Class AnalysisConfigRead
java.lang.Object
co.elastic.clients.elasticsearch.ml.AnalysisConfigRead
- All Implemented Interfaces:
JsonpSerializable
- See Also:
-
Nested Class Summary
-
Field Summary
Modifier and TypeFieldDescriptionstatic final JsonpDeserializer<AnalysisConfigRead>
Json deserializer forAnalysisConfigRead
-
Method Summary
Modifier and TypeMethodDescriptionfinal String
Required - The size of the interval that the analysis is aggregated into, typically between 5m and 1h.final CategorizationAnalyzer
Ifcategorization_field_name
is specified, you can also define the analyzer that is used to interpret the categorization field.final String
If this property is specified, the values of the specified field will be categorized.Ifcategorization_field_name
is specified, you can also define optional filters.final List<DetectorRead>
Required - Detector configuration objects specify which data fields a job analyzes.Required - A comma separated list of influencer field names.final Time
latency()
The size of the window in which to expect data that is out of time order.final Time
Advanced configuration option.final Boolean
This functionality is reserved for internal use.static AnalysisConfigRead
Settings related to how categorization interacts with partition fields.void
serialize
(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper) Serialize this object to JSON.protected void
serializeInternal
(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper) protected static void
final String
If this property is specified, the data that is fed to the job is expected to be pre-summarized.toString()
-
Field Details
-
_DESERIALIZER
Json deserializer forAnalysisConfigRead
-
-
Method Details
-
of
public static AnalysisConfigRead of(Function<AnalysisConfigRead.Builder, ObjectBuilder<AnalysisConfigRead>> fn) -
bucketSpan
Required - The size of the interval that the analysis is aggregated into, typically between 5m and 1h. If the anomaly detection job uses a datafeed with aggregations, this value must be divisible by the interval of the date histogram aggregation.- @server_default 5m
API name:
bucket_span
-
categorizationAnalyzer
Ifcategorization_field_name
is specified, you can also define the analyzer that is used to interpret the categorization field. This property cannot be used at the same time ascategorization_filters
. The categorization analyzer specifies how thecategorization_field
is interpreted by the categorization process. Thecategorization_analyzer
field can be specified either as a string or as an object. If it is a string it must refer to a built-in analyzer or one added by another plugin.API name:
categorization_analyzer
-
categorizationFieldName
If this property is specified, the values of the specified field will be categorized. The resulting categories must be used in a detector by settingby_field_name
,over_field_name
, orpartition_field_name
to the keywordmlcategory
.API name:
categorization_field_name
-
categorizationFilters
Ifcategorization_field_name
is specified, you can also define optional filters. This property expects an array of regular expressions. The expressions are used to filter out matching sequences from the categorization field values. You can use this functionality to fine tune the categorization by excluding sequences from consideration when categories are defined. For example, you can exclude SQL statements that appear in your log files. This property cannot be used at the same time ascategorization_analyzer
. If you only want to define simple regular expression filters that are applied prior to tokenization, setting this property is the easiest method. If you also want to customize the tokenizer or post-tokenization filtering, use thecategorization_analyzer
property instead and include the filters as pattern_replace character filters. The effect is exactly the same.API name:
categorization_filters
-
detectors
Required - Detector configuration objects specify which data fields a job analyzes. They also specify which analytical functions are used. You can specify multiple detectors for a job. If the detectors array does not contain at least one detector, no analysis can occur and an error is returned.API name:
detectors
-
influencers
Required - A comma separated list of influencer field names. Typically these can be the by, over, or partition fields that are used in the detector configuration. You might also want to use a field name that is not specifically named in a detector, but is available as part of the input data. When you use multiple detectors, the use of influencers is recommended as it aggregates results for each influencer entity.API name:
influencers
-
modelPruneWindow
Advanced configuration option. Affects the pruning of models that have not been updated for the given time duration. The value must be set to a multiple of thebucket_span
. If set too low, important information may be removed from the model. Typically, set to30d
or longer. If not set, model pruning only occurs if the model memory status reaches the soft limit or the hard limit.API name:
model_prune_window
-
latency
The size of the window in which to expect data that is out of time order. If you specify a non-zero value, it must be greater than or equal to one second. NOTE: Latency is only applicable when you send data by using the post data API.API name:
latency
-
multivariateByFields
This functionality is reserved for internal use. It is not supported for use in customer environments and is not subject to the support SLA of official GA features. If set to true, the analysis will automatically find correlations between metrics for a given by field value and report anomalies when those correlations cease to hold. For example, suppose CPU and memory usage on host A is usually highly correlated with the same metrics on host B. Perhaps this correlation occurs because they are running a load-balanced application. If you enable this property, anomalies will be reported when, for example, CPU usage on host A is high and the value of CPU usage on host B is low. That is to say, you’ll see an anomaly when the CPU of host A is unusual given the CPU of host B. To use themultivariate_by_fields
property, you must also specifyby_field_name
in your detector.API name:
multivariate_by_fields
-
perPartitionCategorization
Settings related to how categorization interacts with partition fields.API name:
per_partition_categorization
-
summaryCountFieldName
If this property is specified, the data that is fed to the job is expected to be pre-summarized. This property value is the name of the field that contains the count of raw data points that have been summarized. The samesummary_count_field_name
applies to all detectors in the job. NOTE: Thesummary_count_field_name
property cannot be used with themetric
function.API name:
summary_count_field_name
-
serialize
Serialize this object to JSON.- Specified by:
serialize
in interfaceJsonpSerializable
-
serializeInternal
-
toString
-
setupAnalysisConfigReadDeserializer
protected static void setupAnalysisConfigReadDeserializer(ObjectDeserializer<AnalysisConfigRead.Builder> op)
-