Package co.elastic.clients.elasticsearch.ml

Class AnalysisConfig

java.lang.Object
co.elastic.clients.elasticsearch.ml.AnalysisConfig
All Implemented Interfaces:
JsonpSerializable
@JsonpDeserializable
public class AnalysisConfig
extends java.lang.Object
implements JsonpSerializable
See Also:
API specification

  • Field Details

  • Method Details

    • of

      public static AnalysisConfig of​(java.util.function.Function<AnalysisConfig.Builder,​ObjectBuilder<AnalysisConfig>> fn)

    • bucketSpan

      public final java.lang.String bucketSpan()
      Required - The size of the interval that the analysis is aggregated into, typically between 5m and 1h. If the anomaly detection job uses a datafeed with aggregations, this value must be divisible by the interval of the date histogram aggregation.
      • @server_default 5m

      API name: bucket_span

    • categorizationAnalyzer

      @Nullable public final CategorizationAnalyzer categorizationAnalyzer()
      If categorization_field_name is specified, you can also define the analyzer that is used to interpret the categorization field. This property cannot be used at the same time as categorization_filters. The categorization analyzer specifies how the categorization_field is interpreted by the categorization process. The categorization_analyzer field can be specified either as a string or as an object. If it is a string it must refer to a built-in analyzer or one added by another plugin.

      API name: categorization_analyzer

    • categorizationFieldName

      @Nullable public final java.lang.String categorizationFieldName()
      If this property is specified, the values of the specified field will be categorized. The resulting categories must be used in a detector by setting by_field_name, over_field_name, or partition_field_name to the keyword mlcategory.

      API name: categorization_field_name

    • categorizationFilters

      public final java.util.List<java.lang.String> categorizationFilters()
      If categorization_field_name is specified, you can also define optional filters. This property expects an array of regular expressions. The expressions are used to filter out matching sequences from the categorization field values. You can use this functionality to fine tune the categorization by excluding sequences from consideration when categories are defined. For example, you can exclude SQL statements that appear in your log files. This property cannot be used at the same time as categorization_analyzer. If you only want to define simple regular expression filters that are applied prior to tokenization, setting this property is the easiest method. If you also want to customize the tokenizer or post-tokenization filtering, use the categorization_analyzer property instead and include the filters as pattern_replace character filters. The effect is exactly the same.

      API name: categorization_filters

    • detectors

      public final java.util.List<Detector> detectors()
      Required - Detector configuration objects specify which data fields a job analyzes. They also specify which analytical functions are used. You can specify multiple detectors for a job. If the detectors array does not contain at least one detector, no analysis can occur and an error is returned.

      API name: detectors

    • influencers

      public final java.util.List<java.lang.String> influencers()
      A comma separated list of influencer field names. Typically these can be the by, over, or partition fields that are used in the detector configuration. You might also want to use a field name that is not specifically named in a detector, but is available as part of the input data. When you use multiple detectors, the use of influencers is recommended as it aggregates results for each influencer entity.

      API name: influencers

    • modelPruneWindow

      @Nullable public final Time modelPruneWindow()
      Advanced configuration option. Affects the pruning of models that have not been updated for the given time duration. The value must be set to a multiple of the bucket_span. If set too low, important information may be removed from the model. Typically, set to 30d or longer. If not set, model pruning only occurs if the model memory status reaches the soft limit or the hard limit.

      API name: model_prune_window

    • latency

      @Nullable public final Time latency()
      The size of the window in which to expect data that is out of time order. If you specify a non-zero value, it must be greater than or equal to one second. NOTE: Latency is only applicable when you send data by using the post data API.

      API name: latency

    • multivariateByFields

      @Nullable public final java.lang.Boolean multivariateByFields()
      This functionality is reserved for internal use. It is not supported for use in customer environments and is not subject to the support SLA of official GA features. If set to true, the analysis will automatically find correlations between metrics for a given by field value and report anomalies when those correlations cease to hold. For example, suppose CPU and memory usage on host A is usually highly correlated with the same metrics on host B. Perhaps this correlation occurs because they are running a load-balanced application. If you enable this property, anomalies will be reported when, for example, CPU usage on host A is high and the value of CPU usage on host B is low. That is to say, you’ll see an anomaly when the CPU of host A is unusual given the CPU of host B. To use the multivariate_by_fields property, you must also specify by_field_name in your detector.

      API name: multivariate_by_fields

    • perPartitionCategorization

      @Nullable public final PerPartitionCategorization perPartitionCategorization()
      Settings related to how categorization interacts with partition fields.

      API name: per_partition_categorization

    • summaryCountFieldName

      @Nullable public final java.lang.String summaryCountFieldName()
      If this property is specified, the data that is fed to the job is expected to be pre-summarized. This property value is the name of the field that contains the count of raw data points that have been summarized. The same summary_count_field_name applies to all detectors in the job. NOTE: The summary_count_field_name property cannot be used with the metric function.

      API name: summary_count_field_name

    • serialize

      public void serialize​(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper)
      Serialize this object to JSON.
      Specified by:
      serialize in interface JsonpSerializable

    • serializeInternal

      protected void serializeInternal​(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper)

    • setupAnalysisConfigDeserializer

      protected static void setupAnalysisConfigDeserializer​(ObjectDeserializer<AnalysisConfig.Builder> op)