Skip to content

Instantly share code, notes, and snippets.

@richcollier

richcollier/ml_record_watch.json

Last active November 14, 2022 21:53
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save richcollier/1c2b8161286bdca6c553859f28d3d66d to your computer and use it in GitHub Desktop.
Save richcollier/1c2b8161286bdca6c553859f28d3d66d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ml_record_watch.json
#record farequote watch with link to Single Metric Viewer
POST _xpack/watcher/watch/_execute
{
"watch": {
"trigger": {
"schedule": {
"interval": "5m"
}
},
"metadata": {
"job_id": "farequote_responsetime",
"min_record_score": 90
},
"input": {
"search": {
"request": {
"indices": [
".ml-anomalies-*"
],
"body": {
"query": {
"bool": {
"filter": [
{
"range": {
"timestamp": {
"gte": "now-10m"
}
}
},
{
"term": {
"result_type": "record"
}
},
{
"term": {
"job_id": "{{ctx.metadata.job_id}}"
}
},
{
"range": {
"record_score": {
"gte": "{{ctx.metadata.min_record_score}}"
}
}
}
]
}
},
"script_fields": {
"start": {
"script": {
"lang": "painless",
"source": """
LocalDateTime.ofEpochSecond((doc["timestamp"].value.getMillis()-((doc["bucket_span"].value * 1000) * params.padding)) / 1000, 0, ZoneOffset.UTC).toString()+":00.000Z"
""",
"params": {
"padding": 10
}
}
},
"end": {
"script": {
"lang": "painless",
"source": """
LocalDateTime.ofEpochSecond((doc["timestamp"].value.getMillis()+((doc["bucket_span"].value * 1000) * params.padding)) / 1000, 0, ZoneOffset.UTC).toString()+":00.000Z"
""",
"params": {
"padding": 10
}
}
},
"timestamp_epoch": {
"script": {
"lang": "painless",
"source": """doc["timestamp"].value.getMillis()/1000"""
}
},
"timestamp_iso8601": {
"script": {
"lang": "painless",
"source": """doc["timestamp"].value"""
}
},
"split": {
"script": {
"lang": "painless",
"source": """doc["partition_field_value"]"""
}
},
"actual": {
"script": {
"lang": "painless",
"source": """Math.round(doc["actual"].value)"""
}
},
"typical": {
"script": {
"lang": "painless",
"source": """Math.round(doc["typical"].value)"""
}
},
"score": {
"script": {
"lang": "painless",
"source": """Math.round(doc["record_score"].value)"""
}
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gt": 0
}
}
},
"actions": {
"log": {
"transform": {
"script": """
return ctx.payload.hits.hits.stream()
.map(p -> [
'airline':p.fields.split.0,
'score':p.fields.score.0,
'actual':p.fields.actual.0,
'typical':p.fields.typical.0,
'timestamp':p.fields.timestamp_iso8601.0,
'start':p.fields.start.0,
'end':p.fields.end.0
])
.collect(Collectors.toList());
"""
},
"logging": {
"text": """
Anomalies:
==========
{{#ctx.payload._value}}
time={{timestamp}}
airline={{airline}}
score={{score}} (out of 100)
responsetime={{actual}}ms (typical={{typical}}ms)
link= http://localhost:5601/app/ml#/timeseriesexplorer/?_g=(ml:(jobIds:!({{ctx.metadata.job_id}})),refreshInterval:(display:Off,pause:!f,value:0),time:(from:'{{start}}',mode:absolute,to:'{{end}}'))&_a=(filters:!(),mlSelectInterval:(interval:(display:Auto,val:auto)),mlSelectSeverity:(threshold:(display:warning,val:0)),mlTimeSeriesExplorer:(detectorIndex:0,entities:(airline:{{airline}})),query:(query_string:(analyze_wildcard:!t,query:'*')))
{{/ctx.payload._value}}
"""
}
}
}
}
}
@richcollier
Copy link
Author

Example output:

Anomalies:
==========

time=2017-02-09T16:00:00.000Z 
airline=AAL 
score=99 (out of 100) 
responsetime=242ms (typical=100ms)
link= http://localhost:5601/app/ml#/timeseriesexplorer/?_g=(ml:(jobIds:!(farequote_responsetime)),refreshInterval:(display:Off,pause:!f,value:0),time:(from:'2017-02-09T13:30:00.000Z',mode:absolute,to:'2017-02-09T18:30:00.000Z'))&_a=(filters:!(),mlSelectInterval:(interval:(display:Auto,val:auto)),mlSelectSeverity:(threshold:(display:warning,val:0)),mlTimeSeriesExplorer:(detectorIndex:0,entities:(airline:AAL)),query:(query_string:(analyze_wildcard:!t,query:'*')))

time=2017-02-09T16:15:00.000Z 
airline=AAL 
score=97 (out of 100) 
responsetime=282ms (typical=100ms)
link= http://localhost:5601/app/ml#/timeseriesexplorer/?_g=(ml:(jobIds:!(farequote_responsetime)),refreshInterval:(display:Off,pause:!f,value:0),time:(from:'2017-02-09T13:45:00.000Z',mode:absolute,to:'2017-02-09T18:45:00.000Z'))&_a=(filters:!(),mlSelectInterval:(interval:(display:Auto,val:auto)),mlSelectSeverity:(threshold:(display:warning,val:0)),mlTimeSeriesExplorer:(detectorIndex:0,entities:(airline:AAL)),query:(query_string:(analyze_wildcard:!t,query:'*')))

@richcollier
Copy link
Author

If the minimum record score is changed to 5, then the results would be:

Anomalies:
==========
time=2017-02-09T16:00:00.000Z 
airline=AAL 
score=99 (out of 100) 
responsetime=242ms (typical=100ms)
link= http://localhost:5601/app/ml#/timeseriesexplorer/?_g=(ml:(jobIds:!(farequote_responsetime)),refreshInterval:(display:Off,pause:!f,value:0),time:(from:'2017-02-09T13:30:00.000Z',mode:absolute,to:'2017-02-09T18:30:00.000Z'))&_a=(filters:!(),mlSelectInterval:(interval:(display:Auto,val:auto)),mlSelectSeverity:(threshold:(display:warning,val:0)),mlTimeSeriesExplorer:(detectorIndex:0,entities:(airline:AAL)),query:(query_string:(analyze_wildcard:!t,query:'*')))
time=2017-02-09T16:15:00.000Z 
airline=AAL 
score=97 (out of 100) 
responsetime=282ms (typical=100ms)
link= http://localhost:5601/app/ml#/timeseriesexplorer/?_g=(ml:(jobIds:!(farequote_responsetime)),refreshInterval:(display:Off,pause:!f,value:0),time:(from:'2017-02-09T13:45:00.000Z',mode:absolute,to:'2017-02-09T18:45:00.000Z'))&_a=(filters:!(),mlSelectInterval:(interval:(display:Auto,val:auto)),mlSelectSeverity:(threshold:(display:warning,val:0)),mlTimeSeriesExplorer:(detectorIndex:0,entities:(airline:AAL)),query:(query_string:(analyze_wildcard:!t,query:'*')))
time=2017-02-09T01:15:00.000Z 
airline=AWE 
score=7 (out of 100) 
responsetime=19ms (typical=20ms)
link= http://localhost:5601/app/ml#/timeseriesexplorer/?_g=(ml:(jobIds:!(farequote_responsetime)),refreshInterval:(display:Off,pause:!f,value:0),time:(from:'2017-02-08T22:45:00.000Z',mode:absolute,to:'2017-02-09T03:45:00.000Z'))&_a=(filters:!(),mlSelectInterval:(interval:(display:Auto,val:auto)),mlSelectSeverity:(threshold:(display:warning,val:0)),mlTimeSeriesExplorer:(detectorIndex:0,entities:(airline:AWE)),query:(query_string:(analyze_wildcard:!t,query:'*')))

@slokeshwar
Copy link

slokeshwar commented Mar 2, 2021
edited

Hello Richcollier ,
I have and small doubt I need to fetch the Influenced By value also who can I get this value in the Output.(For your reference I am attaching the screen Shot also). I am eagerly waiting for your Reply.
Influncer

@richcollier
Copy link
Author

If you've created a job and declared influencers, and if those influencers show in the record results, you can just reference them by name. Look at the document for results_type:record in .ml-anomalies-* and you'll see what I mean. For example:

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment