I am using elastic search x-pack Anomalies detection ,Once an anomaly is detected, X-Pack machine learning features will give only time,severity,detectors etc. can we get Anomalies created documents list.
X-Pack Machine Learning will detect anomalies in the raw data and will make the results available in the .ml-anomalies-* indices. Machine Learning does not keep a copy of the documents from the raw data that were involved in the anomalies, as those documents will likely still be available in the index from which ML queried to do the analysis in the first place.
Just use the time frame of the anomaly to re-query the raw data from the original index. This is what the ML UI does when viewing an anomaly overlaid on a chart of the raw data.
If you'd like to improve the workflow from viewing the anomaly in the UI to link back to a view of the raw data (in another view such as Kibana Discover), then use the Custom URL feature of the ML job to link contextually to a new location.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.