Get anomaly detection job results for categories Generally available; Added in 5.4.0

POST /_ml/anomaly_detectors/{job_id}/results/categories/{category_id}
Api key auth Basic auth Bearer auth

All methods and paths for this operation:

GET /_ml/anomaly_detectors/{job_id}/results/categories

POST /_ml/anomaly_detectors/{job_id}/results/categories
GET /_ml/anomaly_detectors/{job_id}/results/categories/{category_id}
POST /_ml/anomaly_detectors/{job_id}/results/categories/{category_id}

Required authorization

  • Cluster privileges: monitor_ml

Path parameters

  • job_id string Required

    Identifier for the anomaly detection job.

  • category_id string

    Identifier for the category, which is unique in the job. If you specify neither the category ID nor the partition_field_value, the API returns information about all categories. If you specify only the partition_field_value, it returns information about all categories for the specified partition.

Query parameters

  • from number

    Skips the specified number of categories.

  • partition_field_value string

    Only return categories for the specified partition.

  • size number

    Specifies the maximum number of categories to obtain.

application/json

Body

  • page object

    Configures pagination. This parameter has the from and size properties.

    Hide page attributes Show page attributes object
    • from number

      Skips the specified number of items.

      Default value is 0.

    • size number

      Specifies the maximum number of items to obtain.

      Default value is 10000.

Responses

  • 200 application/json
    Hide response attributes Show response attributes object
    • categories array[object] Required
      Hide categories attributes Show categories attributes object
      • category_id number Required

        A unique identifier for the category. category_id is unique at the job level, even when per-partition categorization is enabled.

      • examples array[string] Required

        A list of examples of actual values that matched the category.

      • grok_pattern string

        [experimental] A Grok pattern that could be used in Logstash or an ingest pipeline to extract fields from messages that match the category. This field is experimental and may be changed or removed in a future release. The Grok patterns that are found are not optimal, but are often a good starting point for manual tweaking.

      • job_id string Required

        Identifier for the anomaly detection job.

      • max_matching_length number Required

        The maximum length of the fields that matched the category. The value is increased by 10% to enable matching for similar fields that have not been analyzed.

      • partition_field_name string

        If per-partition categorization is enabled, this property identifies the field used to segment the categorization. It is not present when per-partition categorization is disabled.

      • partition_field_value string

        If per-partition categorization is enabled, this property identifies the value of the partition_field_name for the category. It is not present when per-partition categorization is disabled.

      • regex string Required

        A regular expression that is used to search for values that match the category.

      • terms string Required

        A space separated list of the common tokens that are matched in values of the category.

      • num_matches number

        The number of messages that have been matched by this category. This is only guaranteed to have the latest accurate count after a job _flush or _close

      • preferred_to_categories array[string]

        A list of category_id entries that this current category encompasses. Any new message that is processed by the categorizer will match against this category and not any of the categories in this list. This is only guaranteed to have the latest accurate list of categories after a job _flush or _close

      • p string
      • result_type string Required
      • mlcategory string Required
    • count number Required
POST /_ml/anomaly_detectors/{job_id}/results/categories/{category_id} 
GET _ml/anomaly_detectors/esxi_log/results/categories
{
  "page":{
    "size": 1
  }
}
resp = client.ml.get_categories(
    job_id="esxi_log",
    page={
        "size": 1
    },
)
const response = await client.ml.getCategories({
  job_id: "esxi_log",
  page: {
    size: 1,
  },
});
response = client.ml.get_categories(
  job_id: "esxi_log",
  body: {
    "page": {
      "size": 1
    }
  }
)
$resp = $client->ml()->getCategories([
    "job_id" => "esxi_log",
    "body" => [
        "page" => [
            "size" => 1,
        ],
    ],
]);
curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"page":{"size":1}}' "$ELASTICSEARCH_URL/_ml/anomaly_detectors/esxi_log/results/categories"
client.ml().getCategories(g -> g
    .jobId("esxi_log")
    .page(p -> p
        .size(1)
    )
);
Request example
An example body for a `GET _ml/anomaly_detectors/esxi_log/results/categories` request. 
{
  "page":{
    "size": 1
  }
}