Query for anomaly explorer visualization

ElasticLiver · April 21, 2021, 5:09am

Hi Im trying to emulate the anomaly explorer in a vega visualization, at first I think that a top hit agreggation will get me similar results, like this query:

POST /.ml-anomalies-*/_search
{
  "size": 0, 
  "aggs": {
    "top_score": {
      "top_hits": {
        "sort": [
          {
            "record_score": {
              "order": "desc"
            }
          }
        ],
        "_source": {
          "includes": [
            "actual",
            "typical",
            "partition_field_value",
            "record_score",
            "timestamp",
            "by_field"
          ]
        },
        "size": 10
      }
    }
  }
}

but after seeing this anomaly explorer for a job, I realize that is more than just a top hit aggregation

what will be the query to obtain similar results and display them in vega?

darnautov · April 28, 2021, 11:42am

Hey @ElasticLiver,

First, may I ask what elastic stack version you're using? Since 7.8 we provide the anomaly swim lane embeddable and since 7.9, you can attach to the dashboard directly from the Anomaly Explorer page.

If you still prefer to write a query manually, it depends on the anomaly results you are interested in. Is it the Overall swim lane, View by an influencer, or View by job id?

system · May 26, 2021, 11:42am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
ML increase top anomaly view Kibana	2	440	September 5, 2017
Vega and aggregations Kibana vega	2	892	December 18, 2018
Vega visualization Issue Kibana vega	3	113	May 1, 2024
Interested in visualizing the value inside doc using vega/vega-lite Elasticsearch	1	360	May 13, 2019
Vega Visualisation Trend indicator Kibana vega	2	549	June 10, 2021

Query for anomaly explorer visualization

Related topics