets-results]]
    94. 

  94. == {api-response-body-title}
    95. 

  95. 

  96. The API returns an array of overall bucket objects, which have the following
    97. 

  97. properties:
    98. 

  98. 

  99. `bucket_span`::
    100. 

  100. (number) The length of the bucket in seconds. Matches the `bucket_span`
    101. 

  101. of the job with the longest one.
    102. 

  102. 

  103. `is_interim`::
    104. 

  104. (boolean)
    105. 

  105. include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=is-interim]
    106. 

  106. 

  107. `jobs`::
    108. 

  108. (array) An array of objects that contain the `max_anomaly_score` per `job_id`.
    109. 

  109. 

  110. `overall_score`::
    111. 

  111. (number) The `top_n` average of the max bucket `anomaly_score` per job.
    112. 

  112. 

  113. `result_type`::
    114. 

  114. (string) Internal. This is always set to `overall_bucket`.
    115. 

  115. 

  116. `timestamp`::
    117. 

  117. (date)
    118. 

  118. include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=timestamp-results]
    119. 

  119. 

  120. [[ml-get-overall-buckets-example]]
    121. 

  121. == {api-examples-title}
    122. 

  122. 

  123. [source,console]
    124. 

  124. --------------------------------------------------
    125. 

  125. GET _ml/anomaly_detectors/job-*/results/overall_buckets
    126. 

  126. {
    127. 

  127.   "overall_score": 80,
    128. 

  128.   "start": "1403532000000"
    129. 

  129. }
    130. 

  130. --------------------------------------------------
    131. 

  131. // TEST[skip:todo]
    132. 

  132. 

  133. In this example, the API returns a single result that matches the specified
    134. 

  134. score and time constraints. The `overall_score` is the max job score as
    135. 

  135. `top_n` defaults to 1 when not specified:
    136. 

  136. [source,js]
    137. 

  137. ----
    138. 

  138. {
    139. 

  139.   "count": 1,
    140. 

  140.   "overall_buckets": [
    141. 

  141.     {
    142. 

  142.       "timestamp" : 1403532000000,
    143. 

  143.       "bucket_span" : 3600,
    144. 

  144.       "overall_score" : 80.0,
    145. 

  145.       "jobs" : [
    146. 

  146.         {
    147. 

  147.           "job_id" : "job-1",
    148. 

  148.           "max_anomaly_score" : 30.0
    149. 

  149.         },
    150. 

  150.         {
    151. 

  151.           "job_id" : "job-2",
    152. 

  152.           "max_anomaly_score" : 10.0
    153. 

  153.         },
    154. 

  154.         {
    155. 

  155.           "job_id" : "job-3",
    156. 

  156.           "max_anomaly_score" : 80.0
    157. 

  157.         }
    158. 

  158.       ],
    159. 

  159.       "is_interim" : false,
    160. 

  160.       "result_type" : "overall_bucket"
    161. 

  161.     }
    162. 

  162.   ]
    163. 

  163. }
    164. 

  164. ----
    165. 

  165. 

  166. The next example is similar but this time `top_n` is set to `2`:
    167. 

  167. 

  168. [source,console]
    169. 

  169. --------------------------------------------------
    170. 

  170. GET _ml/anomaly_detectors/job-*/results/overall_buckets
    171. 

  171. {
    172. 

  172.   "top_n": 2,
    173. 

  173.   "overall_score": 50.0,
    174. 

  174.   "start": "1403532000000"
    175. 

  175. }
    176. 

  176. --------------------------------------------------
    177. 

  177. // TEST[skip:todo]
    178. 

  178. 

  179. Note how the `overall_score` is now the average of the top 2 job scores:
    180. 

  180. [source,js]
    181. 

  181. ----
    182. 

  182. {
    183. 

  183.   "count": 1,
    184. 

  184.   "overall_buckets": [
    185. 

  185.     {
    186. 

  186.       "timestamp" : 1403532000000,
    187. 

  187.       "bucket_span" : 3600,
    188. 

  188.       "overall_score" : 55.0,
    189. 

  189.       "jobs" : [
    190. 

  190.         {
    191. 

  191.           "job_id" : "job-1",
    192. 

  192.           "max_anomaly_score" : 30.0
    193. 

  193.         },
    194. 

  194.         {
    195. 

  195.           "job_id" : "job-2",
    196. 

  196.           "max_anomaly_score" : 10.0
    197. 

  197.         },
    198. 

  198.         {
    199. 

  199.           "job_id" : "job-3",
    200. 

  200.           "max_anomaly_score" : 80.0
    201. 

  201.         }
    202. 

  202.       ],
    203. 

  203.       "is_interim" : false,
    204. 

  204.       "result_type" : "overall_bucket"
    205. 

  205.     }
    206. 

  206.   ]
    207. 

  207. }
    208. 

  208. ----
    209.