WARNING: Version 5.6 of Elasticsearch has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
The get categories API enables you to retrieve job results for one or more categories.
GET _xpack/ml/anomaly_detectors/<job_id>/results/categories
GET _xpack/ml/anomaly_detectors/<job_id>/results/categories/<category_id>
For more information about categories, see Categorizing Log Messages.
-
job_id
- (string) Identifier for the job.
-
category_id
- (long) Identifier for the category. If you do not specify this optional parameter, the API returns information about all categories in the job.
-
page
-
-
from
- (integer) Skips the specified number of categories.
-
size
- (integer) Specifies the maximum number of categories to obtain.
-
The API returns the following information:
-
categories
- (array) An array of category objects. For more information, see Categories.
You must have monitor_ml
, monitor
, manage_ml
, or manage
cluster
privileges to use this API. You also need read
index privilege on the index
that stores the results. The machine_learning_admin
and machine_learning_user
roles provide these privileges. For more information, see
Security Privileges and
Built-in Roles.
The following example gets information about one category for the
it_ops_new_logs
job:
GET _xpack/ml/anomaly_detectors/it_ops_new_logs/results/categories { "page":{ "size": 1 } }
In this example, the API returns the following information:
{ "count": 11, "categories": [ { "job_id": "it_ops_new_logs", "category_id": 1, "terms": "Actual Transaction Already Voided Reversed hostname dbserver.acme.com physicalhost esxserver1.acme.com vmhost app1.acme.com", "regex": ".*?Actual.+?Transaction.+?Already.+?Voided.+?Reversed.+?hostname.+?dbserver.acme.com.+?physicalhost.+?esxserver1.acme.com.+?vmhost.+?app1.acme.com.*", "max_matching_length": 137, "examples": [ "Actual Transaction Already Voided / Reversed;hostname=dbserver.acme.com;physicalhost=esxserver1.acme.com;vmhost=app1.acme.com" ] } ] }