You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* Information about the factors impacting the initial anomaly score.
28
31
*/
29
32
anomaly_score_explanation?: AnomalyExplanation
33
+
/**
34
+
* The length of the bucket in seconds. This value matches the `bucket_span` that is specified in the job.
35
+
*/
30
36
bucket_span: DurationValue<UnitSeconds>
37
+
/**
38
+
* The field used to split the data. In particular, this property is used for analyzing the splits with respect to their own history. It is used for finding unusual values in the context of the split.
39
+
*/
31
40
by_field_name?: string
41
+
/**
42
+
* The value of `by_field_name`.
43
+
*/
32
44
by_field_value?: string
45
+
/**
46
+
* For population analysis, an over field must be specified in the detector. This property contains an array of anomaly records that are the causes for the anomaly that has been identified for the over field. This sub-resource contains the most anomalous records for the `over_field_name`. For scalability reasons, a maximum of the 10 most significant causes of the anomaly are returned. As part of the core analytical modeling, these low-level anomaly records are aggregated for their parent over field record. The `causes` resource contains similar elements to the record resource, namely `actual`, `typical`, `geo_results.actual_point`, `geo_results.typical_point`, `*_field_name` and `*_field_value`. Probability and scores are not applicable to causes.
47
+
*/
33
48
causes?: AnomalyCause[]
49
+
/**
50
+
* A unique identifier for the detector.
51
+
*/
34
52
detector_index: integer
53
+
/**
54
+
* Certain functions require a field to operate on, for example, `sum()`. For those functions, this value is the name of the field to be analyzed.
55
+
*/
35
56
field_name?: string
57
+
/**
58
+
* The function in which the anomaly occurs, as specified in the detector configuration. For example, `max`.
59
+
*/
36
60
function?: string
61
+
/**
62
+
* The description of the function in which the anomaly occurs, as specified in the detector configuration.
63
+
*/
37
64
function_description?: string
65
+
/**
66
+
* If influencers was specified in the detector configuration, this array contains influencers that contributed to or were to blame for an anomaly.
67
+
*/
38
68
influencers?: Influence[]
69
+
/**
70
+
* A normalized score between 0-100, which is based on the probability of the anomalousness of this record. This is the initial value that was calculated at the time the bucket was processed.
71
+
*/
39
72
initial_record_score: double
73
+
/**
74
+
* If true, this is an interim result. In other words, the results are calculated based on partial input data.
75
+
*/
40
76
is_interim: boolean
77
+
/**
78
+
* Identifier for the anomaly detection job.
79
+
*/
41
80
job_id: string
81
+
/**
82
+
* The field used to split the data. In particular, this property is used for analyzing the splits with respect to the history of all splits. It is used for finding unusual values in the population of all splits.
83
+
*/
42
84
over_field_name?: string
85
+
/**
86
+
* The value of `over_field_name`.
87
+
*/
43
88
over_field_value?: string
89
+
/**
90
+
* The field used to segment the analysis. When you use this property, you have completely independent baselines for each value of this field.
91
+
*/
44
92
partition_field_name?: string
93
+
/**
94
+
* The value of `partition_field_name`.
95
+
*/
45
96
partition_field_value?: string
97
+
/**
98
+
* The probability of the individual anomaly occurring, in the range 0 to 1. For example, `0.0000772031`. This value can be held to a high precision of over 300 decimal places, so the `record_score` is provided as a human-readable and friendly interpretation of this.
99
+
*/
46
100
probability: double
101
+
/**
102
+
* A normalized score between 0-100, which is based on the probability of the anomalousness of this record. Unlike `initial_record_score`, this value will be updated by a re-normalization process as new data is analyzed.
103
+
*/
47
104
record_score: double
105
+
/**
106
+
* Internal. This is always set to `record`.
107
+
*/
48
108
result_type: string
109
+
/**
110
+
* The start time of the bucket for which these results were calculated.
111
+
*/
49
112
timestamp: EpochTime<UnitMillis>
113
+
/**
114
+
* The typical value for the bucket, according to analytical modeling.
0 commit comments