anatoli
November 18, 2021, 10:08am
1
Please help me i am making detector with custom filter
Choose a subset of your data source to focus your data stream and reduce noisy data.
Use the visual editor to create a simple filter, or use the Elasticsearch query DSL to create more advanced filters.
{
“query”: {
“bool”: {
“must”: ,
“filter”: [
{
“bool”: {
“should”: [
{
“range”: {
“time_backend_response”: {
“gt”: 5000
}
}
}
],
“minimum_should_match”: 1
}
}
],
“should”: ,
“must_not”:
but still this gives not-right syntax
which syntax should be used here it is KQL query that working right in Discover query
Please help how to do this
ylwu
November 29, 2021, 6:28pm
2
This is an example
POST _plugins/_anomaly_detection/detectors
{
"name": "test",
"description": "Test detector",
"time_field": "timestamp",
"indices": [
"server_log"
],
"filter_query": {
"bool": {
"filter": [
{
"range": {
"value": {
"gte": 1
}
}
}
]
}
},
"detection_interval": {
"period": {
"interval": 1,
"unit": "Minutes"
}
},
"window_delay": {
"period": {
"interval": 1,
"unit": "Minutes"
}
},
"feature_attributes": [
{
"feature_name": "test",
"feature_enabled": true,
"aggregation_query": {
"test": {
"sum": {
"field": "value"
}
}
}
}
],
"result_index": "opensearch-ad-plugin-result-test"
}
1 Like