lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329
							[role="xpack"]
[testenv="platinum"]
[[ml-put-job]]
=== Create {anomaly-jobs} API
++++
<titleabbrev>Create jobs</titleabbrev>
++++

Instantiates an {anomaly-job}.

[[ml-put-job-request]]
==== {api-request-title}

`PUT _ml/anomaly_detectors/<job_id>`

[[ml-put-job-prereqs]]
==== {api-prereq-title}

* If the {es} {security-features} are enabled, you must have `manage_ml` or
`manage` cluster privileges to use this API. See
<<security-privileges>>.

[[ml-put-job-desc]]
==== {api-description-title}

IMPORTANT: You must use {kib} or this API to create an {anomaly-job}. Do not put
a job directly to the `.ml-config` index using the {es} index API. If {es}
{security-features} are enabled, do not give users `write` privileges on the
`.ml-config` index.

[[ml-put-job-path-parms]]
==== {api-path-parms-title}

`<job_id>`::
(Required, string)
include::{docdir}/ml/ml-shared.asciidoc[tag=job-id-anomaly-detection-define]

[role="child_attributes"]
[[ml-put-job-request-body]]
==== {api-request-body-title}

`allow_lazy_open`::
(Optional, boolean)
include::{docdir}/ml/ml-shared.asciidoc[tag=allow-lazy-open]

//Begin analysis_config
[[put-analysisconfig]]`analysis_config`::
(Required, object)
include::{docdir}/ml/ml-shared.asciidoc[tag=analysis-config]
+
.Properties of `analysis_config`
[%collapsible%open]
====
`bucket_span`:::
(<<time-units,time units>>)
include::{docdir}/ml/ml-shared.asciidoc[tag=bucket-span]

`categorization_analyzer`:::
(object or string)
include::{docdir}/ml/ml-shared.asciidoc[tag=categorization-analyzer]

`categorization_field_name`:::
(string)
include::{docdir}/ml/ml-shared.asciidoc[tag=categorization-field-name]

`categorization_filters`:::
(array of strings)
include::{docdir}/ml/ml-shared.asciidoc[tag=categorization-filters]

//Begin analysis_config.detectors
`detectors`:::
(array) An array of detector configuration objects. Detector configuration
objects specify which data fields a job analyzes. They also specify which
analytical functions are used. You can specify multiple detectors for a job. 
+
NOTE: If the `detectors` array does not contain at least one detector,
no analysis can occur and an error is returned.
+
.Properties of `detectors`
[%collapsible%open]
=====
`by_field_name`::::
(string)
include::{docdir}/ml/ml-shared.asciidoc[tag=by-field-name]

//Begin analysis_config.detectors.custom_rules
[[put-customrules]]`custom_rules`::::
(array)
include::{docdir}/ml/ml-shared.asciidoc[tag=custom-rules]
+
.Properties of `custom_rules`
[%collapsible%open]
======

`actions`:::
(array)
include::{docdir}/ml/ml-shared.asciidoc[tag=custom-rules-actions]

//Begin analysis_config.detectors.custom_rules.conditions
`conditions`:::
(array)
include::{docdir}/ml/ml-shared.asciidoc[tag=custom-rules-conditions]
+
.Properties of `conditions`
[%collapsible%open]
=======
`applies_to`::::
(string)
include::{docdir}/ml/ml-shared.asciidoc[tag=custom-rules-conditions-applies-to]

`operator`::::
(string)
include::{docdir}/ml/ml-shared.asciidoc[tag=custom-rules-conditions-operator]

`value`::::
(double)
include::{docdir}/ml/ml-shared.asciidoc[tag=custom-rules-conditions-value]
=======
//End analysis_config.detectors.custom_rules.conditions

//Begin analysis_config.detectors.custom_rules.scope
`scope`:::
(object)
include::{docdir}/ml/ml-shared.asciidoc[tag=custom-rules-scope]
+
.Properties of `scope`
[%collapsible%open]
=======
`filter_id`::::
(string)
include::{docdir}/ml/ml-shared.asciidoc[tag=custom-rules-scope-filter-id]

`filter_type`::::
(string)
include::{docdir}/ml/ml-shared.asciidoc[tag=custom-rules-scope-filter-type]
=======
//End analysis_config.detectors.custom_rules.scope
======
//End analysis_config.detectors.custom_rules

`detector_description`::::
(string)
include::{docdir}/ml/ml-shared.asciidoc[tag=detector-description]

`detector_index`::::
(integer)
include::{docdir}/ml/ml-shared.asciidoc[tag=detector-index]
+
If you specify a value for this property, it is ignored.

`exclude_frequent`::::
(string)
include::{docdir}/ml/ml-shared.asciidoc[tag=exclude-frequent]

`field_name`::::
(string)
include::{docdir}/ml/ml-shared.asciidoc[tag=detector-field-name]

`function`::::
(string)
include::{docdir}/ml/ml-shared.asciidoc[tag=function]

`over_field_name`::::
(string)
include::{docdir}/ml/ml-shared.asciidoc[tag=over-field-name]

`partition_field_name`::::
(string)
include::{docdir}/ml/ml-shared.asciidoc[tag=partition-field-name]

`use_null`::::
(boolean)
include::{docdir}/ml/ml-shared.asciidoc[tag=use-null]
=====
//End analysis_config.detectors

`influencers`:::
(array of strings)
include::{docdir}/ml/ml-shared.asciidoc[tag=influencers]

`latency`:::
(time units)
include::{docdir}/ml/ml-shared.asciidoc[tag=latency]

`multivariate_by_fields`:::
(boolean)
include::{docdir}/ml/ml-shared.asciidoc[tag=multivariate-by-fields]

`summary_count_field_name`:::
(string)
include::{docdir}/ml/ml-shared.asciidoc[tag=summary-count-field-name]
====
//End analysis_config

//Begin analysis_limits
[[put-analysislimits]]`analysis_limits`::
(Optional, object)
include::{docdir}/ml/ml-shared.asciidoc[tag=analysis-limits]
+
.Properties of `analysis_limits`
[%collapsible%open]
====
`categorization_examples_limit`:::
(long)
include::{docdir}/ml/ml-shared.asciidoc[tag=categorization-examples-limit]

`model_memory_limit`:::
(long or string) 
include::{docdir}/ml/ml-shared.asciidoc[tag=model-memory-limit]
====
//End analysis_limits

`background_persist_interval`::
(Optional, <<time-units, time units>>)
include::{docdir}/ml/ml-shared.asciidoc[tag=background-persist-interval]

[[put-customsettings]]`custom_settings`::
(Optional, object)
include::{docdir}/ml/ml-shared.asciidoc[tag=custom-settings]

//Begin data_description
[[put-datadescription]]`data_description`::
(Required, object)
include::{docdir}/ml/ml-shared.asciidoc[tag=data-description]
//End data_description

`description`::
  (Optional, string) A description of the job.

`groups`::
(Optional, array of strings)
include::{docdir}/ml/ml-shared.asciidoc[tag=groups]

//Begin model_plot_config
`model_plot_config`::
(Optional, object)
include::{docdir}/ml/ml-shared.asciidoc[tag=model-plot-config]
+
.Properties of `model_plot_config`
[%collapsible%open]
====
`enabled`:::
(boolean)
include::{docdir}/ml/ml-shared.asciidoc[tag=model-plot-config-enabled]

`terms`:::
experimental[] (string)
include::{docdir}/ml/ml-shared.asciidoc[tag=model-plot-config-terms]
====
//End model_plot_config

`model_snapshot_retention_days`::
(Optional, long)
include::{docdir}/ml/ml-shared.asciidoc[tag=model-snapshot-retention-days]

`renormalization_window_days`::
(Optional, long)
include::{docdir}/ml/ml-shared.asciidoc[tag=renormalization-window-days]

`results_index_name`::
(Optional, string)
include::{docdir}/ml/ml-shared.asciidoc[tag=results-index-name]

`results_retention_days`::
(Optional, long)
include::{docdir}/ml/ml-shared.asciidoc[tag=results-retention-days]

[[ml-put-job-example]]
==== {api-examples-title}

[source,console]
--------------------------------------------------
PUT _ml/anomaly_detectors/total-requests
{
  "description" : "Total sum of requests",
  "analysis_config" : {
    "bucket_span":"10m",
    "detectors": [
      {
        "detector_description": "Sum of total",
        "function": "sum",
        "field_name": "total"
      }
    ]
  },
  "data_description" : {
    "time_field":"timestamp",
    "time_format": "epoch_ms"
  }
}
--------------------------------------------------

When the job is created, you receive the following results:

[source,console-result]
----
{
  "job_id" : "total-requests",
  "job_type" : "anomaly_detector",
  "job_version" : "8.0.0",
  "description" : "Total sum of requests",
  "create_time" : 1562352500629,
  "analysis_config" : {
    "bucket_span" : "10m",
    "detectors" : [
      {
        "detector_description" : "Sum of total",
        "function" : "sum",
        "field_name" : "total",
        "detector_index" : 0
      }
    ],
    "influencers" : [ ]
  },
  "analysis_limits" : {
    "model_memory_limit" : "1024mb",
    "categorization_examples_limit" : 4
  },
  "data_description" : {
    "time_field" : "timestamp",
    "time_format" : "epoch_ms"
  },
  "model_snapshot_retention_days" : 1,
  "results_index_name" : "shared",
  "allow_lazy_open" : false
}
----
// TESTRESPONSE[s/"job_version" : "8.0.0"/"job_version" : $body.job_version/]
// TESTRESPONSE[s/1562352500629/$body.$_path/]