Path parameters

  • job_idstring Required

    Identifier for the anomaly detection job.

  • timestampstring | number Required

    The timestamp of a single bucket result. If you do not specify this parameter, the API returns information about all buckets.

Query parameters

  • anomaly_scorenumber

    Returns buckets with anomaly scores greater or equal than this value.

  • descboolean

    If true, the buckets are sorted in descending order.

  • endstring | number

    Returns buckets with timestamps earlier than this time. -1 means it is unset and results are not limited to specific timestamps.

  • exclude_interimboolean

    If true, the output excludes interim results.

  • expandboolean

    If true, the output includes anomaly records.

  • fromnumber

    Skips the specified number of buckets.

  • sizenumber

    Specifies the maximum number of buckets to obtain.

  • sortstring

    Specifies the sort field for the requested buckets.

  • startstring | number

    Returns buckets with timestamps after this time. -1 means it is unset and results are not limited to specific timestamps.

application/json

Body

  • anomaly_scorenumber

    Refer to the description for the anomaly_score query parameter.

  • descboolean

    Refer to the description for the desc query parameter.

  • endstring | number

    A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.

    One of:
    DateTimestringUnitMillisnumber

    Time unit for milliseconds

  • exclude_interimboolean

    Refer to the description for the exclude_interim query parameter.

  • expandboolean

    Refer to the description for the expand query parameter.

  • pageobject
    Hide page attributes Show page attributes object
    • fromnumber

      Skips the specified number of items.

    • sizenumber

      Specifies the maximum number of items to obtain.

  • sortstring

    Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

  • startstring | number

    A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.

    One of:
    DateTimestringUnitMillisnumber

    Time unit for milliseconds

Responses

  • 200 application/json
    Hide response attributes Show response attributes object
    • bucketsarray[object] Required
      Hide buckets attributes Show buckets attributes object
      • anomaly_scorenumber Required

        The maximum anomaly score, between 0-100, for any of the bucket influencers. This is an overall, rate-limited score for the job. All the anomaly records in the bucket contribute to this score. This value might be updated as new data is analyzed.

      • bucket_influencersarray[object] Required
        Hide bucket_influencers attributes Show bucket_influencers attributes object
        • anomaly_scorenumber Required

          A normalized score between 0-100, which is calculated for each bucket influencer. This score might be updated as newer data is analyzed.

        • bucket_spannumber

          Time unit for seconds

        • influencer_field_namestring Required

          Path to field or array of paths. Some API's support wildcards in the path to select multiple fields.

        • initial_anomaly_scorenumber Required

          The score between 0-100 for each bucket influencer. This score is the initial value that was calculated at the time the bucket was processed.

        • is_interimboolean Required

          If true, this is an interim result. In other words, the results are calculated based on partial input data.

        • job_idstring Required
        • probabilitynumber Required

          The probability that the bucket has this behavior, in the range 0 to 1. This value can be held to a high precision of over 300 decimal places, so the anomaly_score is provided as a human-readable and friendly interpretation of this.

        • raw_anomaly_scorenumber Required

          Internal.

        • result_typestring Required

          Internal. This value is always set to bucket_influencer.

        • timestampnumber

          Time unit for milliseconds

        • timestamp_stringstring
      • bucket_spannumber

        Time unit for seconds

      • event_countnumber Required

        The number of input data records processed in this bucket.

      • initial_anomaly_scorenumber Required

        The maximum anomaly score for any of the bucket influencers. This is the initial value that was calculated at the time the bucket was processed.

      • is_interimboolean Required

        If true, this is an interim result. In other words, the results are calculated based on partial input data.

      • job_idstring Required
      • processing_time_msnumber

        Time unit for milliseconds

      • result_typestring Required

        Internal. This value is always set to bucket.

      • timestampnumber

        Time unit for milliseconds

      • timestamp_stringstring | number

        A date and time, either as a string whose format can depend on the context (defaulting to ISO 8601), or a number of milliseconds since the Epoch. Elasticsearch accepts both as input, but will generally output a string representation.

        One of:
        DateTimestringUnitMillisnumber

        Time unit for milliseconds

    • countnumber Required
GET /_ml/anomaly_detectors/{job_id}/results/buckets/{timestamp}
GET _ml/anomaly_detectors/low_request_rate/results/buckets
{
  "anomaly_score": 80,
  "start": "1454530200001"
}
resp = client.ml.get_buckets(
    job_id="low_request_rate",
    anomaly_score=80,
    start="1454530200001",
)
const response = await client.ml.getBuckets({
  job_id: "low_request_rate",
  anomaly_score: 80,
  start: 1454530200001,
});
response = client.ml.get_buckets(
  job_id: "low_request_rate",
  body: {
    "anomaly_score": 80,
    "start": "1454530200001"
  }
)
$resp = $client->ml()->getBuckets([
    "job_id" => "low_request_rate",
    "body" => [
        "anomaly_score" => 80,
        "start" => "1454530200001",
    ],
]);
curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"anomaly_score":80,"start":"1454530200001"}' "$ELASTICSEARCH_URL/_ml/anomaly_detectors/low_request_rate/results/buckets"
Request example
An example body for a `GET _ml/anomaly_detectors/low_request_rate/results/buckets` request.
{
  "anomaly_score": 80,
  "start": "1454530200001"
}