From 9a751638a2aa9909de19a320274bb4a19a0fb9d3 Mon Sep 17 00:00:00 2001 From: Valeriy Khakhutskyy <1292899+valeriy42@users.noreply.github.com> Date: Fri, 28 Oct 2022 15:05:49 +0200 Subject: [PATCH 1/3] update documentation text --- .../anomaly-detection/apis/get-record.asciidoc | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/docs/reference/ml/anomaly-detection/apis/get-record.asciidoc b/docs/reference/ml/anomaly-detection/apis/get-record.asciidoc index c0d8da0dc4cdc..6cf35d78e57d6 100644 --- a/docs/reference/ml/anomaly-detection/apis/get-record.asciidoc +++ b/docs/reference/ml/anomaly-detection/apis/get-record.asciidoc @@ -113,7 +113,8 @@ initial anomaly score. [%collapsible%open] ==== `anomaly_characteristics_impact`:::: -(Optional, integer) Impact of the statistical properties of the detected anomalous interval. +(Optional, integer) Impact from the duration and magnitude of the detected anomaly +relative to the historical average. `anomaly_length`:::: (Optional, integer) Length of the detected anomaly in the number of buckets. @@ -122,19 +123,23 @@ initial anomaly score. (Optional, string) Type of the detected anomaly: spike or dip. `high_variance_penalty`:::: -(Optional, boolean) Indicates reduction of anomaly score for the bucket with large confidence intervals. +(Optional, boolean) Indicates reduction of anomaly score for the bucket with large +confidence intervals. If a bucket has large confidence intervals, the score is reduced. `incomplete_bucket_penalty`:::: -(Optional, boolean) Indicates reduction of anomaly score if the bucket contains fewer samples than historically expected. +(Optional, boolean) If the bucket contains fewer samples than expected, the score is +reduced. If the bucket contains fewer samples than expected, the score is reduced. `lower_confidence_bound`:::: (Optional, double) Lower bound of the 95% confidence interval. `multi_bucket_impact`:::: -(Optional, integer) Impact of the deviation between actual and typical in the past 12 buckets." +(Optional, integer) Impact of the deviation between actual and typical values in the +past 12 buckets. `single_bucket_impact`:::: -(Optional, integer) Impact of the deviation between actual and typical in the current bucket. +(Optional, integer) Impact of the deviation between actual and typical values in the +current bucket. `typical_value`:::: (Optional, double) Typical (expected) value for this bucket. @@ -161,7 +166,8 @@ This property contains an array of anomaly records that are the causes for the anomaly that has been identified for the over field. If no over fields exist, this field is not present. This sub-resource contains the most anomalous records for the `over_field_name`. For scalability reasons, a maximum of the 10 most -significant causes of the anomaly are returned. As part of the core analytical modeling, these low-level anomaly records are aggregated for their parent over +significant causes of the anomaly are returned. As part of the core analytical +modeling, these low-level anomaly records are aggregated for their parent over field record. The causes resource contains similar elements to the record resource, namely `actual`, `typical`, `geo_results.actual_point`, `geo_results.typical_point`, `*_field_name` and `*_field_value`. Probability and From a464b9841eeb22c7b0f2ca0f2ca7aca18f622d03 Mon Sep 17 00:00:00 2001 From: lcawl Date: Tue, 1 Nov 2022 11:48:08 -0700 Subject: [PATCH 2/3] [DOCS] Add missing role attributes --- docs/reference/ml/anomaly-detection/apis/get-record.asciidoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/reference/ml/anomaly-detection/apis/get-record.asciidoc b/docs/reference/ml/anomaly-detection/apis/get-record.asciidoc index 6cf35d78e57d6..648f95c5484f0 100644 --- a/docs/reference/ml/anomaly-detection/apis/get-record.asciidoc +++ b/docs/reference/ml/anomaly-detection/apis/get-record.asciidoc @@ -76,6 +76,7 @@ default, the records are sorted by the `record_score` value. (Optional, string) Returns records with timestamps after this time. Defaults to `-1`, which means it is unset and results are not limited to specific timestamps. +[role="child_attributes"] [[ml-get-record-request-body]] == {api-request-body-title} @@ -96,6 +97,7 @@ You can also specify the query parameters in the request body; the exception are to `100`. ==== +[role="child_attributes"] [[ml-get-record-results]] == {api-response-body-title} From 1b7063688f174bd3094ad4cb0132e784e8a22b9f Mon Sep 17 00:00:00 2001 From: lcawl Date: Tue, 1 Nov 2022 12:58:32 -0700 Subject: [PATCH 3/3] [DOCS] Fix alphabetical sorting of properties --- .../ml/anomaly-detection/apis/get-record.asciidoc | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/reference/ml/anomaly-detection/apis/get-record.asciidoc b/docs/reference/ml/anomaly-detection/apis/get-record.asciidoc index 648f95c5484f0..16c3c3705c19f 100644 --- a/docs/reference/ml/anomaly-detection/apis/get-record.asciidoc +++ b/docs/reference/ml/anomaly-detection/apis/get-record.asciidoc @@ -217,6 +217,12 @@ include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=is-interim] (string) include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=job-id-anomaly-detection] +`multi_bucket_impact`:: +(number) An indication of how strongly an anomaly is multi bucket or single +bucket. The value is on a scale of `-5.0` to `+5.0` where `-5.0` means the +anomaly is purely single bucket and `+5.0` means the anomaly is purely multi +bucket. + `over_field_name`:: (string) include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=over-field-name] @@ -237,12 +243,6 @@ include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=partition-field-name] of over 300 decimal places, so the `record_score` is provided as a human-readable and friendly interpretation of this. -`multi_bucket_impact`:: -(number) An indication of how strongly an anomaly is multi bucket or single -bucket. The value is on a scale of `-5.0` to `+5.0` where `-5.0` means the -anomaly is purely single bucket and `+5.0` means the anomaly is purely multi -bucket. - `record_score`:: (number) A normalized score between 0-100, which is based on the probability of the anomalousness of this record. Unlike `initial_record_score`, this value will