Detector field "mlcategory" is not an aggregatable field

Badger · July 31, 2018, 6:53pm

I create a job in 6.3.1, with categorization_field_name set to "message", and try to count by mlcategory. When I Validate Job I get the error message in the title. However, I am able to save and run the job. The job looks like this

{
  "job_id": "the-unusual-suspects",
  "description": "",
  "groups": [],
  "analysis_config": {
    "bucket_span": "15m",
    "influencers": [
      "beat.hostname.keyword"
    ],
    "detectors": [
      {
        "function": "count",
        "by_field_name": "mlcategory"
      }
    ],
    "categorization_field_name": "message"
  },
  "data_description": {
    "time_field": "@timestamp"
  },
  "datafeed_config": {
    "query": {
      "match_all": {}
    },
    "indices": [
      "logstash-production*"
    ],
    "types": []
  }
}

walterra · August 1, 2018, 11:10am

Thanks for reporting this. It's a known issue and will be fixed with the release of 6.4. (Here's the corresponding issue on github: https://github.com/elastic/kibana/issues/20867)

Topic		Replies	Views
Detector field "clientIP.keyword" is not an aggregatable field Elasticsearch elastic-stack-machine-learning	9	854	April 5, 2021
Detector field is not an aggregatable field Elasticsearch	1	296	November 11, 2020
ML doesn't track "array" type data using by_field_name individually Kibana elastic-stack-machine-learning	13	636	May 16, 2020
Anomaly Detection Categorization: Kibana not showing all ml category Kibana elastic-stack-machine-learning	7	399	May 20, 2022
ML Kibana: problem with an advanced job using partitionfield Kibana elastic-stack-machine-learning	18	1134	September 3, 2019

Detector field "mlcategory" is not an aggregatable field

Related topics