Toolcog home
Search + K

Command Palette

Search for a command to run...

Sign In

Get anomaly detection job results for buckets

GET /_ml/anomaly_detectors/{job_id}/results/buckets/{timestamp}
Copy endpoint

The API presents a chronological view of the records, grouped by bucket.

Required authorization

  • Cluster privileges: monitor_ml

Parameters

path Path Parameters

Name Type
job_id required

Identifier for the anomaly detection job.
type TypesId = string
timestamp required

The timestamp of a single bucket result. If you do not specify this parameter, the API returns information about all buckets.
type TypesDateTime = type TypesEpochTimeUnitMillis = TypesUnitMillis | string

query Query Parameters

Name Type
anomaly_score

Returns buckets with anomaly scores greater or equal than this value.
number
desc

If true, the buckets are sorted in descending order.
boolean
end

Returns buckets with timestamps earlier than this time. -1 means it is unset and results are not limited to specific timestamps.
type TypesDateTime = type TypesEpochTimeUnitMillis = TypesUnitMillis | string
exclude_interim

If true, the output excludes interim results.
boolean
expand

If true, the output includes anomaly records.
boolean
from

Skips the specified number of buckets.
number
size

Specifies the maximum number of buckets to obtain.
number
sort

Specifies the sort field for the requested buckets.
type TypesField = string
start

Returns buckets with timestamps after this time. -1 means it is unset and results are not limited to specific timestamps.
type TypesDateTime = type TypesEpochTimeUnitMillis = TypesUnitMillis | string

Request Body

application/json
{
anomaly_score?: number;
desc?: boolean;
end?: TypesDateTime

A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.

type TypesDateTime = TypesEpochTimeUnitMillis | string
;
exclude_interim?: boolean;
expand?: boolean;
page?: MlTypesPage
interface MlTypesPage {
from?: number;
size?: number;
}
;
sort?: TypesField

Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

type TypesField = string
;
start?: TypesDateTime

A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.

type TypesDateTime = TypesEpochTimeUnitMillis | string
;
}

Responses

200 application/json
{ buckets: MlTypesBucketSummary
interface MlTypesBucketSummary {
anomaly_score: number;
bucket_influencers: MlTypesBucketInfluencer[];
bucket_span: TypesDurationValueUnitSeconds;
event_count: number;
initial_anomaly_score: number;
is_interim: boolean;
job_id: TypesId;
processing_time_ms: TypesDurationValueUnitMillis;
result_type: string;
timestamp: TypesEpochTimeUnitMillis;
timestamp_string?: TypesDateTime;
}
[];count: number; }