Package co.elastic.clients.elasticsearch.ml

Class PutDatafeedRequest

java.lang.Object
co.elastic.clients.elasticsearch._types.RequestBase
co.elastic.clients.elasticsearch.ml.PutDatafeedRequest
All Implemented Interfaces:
JsonpSerializable
@JsonpDeserializable
public class PutDatafeedRequest
extends RequestBase
implements JsonpSerializable
Instantiates a datafeed. Datafeeds retrieve data from Elasticsearch for analysis by an anomaly detection job. You can associate only one datafeed with each anomaly detection job. The datafeed contains a query that runs at a defined interval (frequency). If you are concerned about delayed data, you can add a delay (query_delay') at each interval. When Elasticsearch security features are enabled, your datafeed remembers which roles the user who created it had at the time of creation and runs the query using those same roles. If you provide secondary authorization headers, those credentials are used instead. You must use Kibana, this API, or the create anomaly detection jobs API to create a datafeed. Do not add a datafeed directly to the .ml-configindex. Do not give userswriteprivileges on the.ml-config` index.
See Also:
API specification

  • Field Details

  • Method Details

    • of

      public static PutDatafeedRequest of​(java.util.function.Function<PutDatafeedRequest.Builder,​ObjectBuilder<PutDatafeedRequest>> fn)

    • aggregations

      public final java.util.Map<java.lang.String,​Aggregation> aggregations()
      If set, the datafeed performs aggregation searches. Support for aggregations is limited and should be used only with low cardinality data.

      API name: aggregations

    • allowNoIndices

      @Nullable public final java.lang.Boolean allowNoIndices()
      If true, wildcard indices expressions that resolve into no concrete indices are ignored. This includes the _all string or when no indices are specified.

      API name: allow_no_indices

    • chunkingConfig

      @Nullable public final ChunkingConfig chunkingConfig()
      Datafeeds might be required to search over long time periods, for several months or years. This search is split into time chunks in order to ensure the load on Elasticsearch is managed. Chunking configuration controls how the size of these time chunks are calculated; it is an advanced configuration option.

      API name: chunking_config

    • datafeedId

      public final java.lang.String datafeedId()
      Required - A numerical character string that uniquely identifies the datafeed. This identifier can contain lowercase alphanumeric characters (a-z and 0-9), hyphens, and underscores. It must start and end with alphanumeric characters.

      API name: datafeed_id

    • delayedDataCheckConfig

      @Nullable public final DelayedDataCheckConfig delayedDataCheckConfig()
      Specifies whether the datafeed checks for missing data and the size of the window. The datafeed can optionally search over indices that have already been read in an effort to determine whether any data has subsequently been added to the index. If missing data is found, it is a good indication that the query_delay is set too low and the data is being indexed after the datafeed has passed that moment in time. This check runs only on real-time datafeeds.

      API name: delayed_data_check_config

    • expandWildcards

      public final java.util.List<ExpandWildcard> expandWildcards()
      Type of index that wildcard patterns can match. If the request can target data streams, this argument determines whether wildcard expressions match hidden data streams. Supports comma-separated values.

      API name: expand_wildcards

    • frequency

      @Nullable public final Time frequency()
      The interval at which scheduled queries are made while the datafeed runs in real time. The default value is either the bucket span for short bucket spans, or, for longer bucket spans, a sensible fraction of the bucket span. When frequency is shorter than the bucket span, interim results for the last (partial) bucket are written then eventually overwritten by the full bucket results. If the datafeed uses aggregations, this value must be divisible by the interval of the date histogram aggregation.

      API name: frequency

    • headers

      public final java.util.Map<java.lang.String,​java.util.List<java.lang.String>> headers()
      API name: headers

    • ignoreThrottled

      @Deprecated @Nullable public final java.lang.Boolean ignoreThrottled()
      Deprecated.
      7.16.0
      If true, concrete, expanded, or aliased indices are ignored when frozen.

      API name: ignore_throttled

    • ignoreUnavailable

      @Nullable public final java.lang.Boolean ignoreUnavailable()
      If true, unavailable indices (missing or closed) are ignored.

      API name: ignore_unavailable

    • indices

      public final java.util.List<java.lang.String> indices()
      An array of index names. Wildcards are supported. If any of the indices are in remote clusters, the machine learning nodes must have the remote_cluster_client role.

      API name: indices

    • indicesOptions

      @Nullable public final IndicesOptions indicesOptions()
      Specifies index expansion options that are used during search

      API name: indices_options

    • jobId

      @Nullable public final java.lang.String jobId()
      Identifier for the anomaly detection job.

      API name: job_id

    • maxEmptySearches

      @Nullable public final java.lang.Integer maxEmptySearches()
      If a real-time datafeed has never seen any data (including during any initial training period), it automatically stops and closes the associated job after this many real-time searches return no documents. In other words, it stops after frequency times max_empty_searches of real-time operation. If not set, a datafeed with no end time that sees no data remains started until it is explicitly stopped. By default, it is not set.

      API name: max_empty_searches

    • query

      @Nullable public final Query query()
      The Elasticsearch query domain-specific language (DSL). This value corresponds to the query object in an Elasticsearch search POST body. All the options that are supported by Elasticsearch can be used, as this object is passed verbatim to Elasticsearch.

      API name: query

    • queryDelay

      @Nullable public final Time queryDelay()
      The number of seconds behind real time that data is queried. For example, if data from 10:04 a.m. might not be searchable in Elasticsearch until 10:06 a.m., set this property to 120 seconds. The default value is randomly selected between 60s and 120s. This randomness improves the query performance when there are multiple jobs running on the same node.

      API name: query_delay

    • runtimeMappings

      public final java.util.Map<java.lang.String,​java.util.List<RuntimeField>> runtimeMappings()
      Specifies runtime fields for the datafeed search.

      API name: runtime_mappings

    • scriptFields

      public final java.util.Map<java.lang.String,​ScriptField> scriptFields()
      Specifies scripts that evaluate custom expressions and returns script fields to the datafeed. The detector configuration objects in a job can contain functions that use these script fields.

      API name: script_fields

    • scrollSize

      @Nullable public final java.lang.Integer scrollSize()
      The size parameter that is used in Elasticsearch searches when the datafeed does not use aggregations. The maximum value is the value of index.max_result_window, which is 10,000 by default.

      API name: scroll_size

    • serialize

      public void serialize​(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper)
      Serialize this object to JSON.
      Specified by:
      serialize in interface JsonpSerializable

    • serializeInternal

      protected void serializeInternal​(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper)

    • setupPutDatafeedRequestDeserializer

      protected static void setupPutDatafeedRequestDeserializer​(ObjectDeserializer<PutDatafeedRequest.Builder> op)