Machine Learning >> Anomaly Detection >> Jobs
I am trying to come out with an ESQL query to consolidate all job messages that is non-info. warning or errors.
Example of message
Time Node Message
202X-XX-XX 16:24:32 instance-XXXXXX Datafeed has missed 12 documents due to ingest latency
However I am facing trouble finding the correct table to retrieve the message.
I have attempted to use the ".ml-anomalies*" index pattern but to no avail.
I can see the jobs but i cant locate the message fields. any advice?
Hello @Whoami1980
If you are looking for below messages :
Check for index .ml-notifications-*
Thanks!!
I tried with index .ml-notifications-*
it appears it only have the field "forecast_messages"
but it doesnt have the field "message" 
POST /_query?format=txt
{
"query": """
FROM .ml-anomalies*
| WHERE (job_id) == "pred_maint-firewall-deny-high-count"
AND message IN ("Datafeed stopped", "Job opened")
| LIMIT 10
"""
}
{
"error": {
"root_cause": [
{
"type": "verification_exception",
"reason": """Found 1 problem
line 4:9: Unknown column [message]"""
}
],
"type": "verification_exception",
"reason": """Found 1 problem
line 4:9: Unknown column [message]"""
},
"status": 400
}
Hello @Whoami1980
I see the index name is wrong & not the one which was suggested :
POST /_query?format=txt
{
"query": """
FROM .ml-notifications*
| WHERE (job_id) == "kibana-logs"
AND message IN ("Datafeed stopped", "Job opened")
| LIMIT 10
"""
}
I am not sure if for 8.19.x the field name is different in that case you can use that fieldname what is available in the index.
Thanks!!
noted. thanks. With the correct index name. i can see the data.
Now the issue how can i use the index name to find the correct data view.
I want to use the discover GUI to see what fields is available for me.
