IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Get filters API Open anomaly detection jobs API »
Elastic Docs Elasticsearch Guide [7.2] X-Pack APIs Machine learning APIs

Get records API

edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.

Get records API

edit

Retrieves anomaly records for an anomaly detection job.

Request

edit

GET _ml/anomaly_detectors/<job_id>/results/records

Prerequisites

edit
  • You must have monitor_ml, monitor, manage_ml, or manage cluster privileges to use this API. You also need read index privilege on the index that stores the results. The machine_learning_admin and machine_learning_user roles provide these privileges. For more information, see Security privileges and Built-in roles.

Path parameters

edit
<job_id>
(Required, string) Identifier for the anomaly detection job.

Request body

edit
desc
(boolean) If true, the results are sorted in descending order.
end
(string) Returns records with timestamps earlier than this time.
exclude_interim
(boolean) If true, the output excludes interim results. By default, interim results are included.
page
from
(integer) Skips the specified number of records.
size
(integer) Specifies the maximum number of records to obtain.
record_score
(double) Returns records with anomaly scores greater or equal than this value.
sort
(string) Specifies the sort field for the requested records. By default, the records are sorted by the anomaly_score value.
start
(string) Returns records with timestamps after this time.

Response body

edit

The API returns the following information:

records
(array) An array of record objects. For more information, see Records.

Examples

edit

The following example gets record information for the it-ops-kpi job:

GET _ml/anomaly_detectors/it-ops-kpi/results/records
{
  "sort": "record_score",
  "desc": true,
  "start": "1454944100000"
}

In this example, the API returns twelve results for the specified time constraints:

{
  "count": 12,
  "records": [
    {
      "job_id": "it-ops-kpi",
      "result_type": "record",
      "probability": 0.00000332668,
      "record_score": 72.9929,
      "initial_record_score": 65.7923,
      "bucket_span": 300,
      "detector_index": 0,
      "is_interim": false,
      "timestamp": 1454944200000,
      "function": "low_sum",
      "function_description": "sum",
      "typical": [
        1806.48
      ],
      "actual": [
        288
      ],
      "field_name": "events_per_min"
    },
  ...
  ]
}
« Get filters API Open anomaly detection jobs API »