Docs
-->
Elasticsearch Reference [7.0] » X-Pack APIs » Machine learning APIs » Get buckets API
«  Get calendars API     Get overall buckets API  »

Get buckets API

Retrieves job results for one or more buckets.

Request

GET _ml/anomaly_detectors/<job_id>/results/buckets

GET _ml/anomaly_detectors/<job_id>/results/buckets/<timestamp>

Description

The get buckets API presents a chronological view of the records, grouped by bucket.

Path Parameters

job_id
(string) Identifier for the job
timestamp
(string) The timestamp of a single bucket result. If you do not specify this optional parameter, the API returns information about all buckets.

Request Body

anomaly_score
(double) Returns buckets with anomaly scores greater or equal than this value.
desc
(boolean) If true, the buckets are sorted in descending order.
end
(string) Returns buckets with timestamps earlier than this time.
exclude_interim
(boolean) If true, the output excludes interim results. By default, interim results are included.
expand
(boolean) If true, the output includes anomaly records.
page
from
(integer) Skips the specified number of buckets.
size
(integer) Specifies the maximum number of buckets to obtain.
sort
(string) Specifies the sort field for the requested buckets. By default, the buckets are sorted by the timestamp field.
start
(string) Returns buckets with timestamps after this time.

Results

The API returns the following information:

buckets
(array) An array of bucket objects. For more information, see Buckets.

Authorization

You must have monitor_ml, monitor, manage_ml, or manage cluster privileges to use this API. You also need read index privilege on the index that stores the results. The machine_learning_admin and machine_learning_user roles provide these privileges. For more information, see Security Privileges and Built-in Roles.

Examples

The following example gets bucket information for the it-ops-kpi job:

GET _ml/anomaly_detectors/it-ops-kpi/results/buckets
{
  "anomaly_score": 80,
  "start": "1454530200001"
}

In this example, the API returns a single result that matches the specified score and time constraints:

{
  "count": 1,
  "buckets": [
    {
      "job_id": "it-ops-kpi",
      "timestamp": 1454943900000,
      "anomaly_score": 94.1706,
      "bucket_span": 300,
      "initial_anomaly_score": 94.1706,
      "event_count": 153,
      "is_interim": false,
      "bucket_influencers": [
        {
          "job_id": "it-ops-kpi",
          "result_type": "bucket_influencer",
          "influencer_field_name": "bucket_time",
          "initial_anomaly_score": 94.1706,
          "anomaly_score": 94.1706,
          "raw_anomaly_score": 2.32119,
          "probability": 0.00000575042,
          "timestamp": 1454943900000,
          "bucket_span": 300,
          "is_interim": false
        }
      ],
      "processing_time_ms": 2,
      "partition_scores": [],
      "result_type": "bucket"
    }
  ]
}
«  Get calendars API     Get overall buckets API  »