Package co.elastic.clients.elasticsearch.ml

Class AnalysisConfig.Builder

java.lang.Object
co.elastic.clients.util.ObjectBuilderBase
co.elastic.clients.util.WithJsonObjectBuilderBase<AnalysisConfig.Builder>
co.elastic.clients.elasticsearch.ml.AnalysisConfig.Builder
All Implemented Interfaces:
WithJson<AnalysisConfig.Builder>, ObjectBuilder<AnalysisConfig>
Enclosing class:
AnalysisConfig
public static class AnalysisConfig.Builder extends WithJsonObjectBuilderBase<AnalysisConfig.Builder> implements ObjectBuilder<AnalysisConfig>
Builder for AnalysisConfig.

  • Constructor Details

    • Builder

      public Builder()

  • Method Details

    • bucketSpan

      public final AnalysisConfig.Builder bucketSpan(@Nullable Time value)
      The size of the interval that the analysis is aggregated into, typically between 5m and 1h. This value should be either a whole number of days or equate to a whole number of buckets in one day. If the anomaly detection job uses a datafeed with aggregations, this value must also be divisible by the interval of the date histogram aggregation.

      API name: bucket_span

    • bucketSpan

      public final AnalysisConfig.Builder bucketSpan(Function<Time.Builder,ObjectBuilder<Time>> fn)
      The size of the interval that the analysis is aggregated into, typically between 5m and 1h. This value should be either a whole number of days or equate to a whole number of buckets in one day. If the anomaly detection job uses a datafeed with aggregations, this value must also be divisible by the interval of the date histogram aggregation.

      API name: bucket_span

    • categorizationAnalyzer

      public final AnalysisConfig.Builder categorizationAnalyzer(@Nullable CategorizationAnalyzer value)
      If categorization_field_name is specified, you can also define the analyzer that is used to interpret the categorization field. This property cannot be used at the same time as categorization_filters. The categorization analyzer specifies how the categorization_field is interpreted by the categorization process. The categorization_analyzer field can be specified either as a string or as an object. If it is a string, it must refer to a built-in analyzer or one added by another plugin.

      API name: categorization_analyzer

    • categorizationAnalyzer

      public final AnalysisConfig.Builder categorizationAnalyzer(Function<CategorizationAnalyzer.Builder,ObjectBuilder<CategorizationAnalyzer>> fn)
      If categorization_field_name is specified, you can also define the analyzer that is used to interpret the categorization field. This property cannot be used at the same time as categorization_filters. The categorization analyzer specifies how the categorization_field is interpreted by the categorization process. The categorization_analyzer field can be specified either as a string or as an object. If it is a string, it must refer to a built-in analyzer or one added by another plugin.

      API name: categorization_analyzer

    • categorizationFieldName

      public final AnalysisConfig.Builder categorizationFieldName(@Nullable String value)
      If this property is specified, the values of the specified field will be categorized. The resulting categories must be used in a detector by setting by_field_name, over_field_name, or partition_field_name to the keyword mlcategory.

      API name: categorization_field_name

    • categorizationFilters

      public final AnalysisConfig.Builder categorizationFilters(List<String> list)
      If categorization_field_name is specified, you can also define optional filters. This property expects an array of regular expressions. The expressions are used to filter out matching sequences from the categorization field values. You can use this functionality to fine tune the categorization by excluding sequences from consideration when categories are defined. For example, you can exclude SQL statements that appear in your log files. This property cannot be used at the same time as categorization_analyzer. If you only want to define simple regular expression filters that are applied prior to tokenization, setting this property is the easiest method. If you also want to customize the tokenizer or post-tokenization filtering, use the categorization_analyzer property instead and include the filters as pattern_replace character filters. The effect is exactly the same.

      API name: categorization_filters

      Adds all elements of list to categorizationFilters.

    • categorizationFilters

      public final AnalysisConfig.Builder categorizationFilters(String value, String... values)
      If categorization_field_name is specified, you can also define optional filters. This property expects an array of regular expressions. The expressions are used to filter out matching sequences from the categorization field values. You can use this functionality to fine tune the categorization by excluding sequences from consideration when categories are defined. For example, you can exclude SQL statements that appear in your log files. This property cannot be used at the same time as categorization_analyzer. If you only want to define simple regular expression filters that are applied prior to tokenization, setting this property is the easiest method. If you also want to customize the tokenizer or post-tokenization filtering, use the categorization_analyzer property instead and include the filters as pattern_replace character filters. The effect is exactly the same.

      API name: categorization_filters

      Adds one or more values to categorizationFilters.

    • detectors

      public final AnalysisConfig.Builder detectors(List<Detector> list)
      Required - Detector configuration objects specify which data fields a job analyzes. They also specify which analytical functions are used. You can specify multiple detectors for a job. If the detectors array does not contain at least one detector, no analysis can occur and an error is returned.

      API name: detectors

      Adds all elements of list to detectors.

    • detectors

      public final AnalysisConfig.Builder detectors(Detector value, Detector... values)
      Required - Detector configuration objects specify which data fields a job analyzes. They also specify which analytical functions are used. You can specify multiple detectors for a job. If the detectors array does not contain at least one detector, no analysis can occur and an error is returned.

      API name: detectors

      Adds one or more values to detectors.

    • detectors

      public final AnalysisConfig.Builder detectors(Function<Detector.Builder,ObjectBuilder<Detector>> fn)
      Required - Detector configuration objects specify which data fields a job analyzes. They also specify which analytical functions are used. You can specify multiple detectors for a job. If the detectors array does not contain at least one detector, no analysis can occur and an error is returned.

      API name: detectors

      Adds a value to detectors using a builder lambda.

    • influencers

      public final AnalysisConfig.Builder influencers(List<String> list)
      A comma separated list of influencer field names. Typically these can be the by, over, or partition fields that are used in the detector configuration. You might also want to use a field name that is not specifically named in a detector, but is available as part of the input data. When you use multiple detectors, the use of influencers is recommended as it aggregates results for each influencer entity.

      API name: influencers

      Adds all elements of list to influencers.

    • influencers

      public final AnalysisConfig.Builder influencers(String value, String... values)
      A comma separated list of influencer field names. Typically these can be the by, over, or partition fields that are used in the detector configuration. You might also want to use a field name that is not specifically named in a detector, but is available as part of the input data. When you use multiple detectors, the use of influencers is recommended as it aggregates results for each influencer entity.

      API name: influencers

      Adds one or more values to influencers.

    • latency

      public final AnalysisConfig.Builder latency(@Nullable Time value)
      The size of the window in which to expect data that is out of time order. If you specify a non-zero value, it must be greater than or equal to one second. NOTE: Latency is applicable only when you send data by using the post data API.

      API name: latency

    • latency

      public final AnalysisConfig.Builder latency(Function<Time.Builder,ObjectBuilder<Time>> fn)
      The size of the window in which to expect data that is out of time order. If you specify a non-zero value, it must be greater than or equal to one second. NOTE: Latency is applicable only when you send data by using the post data API.

      API name: latency

    • modelPruneWindow

      public final AnalysisConfig.Builder modelPruneWindow(@Nullable Time value)
      Advanced configuration option. Affects the pruning of models that have not been updated for the given time duration. The value must be set to a multiple of the bucket_span. If set too low, important information may be removed from the model. For jobs created in 8.1 and later, the default value is the greater of 30d or 20 times bucket_span.

      API name: model_prune_window

    • modelPruneWindow

      public final AnalysisConfig.Builder modelPruneWindow(Function<Time.Builder,ObjectBuilder<Time>> fn)
      Advanced configuration option. Affects the pruning of models that have not been updated for the given time duration. The value must be set to a multiple of the bucket_span. If set too low, important information may be removed from the model. For jobs created in 8.1 and later, the default value is the greater of 30d or 20 times bucket_span.

      API name: model_prune_window

    • multivariateByFields

      public final AnalysisConfig.Builder multivariateByFields(@Nullable Boolean value)
      This functionality is reserved for internal use. It is not supported for use in customer environments and is not subject to the support SLA of official GA features. If set to true, the analysis will automatically find correlations between metrics for a given by field value and report anomalies when those correlations cease to hold. For example, suppose CPU and memory usage on host A is usually highly correlated with the same metrics on host B. Perhaps this correlation occurs because they are running a load-balanced application. If you enable this property, anomalies will be reported when, for example, CPU usage on host A is high and the value of CPU usage on host B is low. That is to say, you’ll see an anomaly when the CPU of host A is unusual given the CPU of host B. To use the multivariate_by_fields property, you must also specify by_field_name in your detector.

      API name: multivariate_by_fields

    • perPartitionCategorization

      public final AnalysisConfig.Builder perPartitionCategorization(@Nullable PerPartitionCategorization value)
      Settings related to how categorization interacts with partition fields.

      API name: per_partition_categorization

    • perPartitionCategorization

      public final AnalysisConfig.Builder perPartitionCategorization(Function<PerPartitionCategorization.Builder,ObjectBuilder<PerPartitionCategorization>> fn)
      Settings related to how categorization interacts with partition fields.

      API name: per_partition_categorization

    • summaryCountFieldName

      public final AnalysisConfig.Builder summaryCountFieldName(@Nullable String value)
      If this property is specified, the data that is fed to the job is expected to be pre-summarized. This property value is the name of the field that contains the count of raw data points that have been summarized. The same summary_count_field_name applies to all detectors in the job. NOTE: The summary_count_field_name property cannot be used with the metric function.

      API name: summary_count_field_name

    • self

      protected AnalysisConfig.Builder self()
      Specified by:
      self in class WithJsonObjectBuilderBase<AnalysisConfig.Builder>

    • build

      public AnalysisConfig build()
      Builds a AnalysisConfig.
      Specified by:
      build in interface ObjectBuilder<AnalysisConfig>
      Throws:
      NullPointerException - if some of the required fields are null.