search

TomonoriSoejima / Tejun

notes related to working cases
5 stars 3 forks source link

ML repro step #35

Open TomonoriSoejima opened 4 years ago

TomonoriSoejima commented 4 years ago

it works in 7.8.0


PUT _ml/anomaly_detectors/tomo3
{
  "job_id": "tomo3",
  "job_type": "anomaly_detector",
  "description": "",
  "analysis_config": {
    "bucket_span": "15m",
    "summary_count_field_name": "bytesSent",
    "detectors": [
      {
        "function": "mean",
        "field_name": "bytesSent",
        "detector_description": "mean(bytesSent)"
      }
    ],
    "influencers": []
  },
  "analysis_limits": {
    "model_memory_limit": "11MB"
  },
  "data_description": {
    "time_field": "@timestamp",
    "time_format": "epoch_ms"
  },
  "model_plot_config": {
    "enabled": false,
    "annotations_enabled": false
  },
  "model_snapshot_retention_days": 10,
  "daily_model_snapshot_retention_after_days": 1,
  "allow_lazy_open": false,
  "groups": [],
  "results_index_name": "tomo3"
}

PUT _ml/datafeeds/datafeed-tomo3
{
  "indices": [
    "user-activity"
  ],
  "query": {
    "bool": {
      "must": [
        {
          "match_all": {}
        }
      ]
    }
  },
  "scroll_size": 1000,
  "chunking_config": {
    "mode": "auto"
  },
  "delayed_data_check_config": {
    "enabled": true
  },
  "indices_options": {
    "expand_wildcards": [
      "open"
    ],
    "ignore_unavailable": false,
    "allow_no_indices": true,
    "ignore_throttled": true
  },
  "job_id": "tomo3",
  "datafeed_id": "datafeed-tomo3"
}
TomonoriSoejima commented 4 years ago 

PUT _ml/anomaly_detectors/koreyo2
{
  "job_id": "koreyo2",
  "job_type": "anomaly_detector",
  "job_version": "7.4.2",
  "description": "dpm",
  "analysis_config": {
        "summary_count_field_name": "doc_count",
    "bucket_span": "5m",
    "detectors": [
      {
        "function": "high_info_content",
        "field_name": "subdomain",
        "over_field_name": "highest_registered_domain",
        "custom_rules": [
          {
            "actions": [
              "skip_result"
            ],
            "scope": {
              "highest_registered_domain": {
                "filter_id": "safe_domains",
                "filter_type": "include"
              }
            }
          }
        ]
      }
    ]
  },
  "data_description": {
    "time_field": "timestamp"
  }
}

PUT _ml/datafeeds/datafeed-koreyo2
{
  "job_id": "koreyo2",
  "query_delay": "119024ms",
  "indices": [
    "user-activity"
  ],
  "query": {
    "bool": {
      "must": [
        {
          "match_all": {}
        }
      ]
    }
  },
  "aggregations": {
    "buckets": {
      "date_histogram": {
        "field": "@timestamp",
        "fixed_interval": "300000ms"
      },
      "aggregations": {
        "bytesSent": {
          "avg": {
            "field": "bytesSent"
          }
        },
        "@timestamp": {
          "max": {
            "field": "@timestamp"
          }
        }
      }
    }
  },
  "scroll_size": 1000,
  "chunking_config": {
    "mode": "manual",
    "time_span": "90000000ms"
  },
  "delayed_data_check_config": {
    "enabled": true
  }
}
TomonoriSoejima commented 4 years ago

In 7.4.1 I get this error if the request contains index_options

  "indices_options": {
    "expand_wildcards": [
      "open"
    ],
    "ignore_unavailable": false,
    "allow_no_indices": true,
    "ignore_throttled": true
  }
  "error": {
    "root_cause": [
      {
        "type": "x_content_parse_exception",
        "reason": "[21:3] [datafeed_config] unknown field [indices_options], parser not found"
      }
    ],
    "type": "x_content_parse_exception",
    "reason": "[21:3] [datafeed_config] unknown field [indices_options], parser not found"
  },
  "status": 400
}